Pwning on Apple silicon

---

Consider the following scenario:

You really want to learn pwn but you can’t install gdb on your Apple silicon mac… Alright, surely you can just emulate an x86 system in Docker and run gdb there. You heard about Rosetta 2 and its debug server seems like the perfect solution.

You try it out and… find out Rosetta’s debug server has known issues in Docker.

Maybe qemu works better? You fire up gdb and are met with ptrace: Function not implemented.

Still want to pwn? Then keep reading!

We can combine Docker and Colima (short for Container Linux Machine) to create a perfect world where gdb works.

I created a Docker image specifically meant to be used for Pwn CTF challenges. It comes preinstalled with everything pwn related I could think of. It is inspired by Sigpwny’s pwn-docker, but uses colima, has many package upgrades, and uses zsh!

Getting Started

Pls star 🤩 the github repository.

I’ll walk through the README.md here.

Prerequesites

You need to install Docker and Colima. Both can be done using Homebrew.

brew install docker
brew install colima

Next, clone the github repository.

git clone https://github.com/CygnusX-26/pwn.git
cd pwn

Start colima with

./start-colima.sh

This should create a new Docker context called colima-x64

You need to use this docker context for everything to work properly. Check which context you are using with docker context ls, and switch to colima with docker context use colima-x64. You can always switch back if you no longer want to use the colima context.

Start the docker container with

./start.sh

This will pull the cygnusx26/pwn docker image from Dockerhub.

The script will ask if you would like to mount a directory to /ctf inside the container. You might want this for easy file access, or to use your favorite GUI text editor to write a script, then run it inside the container.

Once the Docker container is running, there will be an open ssh port at localhost:2222.

You can connect to the Docker container with

./connect.sh

This should leave you inside the container.

pwndbg, tmux, and pwntools all come preinstalled in this image.

Have fun pwning!

This project is a WIP, but currently should be working. Many things are subject to change, and contributions are welcome!