Stager shellcode generation fails on Kali VM on Apple Silicon (ARM) Mac

[j-mie]

Describe the bug
Running stage-listener with a TCP url on a Apple Mac creates a TCP listener which servers no shellcode.

INFO[2024-06-03T17:52:36+01:00] [sliver/server/certs/certs.go:140] Generating TLS certificate (ECC) for 'QUIET_WINNER' ... 
INFO[2024-06-03T17:52:36+01:00] [sliver/server/certs/certs.go:65] Saving certificate for cn = 'QUIET_WINNER' 
INFO[2024-06-03T17:52:36+01:00] [sliver/server/configs/server.go:155] Saving config to /root/.sliver/configs/server.json 
INFO[2024-06-03T17:52:36+01:00] [sliver/server/gogo/go.go:162] go cmd: '/root/.sliver/go/bin/go tool dist list' 
INFO[2024-06-03T17:52:36+01:00] [sliver/server/assets/assets-helpers.go:276] Creating GOPATH directory: /root/.sliver/slivers/windows/amd64/QUIET_WINNER/src 
WARN[2024-06-03T17:52:36+01:00] [sliver/server/generate/canaries.go:71] No parent domains 
WARN[2024-06-03T17:52:36+01:00] [sliver/server/generate/canaries.go:71] No parent domains 
INFO[2024-06-03T17:52:36+01:00] [sliver/server/generate/binaries.go:553] Rendering native encoder assets ... 
INFO[2024-06-03T17:52:36+01:00] [sliver/server/generate/binaries.go:561] Embed english dictionary (4.9 KiB, 3.2 KiB compressed) 
INFO[2024-06-03T17:52:36+01:00] [sliver/server/generate/binaries.go:489] Rendering go.mod file ... 
INFO[2024-06-03T17:52:36+01:00] [sliver/server/gogo/go.go:162] go cmd: '/root/.sliver/go/bin/go tool dist list' 
INFO[2024-06-03T17:52:36+01:00] [sliver/server/gogo/go.go:162] go cmd: '/root/.sliver/go/bin/go tool dist list' 
INFO[2024-06-03T17:52:36+01:00] [sliver/server/gogo/go.go:123] garble cmd: '/root/.sliver/go/bin/garble -seed=random -literals -tiny build -trimpath -ldflags  -H=windowsgui -buildmode=pie -o /root/.sliver/slivers/windows/amd64/QUIET_WINNER/bin/QUIET_WINNER.bin .' 



INFO[2024-06-03T17:52:44+01:00] [sliver/server/generate/implants.go:141] f0b4b042-6545-48ab-b986-dded71153bf6 -> QUIET_WINNER 
INFO[2024-06-03T17:52:44+01:00] [github.com/grpc-ecosystem/[email protected]/logging/logrus/options.go:220] finished unary call with code OK 
INFO[2024-06-03T17:52:44+01:00] [sliver/server/rpc/rpc-shellcode.go:37] [rpc] Shellcode encoder request for: SHIKATA_GA_NAI 
INFO[2024-06-03T17:52:44+01:00] [sliver/server/sgn/sgn.go:93] [sgn] EncodeShellcode: 22837336 bytes 
INFO[2024-06-03T17:52:44+01:00] [sliver/server/sgn/sgn.go:199] [sgn] input file: /tmp/sgn11946290 
INFO[2024-06-03T17:52:44+01:00] [sliver/server/sgn/sgn.go:77] sgn cmd: '/root/.sliver/go/bin/sgn -a 64 -c 1 -max 20 -o /tmp/sgn3696634141 /tmp/sgn11946290' 
INFO[2024-06-03T17:52:44+01:00] [sliver/server/sgn/sgn.go:80] --- env ---    
INFO[2024-06-03T17:52:44+01:00] [sliver/server/sgn/sgn.go:82] PATH=/root/.sliver/go/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin 
INFO[2024-06-03T17:52:44+01:00] [sliver/server/sgn/sgn.go:84] --- stdout ---
       __   _ __        __                               _ 
  ___ / /  (_) /_____ _/ /____ _  ___ ____ _  ___  ___ _(_)
 (_-</ _ \/ /  '_/ _ `/ __/ _ `/ / _ `/ _ `/ / _ \/ _ `/ / 
/___/_//_/_/_/\_\\_,_/\__/\_,_/  \_, /\_,_/ /_//_/\_,_/_/  
========[Author:-Ege-Balcı-]====/___/=======v2.0.0=========  
    ┻━┻ ︵ヽ(`Д´)ﾉ︵ ┻━┻           (ノ ゜Д゜)ノ ︵ 仕方がない

|  
INFO[2024-06-03T17:52:44+01:00] [sliver/server/sgn/sgn.go:85] --- stderr ---
2024/06/03 17:52:44 [MAIN] ERROR: random garbage instruction assembly failed
 
INFO[2024-06-03T17:52:44+01:00] [sliver/server/sgn/sgn.go:86] exit status 1  
ERRO[2024-06-03T17:52:44+01:00] [sliver/server/sgn/sgn.go:130] exit status 1 
INFO[2024-06-03T17:52:44+01:00] [sliver/server/rpc/rpc-shellcode.go:46] [rpc] Successfully encoded shellcode (0 bytes) 
INFO[2024-06-03T17:52:44+01:00] [github.com/grpc-ecosystem/[email protected]/logging/logrus/options.go:220] finished unary call with code OK 
INFO[2024-06-03T17:52:44+01:00] [sliver/server/rpc/rpc-generate.go:241] Saving new profile with name "win-shellcode" 
INFO[2024-06-03T17:52:44+01:00] [github.com/grpc-ecosystem/[email protected]/logging/logrus/options.go:220] finished unary call with code OK 
INFO[2024-06-03T17:52:44+01:00] [sliver/server/c2/tcp-stager.go:34] Starting Raw TCP listener on 0.0.0.0:9000 
INFO[2024-06-03T17:52:44+01:00] [github.com/grpc-ecosystem/[email protected]/logging/logrus/options.go:220] finished unary call with code OK 

To Reproduce
Steps to reproduce the behavior:

1. profiles new --mtls 10.10.14.40:443 --format shellcode win-shellcode
2. stage-listener --url tcp://10.10.14.40:9000 --profile win-shellcode
3. nc 10.10.14.40 9000 | wc -l

Expected behavior
Ideally it shouldn't error, but the fact that there's no sign that this has failed in the client until you connect to the stager and receive no output is a little confusing

Desktop (please complete the following information):

• OS: Kali
• Version 2024.1
• Arch aarch64
• Commit 6f4a150

[j-mie]

Strangely pulling down the latest version of https://github.com/moloch--/sgn and compiling from source works fine (copying the file from go build -ldflags="-extldflags=-static" to the Sliver .sliver/go/bin/sgn path works fine) - I wonder if it's a keystone issue

[moloch--]

That is weird, thanks for running it down I can probably just push out a new build.