Challenge, Easy,  on  Linux

Run an ARM64 Binary on an AMD64 Machine Using QEMU Emulation

In this challenge, you'll learn how to run an arm64 binary on an amd64 machine using Linux's binfmt_misc mechanism and QEMU user-space emulation.

The binary

A pre-built arm64 binary has been placed at ~/simple-server. It's a simple HTTP server that listens on port 8080. Inspecting it should show that it's an ARM64 (aarch64) ELF binary:

file ~/simple-server

Try running it:

~/simple-server

You should see an error like this:

cannot execute binary file: Exec format error

This challenge's machine uses an amd64 (x86_64) CPU, and the kernel doesn't know how to execute arm64 instructions natively.

How Linux runs "foreign" binaries

Linux has a kernel feature called binfmt_misc that lets you register custom interpreters for arbitrary executable formats. When the kernel is asked to execute a binary, it checks the file's magic bytes (the first few bytes of the file that identify its format) against a list of registered handlers. If a match is found, the kernel delegates execution to the registered interpreter instead of trying to run the binary directly.

QEMU is an open-source emulator and virtualizer. The most widely known QEMU use case is to run virtual machines, but it can also be used to run individual Linux binaries compiled for foreign architectures using its user-space emulation mode.

When QEMU user-space emulation is registered with binfmt_misc for the aarch64 architecture, any attempt to execute an arm64 ELF binary will be transparently intercepted by the kernel and forwarded to QEMU.

The task

  1. Install QEMU user-space emulation for the arm64 architecture on this machine.
  2. Execute the ~/simple-server binary.
  3. Find the PID of the process listening on port 8080.
  4. Identify the actual program (executable path) behind the process you identified in step 3.
Hint 1

On Ubuntu, QEMU user-space emulation can be installed from the standard package repositories. Look for a package that provides static QEMU binaries and automatically registers them with binfmt_misc.

After installation, check if the registration was successful:

ls /proc/sys/fs/binfmt_misc/qemu-aarch64
Hint 2

Once QEMU user-space emulation is registered, starting the simple-server binary should be no different from starting any other binary.

Now, let's understand what's happening under the hood:

Hint 3

For a refresher on how to find the PID of a process listening on a specific port, check out the Classic Sysadmin Task: Which Process Is Listening on a Port challenge.

What is the actual executable behind the process you identified above?

Hint 4

Every running process has a symbolic link at /proc/<PID>/exe that points to the actual executable file on disk. You can resolve it with:

readlink /proc/<PID>/exe

How to Author Challenges on iximiuz Labs

Instead of providing a subpar online editing experience, iximiuz Labs offers a helper CLI tool called labctl, allowing you to use your favorite text editor (or a full-featured IDE) to write content from the comfort of your local machine.

Install labctl CLI

curl -sf https://labs.iximiuz.com/cli/install.sh | sh

This will download and install the latest version of the labctl CLI. You only need to do this once per workstation.

Authorize labctl

labctl auth login

This will open a browser window asking you to authorize labctl to access your account. You need to do it after a fresh install of labctl and repeat it whenever the auth session expires.

Pull challenge content

labctl content pull challenge linux-run-arm64-binary-with-qemu

This will create a local copy of the challenge content in a directory named linux-run-arm64-binary-with-qemu. You only need to do this once per challenge.

Stream your changes

labctl content push -fw challenge linux-run-arm64-binary-with-qemu

Run this command in a separate terminal to continuously upload your changes to the server while editing the challenge in your favorite text editor or IDE.

You can also use labctl to create, list, and delete your content. Learn more about the available commands: labctl content --help

Start challenge