I'm hooking a binary (aarch64) and I want to rewrite branch instructions to branch to specific addresses. I'm using Radare2 for rewriting branches. But it says 'cannot assemble...' whenever the target address of branching is before the current instruction address. Also it cannot assemble 'b.gt ...'
Even when I tried to edit the instruction with the same opcode using (wa)it gives the same error (cannot assemble), but if I tried using (wx) copied the hexadecimal instruction then it works! .Also It works correctly (using wa) for other instructions like (mov)
$ r2 -A -w -b64 dummy
...
0x0040064c f3ffff17 b 0x400618
...
;-- branch:
0x00400588 e007bfa9 stp x0, x1, [sp, -0x10]!
...
[0x0040064c]> wa bl 0x400588
Cannot assemble 'bl 0x400588' at line 3
[0x0040064c]> wa b 0x400618
Cannot assemble 'b 0x400618' at line 3
[0x0040064c]> wx f3ffff17
[0x0040064c]> wa bl loc.branch
Cannot assemble 'bl loc.branch' at line 3
The instruction at 0x0040064c should be
bl 0x00400588
It was not supported by radare2 for arm64. Now backward branching issue is fixed in radare2.