Lots of commands in GDB's protocol use hex-encoded data. A $ starts a packet, and all packets end with # followed by a one-byte, hex-encoded checksum.
Let's look at the protocol for the request:
remote get /proc/self/cmdline ./cmdline
Which should fetch /proc/self/cmdline and dump it to ./cmdline. It does!
$ phd cmdline
| #if 0 | |
| .PHONY: run | |
| run: a.out | |
| @./a.out | |
| a.out: $(MAKEFILE_LIST) | |
| @gcc -xc $(MAKEFILE_LIST) | |
| ifeq (0, 1) | |
| #endif |
| /* | |
| Written By Pan ZhenPeng(@peterpan980927) of Alibaba Security Pandora Lab | |
| use it on macOS: cc poc.c -o poc while True; do ./poc ; done | |
| */ | |
| #include <errno.h> | |
| #include <signal.h> | |
| #include <fcntl.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> |