Android crackme2 crashes on Android 8 oreo

[madushan1000]

App never starts properly. It's stuck in a white screen and looks like in a loop of crashing and respawning. These logs occur over and over in logcat.

01-17 19:31:42.170  1265  2948 D EmbryoManager: prepare sg.vantagepoint.uncrackable2 user 0
01-17 19:31:42.170  1265  2948 I ActivityManager: Process sg.vantagepoint.uncrackable2 (pid 7519) has died: fore TOP
01-17 19:31:42.170  1265  2948 D ActivityManager: Process sg.vantagepoint.uncrackable2 has 0 services
01-17 19:31:42.172  1265  1433 D RestartProcessManager: Update Total Launch Times :sg.vantagepoint.uncrackable2
01-17 19:31:42.172  1265  1433 D RestartProcessManager: updateSelf :  sg.vantagepoint.uncrackable2, size : 7
01-17 19:31:42.172  1265  1433 D RestartProcessManager: Last Running Package : sg.vantagepoint.uncrackable2 , start time 1516197702172
01-17 19:31:42.183  1265  2948 I ActivityManager: Start proc 7551:sg.vantagepoint.uncrackable2/u0a268 for activity sg.vantagepoint.uncrackable2/.MainActivity
01-17 19:31:42.183   569   569 E ANDR-PERF-MPCTL: hint lookup failed
01-17 19:31:42.183  1265  2948 E ANDR-PERF-JNI: com_qualcomm_qtiperformance_native_perf_io_prefetch_start
01-17 19:31:42.185  1265  2948 E ANDR-PERF-JNI: gIOPHAl initialized
01-17 19:31:42.185  1265  2948 E ANDR-PERF-JNI: gIOPHAl calling iopstart
01-17 19:31:42.185   568   568 E ANDR-IOP: IOP HAL: Received pkg_name = sg.vantagepoint.uncrackable2 pid = 7551
01-17 19:31:42.185   568   628 E ANDR-IOP: io prefetch Capture is deactivated
01-17 19:31:42.246  7568  7568 W Zygote  : child_detach_binder close binder
01-17 19:31:42.250  7568  7568 E JavaBinder: Unknown binder error code. 0xfffffff3
01-17 19:31:42.251  7568  7568 D AndroidRuntime: Shutting down VM
01-17 19:31:42.252  7568  7568 E AndroidRuntime: FATAL EXCEPTION: main
01-17 19:31:42.252  7568  7568 E AndroidRuntime: Process: sg.vantagepoint.uncrackable2, PID: 7568
01-17 19:31:42.252  7568  7568 E AndroidRuntime: java.lang.RuntimeException: Unable to start activity ComponentInfo{sg.vantagepoint.uncrackable2/sg.vantagepoint.uncrackable2.MainActivity}: java.lang.RuntimeException: android.os.RemoteException: Unknown binder error code. 0xfffffff3
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2946)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.app.ActivityThread.handleLaunchActivity(ActivityThread.java:3046)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.app.ActivityThread.-wrap11(Unknown Source:0)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.app.ActivityThread$H.handleMessage(ActivityThread.java:1688)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.os.Handler.dispatchMessage(Handler.java:105)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.os.Looper.loop(Looper.java:164)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.app.ActivityThread.main(ActivityThread.java:6809)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at java.lang.reflect.Method.invoke(Native Method)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at com.android.internal.os.Zygote$MethodAndArgsCaller.run(Zygote.java:240)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:767)
01-17 19:31:42.252  7568  7568 E AndroidRuntime: Caused by: java.lang.RuntimeException: android.os.RemoteException: Unknown binder error code. 0xfffffff3
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.hardware.display.DisplayManagerGlobal.getDisplayInfo(DisplayManagerGlobal.java:136)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.view.Display.updateDisplayInfoLocked(Display.java:1024)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.view.Display.getRealSize(Display.java:958)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.view.ViewConfiguration.<init>(ViewConfiguration.java:365)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.view.ViewConfiguration.get(ViewConfiguration.java:436)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.view.View.<init>(View.java:4561)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.view.View.<init>(View.java:4694)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.view.ViewGroup.<init>(ViewGroup.java:597)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.view.ViewGroup.<init>(ViewGroup.java:593)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.view.ViewGroup.<init>(ViewGroup.java:589)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.view.ViewGroup.<init>(ViewGroup.java:585)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.widget.FrameLayout.<init>(FrameLayout.java:78)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at com.android.internal.policy.DecorView.<init>(DecorView.java:263)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at com.android.internal.policy.PhoneWindow.generateDecor(PhoneWindow.java:2343)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at com.android.internal.policy.PhoneWindow.installDecor(PhoneWindow.java:2698)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at com.android.internal.policy.PhoneWindow.setContentView(PhoneWindow.java:419)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at com.android.internal.app.AlertController.installContent(AlertController.java:257)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.app.AlertDialog.onCreate(AlertDialog.java:425)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.app.Dialog.dispatchOnCreate(Dialog.java:403)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.app.Dialog.show(Dialog.java:302)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at sg.vantagepoint.uncrackable2.MainActivity.a(Unknown Source:32)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at sg.vantagepoint.uncrackable2.MainActivity.onCreate(Unknown Source:24)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.app.Activity.performCreate(Activity.java:6998)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.app.Instrumentation.callActivityOnCreate(Instrumentation.java:1230)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.app.ActivityThread.performLaunchActivity(ActivityThread.java:2899)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    ... 9 more
01-17 19:31:42.252  7568  7568 E AndroidRuntime: Caused by: android.os.RemoteException: Unknown binder error code. 0xfffffff3
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.os.BinderProxy.transactNative(Native Method)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.os.BinderProxy.transact(Binder.java:787)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.hardware.display.IDisplayManager$Stub$Proxy.getDisplayInfo(IDisplayManager.java:267)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    at android.hardware.display.DisplayManagerGlobal.getDisplayInfo(DisplayManagerGlobal.java:120)
01-17 19:31:42.252  7568  7568 E AndroidRuntime:    ... 33 more
01-17 19:31:42.253  7568  7568 D AppTracker: App Event: crash
01-17 19:31:42.254  7568  7568 E JavaBinder: Unknown binder error code. 0xfffffff3
01-17 19:31:42.255  7568  7568 W AppTracker: onEvent RuntimeException:
01-17 19:31:42.255  7568  7568 W AppTracker: java.lang.RuntimeException: android.os.RemoteException: Unknown binder error code. 0xfffffff3
01-17 19:31:42.255  7568  7568 W AppTracker:    at android.app.ActivityManager.getRunningAppProcesses(ActivityManager.java:3690)
01-17 19:31:42.255  7568  7568 W AppTracker:    at net.oneplus.odm.common.Util.getUid(Util.java:111)
01-17 19:31:42.255  7568  7568 W AppTracker:    at net.oneplus.odm.insight.tracker.TrackData$AppBuilder.<init>(TrackData.java:97)
01-17 19:31:42.255  7568  7568 W AppTracker:    at net.oneplus.odm.insight.tracker.AppTracker.onEvent(AppTracker.java:80)
01-17 19:31:42.255  7568  7568 W AppTracker:    at com.android.internal.os.RuntimeInit$KillApplicationHandler.uncaughtException(RuntimeInit.java:141)
01-17 19:31:42.255  7568  7568 W AppTracker:    at java.lang.ThreadGroup.uncaughtException(ThreadGroup.java:1068)
01-17 19:31:42.255  7568  7568 W AppTracker:    at java.lang.ThreadGroup.uncaughtException(ThreadGroup.java:1063)
01-17 19:31:42.255  7568  7568 W AppTracker:    at java.lang.Thread.dispatchUncaughtException(Thread.java:1953)
01-17 19:31:42.255  7568  7568 W AppTracker: Caused by: android.os.RemoteException: Unknown binder error code. 0xfffffff3
01-17 19:31:42.255  7568  7568 W AppTracker:    at android.os.BinderProxy.transactNative(Native Method)
01-17 19:31:42.255  7568  7568 W AppTracker:    at android.os.BinderProxy.transact(Binder.java:787)
01-17 19:31:42.255  7568  7568 W AppTracker:    at android.app.IActivityManager$Stub$Proxy.getRunningAppProcesses(IActivityManager.java:6207)
01-17 19:31:42.255  7568  7568 W AppTracker:    at android.app.ActivityManager.getRunningAppProcesses(ActivityManager.java:3688)
01-17 19:31:42.255  7568  7568 W AppTracker:    ... 7 more
01-17 19:31:42.256  7568  7568 E JavaBinder: Unknown binder error code. 0xfffffff3
01-17 19:31:42.257  7568  7568 E AndroidRuntime: Error reporting crash
01-17 19:31:42.257  7568  7568 E AndroidRuntime: android.os.RemoteException: Unknown binder error code. 0xfffffff3
01-17 19:31:42.257  7568  7568 E AndroidRuntime:    at android.os.BinderProxy.transactNative(Native Method)
01-17 19:31:42.257  7568  7568 E AndroidRuntime:    at android.os.BinderProxy.transact(Binder.java:787)
01-17 19:31:42.257  7568  7568 E AndroidRuntime:    at android.app.IActivityManager$Stub$Proxy.handleApplicationCrash(IActivityManager.java:4573)
01-17 19:31:42.257  7568  7568 E AndroidRuntime:    at com.android.internal.os.RuntimeInit$KillApplicationHandler.uncaughtException(RuntimeInit.java:174)
01-17 19:31:42.257  7568  7568 E AndroidRuntime:    at java.lang.ThreadGroup.uncaughtException(ThreadGroup.java:1068)
01-17 19:31:42.257  7568  7568 E AndroidRuntime:    at java.lang.ThreadGroup.uncaughtException(ThreadGroup.java:1063)
01-17 19:31:42.257  7568  7568 E AndroidRuntime:    at java.lang.Thread.dispatchUncaughtException(Thread.java:1953)
01-17 19:31:42.257  7568  7568 I Process : Sending signal. PID: 7568 SIG: 9

[madushan1000]

Level3 app crashes too this is from the tombstone.

Revision: '0'
ABI: 'arm64'
pid: 13516, tid: 13537, name: nt.uncrackable3  >>> sg.vantagepoint.uncrackable3
<<<
signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------

[muellerberndt]

Thanks for the bug report @madushan1000!

I am not maintaining the crackmes anymore due to lack of time and since I have left the MSTG project. That said, I have set the repo to public, in case anyone (maybe you?) wants to upgrade them to work on Oreo. It would be highly appreciated!

[madushan1000]

I don't really have that much experience in android development but this might be due to the new library name scoping rules enforced in oreo (we dealt with something similar while diagnosing an issue with frida). If it is, it should be fairly easy to fix. I'll try to work out a fix and send you a PR if succeed. (might spoil the crackmes for me though :()

[muellerberndt]

That's awesome! Sorry for the spoilers :/

[commjoen]

Any news on this @madushan1000 ?

[commjoen]

Hello @madushan1000 & @sushi2k & @TheDauntless can you you please check https://github.com/OWASP/owasp-mstg/pull/984 ? It should work now.

[TheDauntless]

I successfully ran both level1 and level2 on my 8.0.0 device.

[commjoen]

Thanks! Great news!

[commjoen]

Hello @madushan1000 & @sushi2k & @TheDauntless can you you please check #987 ? This should be the final pr in which crackme 3 should run again as well.