search

SsageParuders / AndroidPtraceInject

Android Ptrace Inject for all ABIs and all APIs. Help you inject Shared Library on Android.
MIT License
170 stars 66 forks source link

Just asking #3

Open MikaCybertron opened 1 year ago

MikaCybertron commented 1 year ago

Does it works on Android Emulator such as LDPlayer and Nox??

SsageParuders commented 1 year ago

In my last tested for LDPlayer and Nox on Windows.

My Injecter had supprot for LDPlayer x86. But it failed for LDPlayer x86_64.(Haven't be supproted,will do it in future)

In theory,my injecter must work fine on Nox x86, but I don't know why it was failed. Also don't supprot for Nox x86_64 now.

I was busy those days. But I will update this Injecter in future, will support for x86_64.

Finally, if you want to inject a shared library on Android Emulator. You must need to take care ,when process just have arm shared libraries , don't inject a x86 or x86_64 shared library to it.

MikaCybertron commented 1 year ago

ok

AnsaryTanvir commented 1 year ago

Hi! Hope you are doing well.

Can you help me with hooking java api call in Android, from an injected Shared Library?

It's easy for us to hook a native function after injection by using the function address/offset.

But I have no clear idea how to hook java api calls.

For simplicity, I just want to hook the basic Android api calls made from java such as the method "getString()" under the class "Settings$Secure".

I will be looking forward to hearing from you.

On Tue, Aug 23, 2022, 3:52 PM SsageParuders @.***> wrote:

In my last tested for LDPlayer and Nox on Windows.

My Injecter had supprot for LDPlayer x86. But it failed for LDPlayer x86_64.(Haven't be supproted,will do it in future)

In theory,my injecter must work fine on Nox x86, but I don't know why it was failed. Also don't supprot for Nox x86_64 now.

I was busy those days. But I will update this Injecter in future, will support for x86_64.

Finally, if you want to inject a shared library on Android Emulator. You must need to take care ,when process just have arm shared libraries , don't inject a x86 or x86_64 shared library to it.

— Reply to this email directly, view it on GitHub https://github.com/SsageParuders/AndroidPtraceInject/issues/3#issuecomment-1223834018, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2HCHV26J4HJMVEQ7NSNG6TV2SNMNANCNFSM57J67KMA . You are receiving this because you are subscribed to this thread.Message ID: @.***>

SsageParuders commented 1 year ago

Hi! Hope you are doing well. Can you help me with hooking java api call in Android, from an injected Shared Library? It's easy for us to hook a native function after injection by using the function address/offset. But I have no clear idea how to hook java api calls. For simplicity, I just want to hook the basic Android api calls made from java such as the method "getString()" under the class "Settings$Secure". I will be looking forward to hearing from you. On Tue, Aug 23, 2022, 3:52 PM SsageParuders @.> wrote: In my last tested for LDPlayer and Nox on Windows. ------------------------------ My Injecter had supprot for LDPlayer x86. But it failed for LDPlayer x86_64.(Haven't be supproted,will do it in future) ------------------------------ In theory,my injecter must work fine on Nox x86, but I don't know why it was failed. Also don't supprot for Nox x86_64 now. ------------------------------ I was busy those days. But I will update this Injecter in future, will support for x86_64. ------------------------------ Finally, if you want to inject a shared library on Android Emulator. You must need to take care ,when process just have arm shared libraries , don't inject a x86 or x86_64 shared library to it. — Reply to this email directly, view it on GitHub <#3 (comment)>, or unsubscribe https://github.com/notifications/unsubscribe-auth/A2HCHV26J4HJMVEQ7NSNG6TV2SNMNANCNFSM57J67KMA . You are receiving this because you are subscribed to this thread.Message ID: @.>

Bro, we can't hook a Java API by inject a native shared library.

Maybe you need to learn some Java Hook frames like LSPosed

AnsaryTanvir commented 1 year ago

Failed to inject arm library in arm-only application in Emulator.

The inject framework work smoothly on Android device. But when I try to inject a library in LD Player Emulator, it fails! The target application was a 32-bit arm application & I tried injecting a 32-bit arm payload.

[+] libc_path is /system/lib/libc.so [+] linker_path is /system/bin/linker [+] libdl_path is /system/lib/libdl.so [+] system libs is OK [-] selinux_mnt is nullptr [+] Start Inject [+] lib_path is /data/local/libpayload.so [+] handle_parameter is OK [+] SELinux is Permissive or Disabled [+] attach porcess success, pid:3185 [-] Get Regs error, pid:3185, err:Device or resource busy [+] detach process success, pid:3185 [-] Inject Failed

So the problem is with ptrace(PTRACE_GETREGS, pid, NULL, regs)

image_2022-09-17_20-34-36

MikaCybertron commented 1 year ago

Failed to inject arm library in arm-only application in Emulator.

The inject framework work smoothly on Android device. But when I try to inject a library in LD Player Emulator, it fails! The target application was a 32-bit arm application & I tried injecting a 32-bit arm payload.

[+] libc_path is /system/lib/libc.so [+] linker_path is /system/bin/linker [+] libdl_path is /system/lib/libdl.so [+] system libs is OK [-] selinux_mnt is nullptr [+] Start Inject [+] lib_path is /data/local/libpayload.so [+] handle_parameter is OK [+] SELinux is Permissive or Disabled [+] attach porcess success, pid:3185 [-] Get Regs error, pid:3185, err:Device or resource busy [+] detach process success, pid:3185 [-] Inject Failed

So the problem is with ptrace(PTRACE_GETREGS, pid, NULL, regs)

image_2022-09-17_20-34-36

it is because most Emulator 32-bit is based on x86, so you should inject with abi x86 not armv7, but you can try with 64-bit Emulator