Open wwwtete opened 3 years ago
在对使用类似 360加固之类的 apk使用 Xpatch 二次打包时,安装运行后会崩溃,看日志是崩溃在了 Native 层,应该是 Native 层对文件做了 MD5 校验之类的操作的,请问大神对这个有什么思路吗?使用 Frida 是不是可以解决这个问题? 这是崩溃的日志: --------- beginning of system 2021-05-15 16:47:21.968 12590-14803/? A/libc: stack corruption detected (-fstack-protector) 2021-05-15 16:47:21.968 12590-14803/? A/libc: stack corruption detected (-fstack-protector) 2021-05-15 16:47:21.968 12590-14869/? A/libc: stack corruption detected (-fstack-protector) 2021-05-15 16:47:21.968 12590-14869/? A/libc: stack corruption detected (-fstack-protector) 2021-05-15 16:47:21.968 12590-14869/? A/libc: Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 14869 (KY_WiseAPMSDK-A), pid 12590 (n.xxx.test) 2021-05-15 16:47:22.074 14880-14880/? A/DEBUG: 2021-05-15 16:47:22.074 14880-14880/? A/DEBUG: Build fingerprint: 'HUAWEI/OCE-AN10/HWOCE-L:10/HUAWEIOCE-AN10/11.0.0.170C00:user/release-keys' 2021-05-15 16:47:22.074 14880-14880/? A/DEBUG: Revision: '0' 2021-05-15 16:47:22.074 14880-14880/? A/DEBUG: ABI: 'arm' 2021-05-15 16:47:22.075 14880-14880/? A/DEBUG: SYSVMTYPE: Maple APPVMTYPE: Art 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: Timestamp: 2021-05-15 16:47:22+0800 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: pid: 12590, tid: 14869, name: KY_WiseAPMSDK-A >>> com.xxx.test <<< 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: uid: 10250 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr -------- 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: Abort message: 'stack corruption detected (-fstack-protector)' 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: r0 00000000 r1 00003a15 r2 00000006 r3 a2288640 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: r4 a2288654 r5 a2288638 r6 0000312e r7 0000016b 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: r8 a2288650 r9 a2288640 r10 a2288670 r11 a2288660 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: ip 00003a15 sp a2288610 lr ea8214f7 pc ea82150a 2021-05-15 16:47:22.078 14880-14880/? A/DEBUG: backtrace: 2021-05-15 16:47:22.078 14880-14880/? A/DEBUG: #00 pc 0005450a /apex/com.android.runtime/lib/bionic/libc.so (abort+166) (BuildId: bae1b077aa2a5eee78eac369d5f3e306) 2021-05-15 16:47:22.078 14880-14880/? A/DEBUG: #01 pc 0008beef /apex/com.android.runtime/lib/bionic/libc.so!libc.so (offset 0x8b000) (__stack_chk_fail+10) (BuildId: bae1b077aa2a5eee78eac369d5f3e306) 2021-05-15 16:47:22.078 14880-14880/? A/DEBUG: #02 pc 00093ded /apex/com.android.runtime/lib/bionic/libc.so!libc.so (offset 0x8e000) (async_safe_fatal_va_list+264) (BuildId: bae1b077aa2a5eee78eac369d5f3e306) 2021-05-15 16:47:22.078 14880-14880/? A/DEBUG: #03 pc 00000040 2021-05-15 16:47:23.268 12595-14911/? A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xa02 in tid 14911 (n.xxx.test), pid 12595 (n.xxx.test) 2021-05-15 16:47:23.389 14960-14960/? A/DEBUG: 2021-05-15 16:47:23.390 14960-14960/? A/DEBUG: Build fingerprint: 'HUAWEI/OCE-AN10/HWOCE-L:10/HUAWEIOCE-AN10/11.0.0.170C00:user/release-keys' 2021-05-15 16:47:23.390 14960-14960/? A/DEBUG: Revision: '0' 2021-05-15 16:47:23.390 14960-14960/? A/DEBUG: ABI: 'arm' 2021-05-15 16:47:23.391 14960-14960/? A/DEBUG: SYSVMTYPE: Maple APPVMTYPE: Art 2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: Timestamp: 2021-05-15 16:47:23+0800 2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: pid: 12595, tid: 14911, name: n.xxx.test >>> com..xxx.test <<< 2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: uid: 10250 2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xa02 2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: Cause: null pointer dereference 2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: r0 00000000 r1 70476c63 r2 b6a2aa97 r3 00000a03 2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: r4 a42a7bbd r5 a42aa11a r6 a434c090 r7 0000001d 2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: r8 b6a2aa97 r9 00000a03 r10 a42aa11c r11 a42a7ba0 2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: ip 00000000 sp 00000000 lr 00000000 pc 00000a02 2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: backtrace: 2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: #00 pc 00000a02 2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: #01 pc 00000000 2021-05-15 16:48:12.150 2452-2981/? E/SmartDualCardConfig: isAppInBlackList false,items==null 2021-05-15 16:48:12.152 2452-2981/? E/ScgQuickAddManager: the compName is :com.android.systemui 2021-05-15 16:48:12.155 1527-17067/? E/ZrHung.AppEyeFocusWindow: cancel check
在对使用类似 360加固之类的 apk使用 Xpatch 二次打包时,安装运行后会崩溃,看日志是崩溃在了 Native 层,应该是 Native 层对文件做了 MD5 校验之类的操作的,请问大神对这个有什么思路吗?使用 Frida 是不是可以解决这个问题? 这是崩溃的日志: --------- beginning of system 2021-05-15 16:47:21.968 12590-14803/? A/libc: stack corruption detected (-fstack-protector) 2021-05-15 16:47:21.968 12590-14803/? A/libc: stack corruption detected (-fstack-protector) 2021-05-15 16:47:21.968 12590-14869/? A/libc: stack corruption detected (-fstack-protector) 2021-05-15 16:47:21.968 12590-14869/? A/libc: stack corruption detected (-fstack-protector) 2021-05-15 16:47:21.968 12590-14869/? A/libc: Fatal signal 6 (SIGABRT), code -1 (SI_QUEUE) in tid 14869 (KY_WiseAPMSDK-A), pid 12590 (n.xxx.test) 2021-05-15 16:47:22.074 14880-14880/? A/DEBUG: 2021-05-15 16:47:22.074 14880-14880/? A/DEBUG: Build fingerprint: 'HUAWEI/OCE-AN10/HWOCE-L:10/HUAWEIOCE-AN10/11.0.0.170C00:user/release-keys' 2021-05-15 16:47:22.074 14880-14880/? A/DEBUG: Revision: '0' 2021-05-15 16:47:22.074 14880-14880/? A/DEBUG: ABI: 'arm' 2021-05-15 16:47:22.075 14880-14880/? A/DEBUG: SYSVMTYPE: Maple APPVMTYPE: Art 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: Timestamp: 2021-05-15 16:47:22+0800 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: pid: 12590, tid: 14869, name: KY_WiseAPMSDK-A >>> com.xxx.test <<< 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: uid: 10250 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: signal 6 (SIGABRT), code -1 (SI_QUEUE), fault addr -------- 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: Abort message: 'stack corruption detected (-fstack-protector)' 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: r0 00000000 r1 00003a15 r2 00000006 r3 a2288640 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: r4 a2288654 r5 a2288638 r6 0000312e r7 0000016b 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: r8 a2288650 r9 a2288640 r10 a2288670 r11 a2288660 2021-05-15 16:47:22.076 14880-14880/? A/DEBUG: ip 00003a15 sp a2288610 lr ea8214f7 pc ea82150a 2021-05-15 16:47:22.078 14880-14880/? A/DEBUG: backtrace: 2021-05-15 16:47:22.078 14880-14880/? A/DEBUG: #00 pc 0005450a /apex/com.android.runtime/lib/bionic/libc.so (abort+166) (BuildId: bae1b077aa2a5eee78eac369d5f3e306) 2021-05-15 16:47:22.078 14880-14880/? A/DEBUG: #01 pc 0008beef /apex/com.android.runtime/lib/bionic/libc.so!libc.so (offset 0x8b000) (__stack_chk_fail+10) (BuildId: bae1b077aa2a5eee78eac369d5f3e306) 2021-05-15 16:47:22.078 14880-14880/? A/DEBUG: #02 pc 00093ded /apex/com.android.runtime/lib/bionic/libc.so!libc.so (offset 0x8e000) (async_safe_fatal_va_list+264) (BuildId: bae1b077aa2a5eee78eac369d5f3e306) 2021-05-15 16:47:22.078 14880-14880/? A/DEBUG: #03 pc 00000040
2021-05-15 16:47:23.268 12595-14911/? A/libc: Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xa02 in tid 14911 (n.xxx.test), pid 12595 (n.xxx.test)
2021-05-15 16:47:23.389 14960-14960/? A/DEBUG:
2021-05-15 16:47:23.390 14960-14960/? A/DEBUG: Build fingerprint: 'HUAWEI/OCE-AN10/HWOCE-L:10/HUAWEIOCE-AN10/11.0.0.170C00:user/release-keys'
2021-05-15 16:47:23.390 14960-14960/? A/DEBUG: Revision: '0'
2021-05-15 16:47:23.390 14960-14960/? A/DEBUG: ABI: 'arm'
2021-05-15 16:47:23.391 14960-14960/? A/DEBUG: SYSVMTYPE: Maple
APPVMTYPE: Art
2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: Timestamp: 2021-05-15 16:47:23+0800
2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: pid: 12595, tid: 14911, name: n.xxx.test >>> com..xxx.test <<<
2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: uid: 10250
2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xa02
2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: Cause: null pointer dereference
2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: r0 00000000 r1 70476c63 r2 b6a2aa97 r3 00000a03
2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: r4 a42a7bbd r5 a42aa11a r6 a434c090 r7 0000001d
2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: r8 b6a2aa97 r9 00000a03 r10 a42aa11c r11 a42a7ba0
2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: ip 00000000 sp 00000000 lr 00000000 pc 00000a02
2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: backtrace:
2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: #00 pc 00000a02
2021-05-15 16:47:23.392 14960-14960/? A/DEBUG: #01 pc 00000000
2021-05-15 16:48:12.150 2452-2981/? E/SmartDualCardConfig: isAppInBlackList false,items==null
2021-05-15 16:48:12.152 2452-2981/? E/ScgQuickAddManager: the compName is :com.android.systemui
2021-05-15 16:48:12.155 1527-17067/? E/ZrHung.AppEyeFocusWindow: cancel check