search

charleywright / spotify-analyze-v2

4 stars 1 forks source link

error: Failed to scan binary #4

Closed maximilianosinski closed 7 months ago

maximilianosinski commented 7 months ago

when executing this command (frida-server is running):

needle-injector --target android --exec com.spotify.music --binary liborbit-jni-spotify.so

i get this error / output:

Target: android
Executable: com.spotify.music
Binary: \\?\C:\Users\maxim\Documents\spoti\spotify-analyze-v2\needle\injector\target\release\liborbit-jni-spotify.so
Found ELF relocation 0x0000000000-0x000123f280 -> 0x0000000000-0x000123f280 (0x0000000000 - 0x0001240000)
Found ELF relocation 0x0001240000-0x0001315418 -> 0x0001240000-0x0001315418 (0x0001240000 - 0x0001316000)
Found ELF relocation 0x0001315420-0x0001342648 -> 0x0001316420-0x00013772d0 (0x0001316000 - 0x0001378000)
Detected JNI for x86_64
Found server public key at liborbit-jni-spotify.so:0x000030cc30 Offset: 0x000030cc30 Address: 0x000030cc30
Found shannon constant at liborbit-jni-spotify.so:0x00011346dd Offset: 0x00011346dd Address: 0x00011346dd
Found shannon constant at liborbit-jni-spotify.so:0x0001134eb7 Offset: 0x0001134eb7 Address: 0x0001134eb7
Found shannon constant at liborbit-jni-spotify.so:0x000113629f Offset: 0x000113629f Address: 0x000113629f
Failed to find shn_encrypt/shn_decrypt prologue
error: Failed to scan binary

any ideas on how to fix this?

charleywright commented 7 months ago

That error is caused when the injector fails to find the shannon functions because Spotify updated something and the assembly changed. I just checked and signatures are broken for all architectures on 8.9.6.458 and 8.9.8.545 which is unusual, normally only one or two architectures would break not all of them. I'll take a look now and see what changed

charleywright commented 7 months ago

Here is a patch for x86, x86_64 and ARM32, ARM64 is going to take a little longer. There are no matches for the constant and other functions like powSolveHashcash are obfuscated or something (there is no prologue or epilogue, it looks like the code was just mushed together)

EDIT: Some functions were inlined, the shannon functions are still there. The constant is split into two components (as usual) however since there is an extra instruction between them IDA didn't find it. All issues should be solved in 502fc0232e484442a1d5f86a1a863ed20aa2203a, let me know if you have any further issues.