search

evilsocket / arminject

An application to dynamically inject a shared object into a running process on ARM architectures.
Other
444 stars 161 forks source link

Hook not working on Android 6 #9

Open mingchen opened 8 years ago

mingchen commented 8 years ago

make test lunch Chrom with a blank screen with following output:

@ Starting com.android.chrome/com.google.android.apps.chrome.Main ...
@ Injection into PID 16594 starting ...
--------- beginning of main
--------- beginning of system
01-03 13:09:11.769 16594 16594 I LIBHOOK : LIBRARY LOADED FROM PID 16594.
01-03 13:09:11.779 16594 16594 I LIBHOOK : Found 125 loaded modules.
01-03 13:09:11.779 16594 16594 I LIBHOOK : Installing 12 hooks.
01-03 13:09:11.779 16594 16594 I LIBHOOK : [0x72606000] Hooking /data/dalvik-cache/arm/system@framework@boot.oat ...
01-03 13:09:11.780 16594 16594 I LIBHOOK : [0x91580000] Hooking /data/app/com.android.chrome-1/base.apk ...
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : dlopen error: dlopen failed: library "/data/app/com.android.chrome-1/base.apk" wasn't loaded and RTLD_NOLOAD prevented it.
01-03 13:09:11.780 16594 16594 I LIBHOOK : [0x9D5CD000] Hooking /system/lib/libqdutils.so ...
01-03 13:09:11.782 16594 16594 I LIBHOOK :   open - 0xece0c102 -> 0x9d491fad
01-03 13:09:11.782 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.782 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.782 16594 16594 I LIBHOOK :   close - 0xe51b0014 -> 0x9d49195d
01-03 13:09:11.782 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=66 - rel_count=63 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : [0x9D5D5000] Hooking /system/lib/libmemalloc.so ...
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.783 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=49 - rel_count=49 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : [0x9D5DF000] Hooking /data/app/com.android.chrome-1/lib/arm/libchromium_android_linker.so ...
01-03 13:09:11.784 16594 16594 I LIBHOOK : [0x9D886000] Hooking /system/lib/hw/gralloc.msm8974.so ...
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.784 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.785 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.785 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.785 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.785 16594 16594 I LIBHOOK : Unable to find symbol in the reloc tables ( plt_rel_count=57 - rel_count=43 ).
01-03 13:09:11.785 16594 16594 I LIBHOOK : [0x9E664000] Hooking /data/app/com.android.chrome-1/oat/arm/base.odex ...
01-03 13:09:11.785 16594 16594 I LIBHOOK : [0xA7F57000] Hooking /system/lib/libwebviewchromium_loader.so ...
sir-earl commented 7 years ago

I came across this change to the linker, which I suspect might be the cause for the injector not working on Android 6.0:

https://android.googlesource.com/platform/bionic/+/d88e1f350111b3dfd71c6492321f0503cb5540db

Basically, dlopen no longer returns a pointer to the soinfo struct, but a handle id instead. So unless we can figure out another way of getting at the soinfo struct, we're out of luck!

beyonddoor commented 7 years ago

I have the same issue

sergk79 commented 5 years ago

@sir-earl Yes, you right, I've recompiled the linker with below changes: void soinfo::to_handle() { // if (get_application_target_sdk_version() < ANDROID_API_N || !has_min_version(3)) { return this; // } //return reinterpret_cast<void>(get_handle()); } And it fixed the issue.

GurTelem commented 5 years ago

@sir-earl Yes, you right, I've recompiled the linker with below changes: void soinfo::to_handle() { // if (get_application_target_sdk_version() < ANDROID_API_N || !has_min_version(3)) { return this; // } //return reinterpret_cast<void>(get_handle()); } And it fixed the issue.

To which file did you make the changes? I can't find the linker itself. Only the linker.h

sergk79 commented 5 years ago

@GurTelem

To which file did you make the changes? I can't find the linker itself. Only the linker.h

That was the linker binary from [AOSP]:(http://androidxref.com/8.1.0_r33/xref/bionic/linker/linker_soinfo.cpp)

Yeah, that is defenitely not the universal solution, but it worked for my case.