search

garrettskj / ac_patcher

AnyConnect Patcher for Freedom
GNU General Public License v3.0
35 stars 10 forks source link

Some error on 5.0.05040 (macos version) #13

Open GRomR1 opened 6 months ago

GRomR1 commented 6 months ago

Hi all,

I just tried to run this script in hope it will fix all my pain. But wonder not happen :(

In the result a new file was built, but size of the file is bigger than I expect (about 4 GB. 😮 )

❯ ls -lah vpn*
.rwxr-xr-x rgainanov wheel 4.0G an hour ago    vpnagentd
.rwxr-xr-x root      wheel 2.7M 13 minutes ago   vpnagentd.orig
❯ ./vpnagentd.orig --version
Cisco Systems VPN Agent (version 5.0.05040 )
Copyright (C) 1998-2010 All Rights Reserved.

There is a log of my attempt:

# ./anyconnect_patch.py
WARNING: bin_strings buffer is too big (0xfffffffffff04710). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xfffffffffff023b2). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xffffffffffee74a8). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
Opening and analyzing, 15 seconds...
Value from 0x00000000 to 0x002bc3c0
aav: 0x00000000-0x002bc3c0 in 0x0-0x2bc3c0
aav: 0x00000000-0x002bc3c0 in 0x100007f8c-0x1001093b8
aav: 0x00000000-0x002bc3c0 in 0x10010c000-0x10010e839
aav: 0x00000000-0x002bc3c0 in 0x10010e840-0x10010ed00
Value from 0x100007f8c to 0x1001093b8
aav: 0x100007f8c-0x1001093b8 in 0x0-0x2bc3c0
aav: 0x100007f8c-0x1001093b8 in 0x100007f8c-0x1001093b8
aav: 0x100007f8c-0x1001093b8 in 0x10010c000-0x10010e839
aav: 0x100007f8c-0x1001093b8 in 0x10010e840-0x10010ed00
Value from 0x10010c000 to 0x10010e839
aav: 0x10010c000-0x10010e839 in 0x0-0x2bc3c0
aav: 0x10010c000-0x10010e839 in 0x100007f8c-0x1001093b8
aav: 0x10010c000-0x10010e839 in 0x10010c000-0x10010e839
aav: 0x10010c000-0x10010e839 in 0x10010e840-0x10010ed00
Value from 0x10010e840 to 0x10010ed00
aav: 0x10010e840-0x10010ed00 in 0x0-0x2bc3c0
aav: 0x10010e840-0x10010ed00 in 0x100007f8c-0x1001093b8
aav: 0x10010e840-0x10010ed00 in 0x10010c000-0x10010e839
aav: 0x10010e840-0x10010ed00 in 0x10010e840-0x10010ed00
 WARNING : block size exceeding max block size at 0x0016f5e4
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00135d6c
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00132dd0
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0013acb0
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0013c628
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028f938
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028dda4
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00290144
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028fe18
[+] Try changing it with e anal.bb.maxsize
Found method StartInterface @ 0x1000d6610
WARNING: bin_strings buffer is too big (0xfffffffffff04710). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xfffffffffff023b2). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xffffffffffee74a8). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
Value from 0x00000000 to 0x002bc3c0
aav: 0x00000000-0x002bc3c0 in 0x0-0x2bc3c0
aav: 0x00000000-0x002bc3c0 in 0x100007f8c-0x1001093b8
aav: 0x00000000-0x002bc3c0 in 0x10010c000-0x10010e839
aav: 0x00000000-0x002bc3c0 in 0x10010e840-0x10010ed00
Value from 0x100007f8c to 0x1001093b8
aav: 0x100007f8c-0x1001093b8 in 0x0-0x2bc3c0
aav: 0x100007f8c-0x1001093b8 in 0x100007f8c-0x1001093b8
aav: 0x100007f8c-0x1001093b8 in 0x10010c000-0x10010e839
aav: 0x100007f8c-0x1001093b8 in 0x10010e840-0x10010ed00
Value from 0x10010c000 to 0x10010e839
aav: 0x10010c000-0x10010e839 in 0x0-0x2bc3c0
aav: 0x10010c000-0x10010e839 in 0x100007f8c-0x1001093b8
aav: 0x10010c000-0x10010e839 in 0x10010c000-0x10010e839
aav: 0x10010c000-0x10010e839 in 0x10010e840-0x10010ed00
Value from 0x10010e840 to 0x10010ed00
aav: 0x10010e840-0x10010ed00 in 0x0-0x2bc3c0
aav: 0x10010e840-0x10010ed00 in 0x100007f8c-0x1001093b8
aav: 0x10010e840-0x10010ed00 in 0x10010c000-0x10010e839
aav: 0x10010e840-0x10010ed00 in 0x10010e840-0x10010ed00
 WARNING : block size exceeding max block size at 0x0016f5e4
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00135d6c
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00132dd0
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0013acb0
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0013c628
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028f938
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028dda4
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00290144
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028fe18
[+] Try changing it with e anal.bb.maxsize
Opening and finding the method now, 15 seconds...
Looks like it's called from: ['0x100070f54']
WARNING: bin_strings buffer is too big (0xfffffffffff04710). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xfffffffffff023b2). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xffffffffffee74a8). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
Value from 0x00000000 to 0x002bc3c0
aav: 0x00000000-0x002bc3c0 in 0x0-0x2bc3c0
aav: 0x00000000-0x002bc3c0 in 0x100007f8c-0x1001093b8
aav: 0x00000000-0x002bc3c0 in 0x10010c000-0x10010e839
aav: 0x00000000-0x002bc3c0 in 0x10010e840-0x10010ed00
Value from 0x100007f8c to 0x1001093b8
aav: 0x100007f8c-0x1001093b8 in 0x0-0x2bc3c0
aav: 0x100007f8c-0x1001093b8 in 0x100007f8c-0x1001093b8
aav: 0x100007f8c-0x1001093b8 in 0x10010c000-0x10010e839
aav: 0x100007f8c-0x1001093b8 in 0x10010e840-0x10010ed00
Value from 0x10010c000 to 0x10010e839
aav: 0x10010c000-0x10010e839 in 0x0-0x2bc3c0
aav: 0x10010c000-0x10010e839 in 0x100007f8c-0x1001093b8
aav: 0x10010c000-0x10010e839 in 0x10010c000-0x10010e839
aav: 0x10010c000-0x10010e839 in 0x10010e840-0x10010ed00
Value from 0x10010e840 to 0x10010ed00
aav: 0x10010e840-0x10010ed00 in 0x0-0x2bc3c0
aav: 0x10010e840-0x10010ed00 in 0x100007f8c-0x1001093b8
aav: 0x10010e840-0x10010ed00 in 0x10010c000-0x10010e839
aav: 0x10010e840-0x10010ed00 in 0x10010e840-0x10010ed00
 WARNING : block size exceeding max block size at 0x0016f5e4
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00135d6c
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00132dd0
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0013acb0
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0013c628
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028f938
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028dda4
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00290144
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028fe18
[+] Try changing it with e anal.bb.maxsize
Patching Completed Successfully
Now patching FileSignature verification
Opening and analyzing, 15 seconds...
Value from 0x00000000 to 0x100070f59
Skipping huge range
Skipping huge range
Found method VerifyFileSignatureCollective::IsValid @
Value from 0x00000000 to 0x100070f59
Skipping huge range
Skipping huge range
Opening and finding the method now, 15 seconds...
Looks like it's called from: ['']
Patching Failed, maybe already done?

I run it in Docker with this compose-file:

version: "2.4"
services:
  anyhack:
    build:
      context: .
      dockerfile: Dockerfile
    command: sleep 6000
    volumes:
      - ${PWD}:/srv