In the MuMu 12 emulator, the `keylog` mode cannot work

gojue / ecapture

Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64.

https://ecapture.cc

Apache License 2.0

13.41k stars 1.42k forks source link

In the MuMu 12 emulator, the `keylog` mode cannot work #635

Closed gexiaopeng closed 4 weeks ago

gexiaopeng commented 1 month ago

1）用adb 连接MuMu模拟器12 (windows10) ： adb shell 进入以后输入 su 切换到root用户 2）MuMu12 内核版本：Linux localhost 4.19.195-perf-gc77034d276bd https://github.com/gojue/ecapture/issues/2 SMP PREEMPT Thu Sep 5 10:40:50 HKT 2024 aarch64 3)运行命令： ecapture tls --libssl=/system/apex/com.android.conscrypt/lib64/libssl.so -m keylog --keylogfile=openssl_keylog.log 4）ecapture版本:ecapture-v0.8.6-linux-amd64.tar.gz 5）出错信息：FTL module run failed, skip it. error="couldn't start bootstrap manager error:2 errors occurred:\n\t error:opening uprobe: symbol SSL_in_before: not found , isRet:false, opts:&{0 0 0 0 0 }, {UID:uprobe_smk_SSL_in_before, EbpfFuncName:probe_ssl_master_key}\n\t error:opening uprobe: invalid program: bad file descriptor , isRet:false, opts:&{0 0 0 0 0 }, {UID:uprobe_smk_SSL_do_handshake, EbpfFuncName:probe_ssl_master_key}\n\n, probes activation validation failed ." isReload=false 微信截图_keylog

cfc4n commented 1 month ago

Please try to ask questions in English. If you are not proficient in English, then please write in Chinese characters and use translation software to translate into English. For some scenarios that are difficult to describe in English, you can use Chinese characters.

尽量使用英文提问。如果英语不擅长，那么请写汉字，再使用翻译软件翻译为英文。个别英文难以描述的场景，可以使用汉字。

cfc4n commented 1 month ago

It appears that the SSL_in_before symbol was not found. Please search within this shared object library to see which symbols start with SSL_*. Is there one named SSL_do_handshake?

gexiaopeng commented 1 month ago

It appears that the SSL_in_before symbol was not found. Please search within this shared object library to see which symbols start with SSL_*. Is there one named SSL_do_handshake?

I couldn't find any symbols that start with "SSL_". What should we do now? QQ20240920-091611

xxxxxliil commented 1 month ago

会不会是 mumu 模拟器的 android 版本和 linux 内核版本都太低了导致的

gexiaopeng commented 1 month ago

Linux localhost 4.19.195-perf-gc77034d276bd #2 SMP PREEMPT Thu Sep 5 10:40:50 HKT 2024 aarch64

android版本是12,linux版本：Linux localhost 4.19.195-perf-gc77034d276bd https://github.com/gojue/ecapture/issues/2 SMP PREEMPT Thu Sep 5 10:40:50 HKT 2024 aarch64 ，估计是缺少ssl相关模块或者依赖lib

xxxxxliil commented 1 month ago

还有一个问题是，如果是明文模式能看到 http 内容吗？

cfc4n commented 1 month ago

It appears that the SSL_in_before symbol was not found. Please search within this shared object library to see which symbols start with SSL_*. Is there one named SSL_do_handshake?

I couldn't find any symbols that start with "SSL_". What should we do now?

你去学一下如何查看一个elf文件的符号表，学会后，再来看上面的问题。

cfc4n commented 4 weeks ago

No response for a long time, closed