Closed TheRealJunior closed 7 years ago
Adding this line of code before return -1:
printf(" [!] error: %s\n", strerror(errno));
prints:
error: Invalid Argument
I have the same problem. "pread" returns -1 everywhere and errno == 22 (Invalid Argument) This is the same for any running process in the system. API Version 22 (5.1.1) x86 Android Emulator
Screen with some log info:
Are you using the same application? Judging by the man page for Invalid argument
;
EINVAL
The STREAM or multiplexer referenced by fildes is linked (directly or indirectly) downstream from a multiplexer.
The application is potentially already reading the address or has it locked some way.
Based on your screen shot, it looks like the unpacker is attempting to read protected or non-readable areas. Try unprotecting/enabling reading fish.
I use your native-unpacker (kisskiss), last version (current master brunch), by the way it's very good solution. I see, that pread not work properly for me. How can i try unprotecting/enabling reading? I run the app by root, of couse.
Currently the code doesn't do anything to the memory regions - so it needs to be changed within the code.
Do you have the application hash you're attempting to unpack? Or potentially an uploaded file?
SHA1: 5EA79666EF98D70B2673FE8885181CEBB30AA8EC
But i don't thinks this problem connected with app. I think the cause of the problem is in the emulator or OS. I'm going to try unpuck it on other version of android.
Cool, let me know if that helps. Since you're running on 5 or higher, selinux might be nerfing ptrace/pread/etc.
Android 7: all the same... May be the cause of the problem is the emulator. I use the original google AVD.
What makes you believe this application is packed? It does not appear to be, though it does include some obfuscation and protectors.
Two parts of signing and encrypt/decrypt mechanism is packed. But very simple, without encryption. Getting a model of classes from memory can would be nice. But I found it now, without unpacking. Thank you. I think, i have solved my task.
I've only skimmed the binary, it appears two dex files are dynamically loaded (they're listed as shared libraries via extensions, but are just jar's)
Other than that didn't see anything "packed". Going to close this for now.
Steps to reproduce:
Screenshot
Using: Nox Player (x86) API Version 19 (4.4.2)