Bus error right after [*] Defeating KASLR on armv7l

[deviato]

Hi, I'm maintaining this android app DroidPPPwn which includes binaries compiled from your code. I first tried compiling the sources on my x64 Linux box, and it worked great. Next I tried to create a build with the included zig cross-compiler for aarch64 android: I tried changing targets, architectures, also matching my -mcpu=cortex_aXX version, and some of your nightly-prebuilt. But all the produced binaries, once executed, gave me this error: [*] Defeating KASLR... Bus error. and the ps4 got a kernel panic. So I did a test installing Termux with build-essential pkgs and compiling directly on my phone. In this case it worked again! Also testing the same binary to different devices. Finally I was trying to port the code for the remaining architectures on other native devices i own: for android x86 it went well,

but for armv7 it gave me the same error again. Even trying the armv7 binary on aarch64 gives me "Bus error". Can you help me? What do you think this is due to? (I've included my binaries if you need to take a look pppwn-devbuilds.zip)

Thank you in advance!

[xfangfang]

Because there is no problem with termux, it looks like an issue with Android code. I’m not an Android expert, so I’m not sure where the problem lies.

Perhaps you can use NDK to integrate code instead of calling pre compiled files, which can better assist you in debugging issues.

You may be able to get the location of the problem by adding more logs to stage2, which may help with analysis.

[deviato]

Thank you for the reply! I finally set up an android ndk environment (r25c to support 4.4), and I think I figured out where the problem is. Clang gives me this error: /.../build/_deps/mongoose-src/mongoose.c:4875:24: warning: implicit declaration of function 'epoll_create1' is invalid in C99 [-Wimplicit-function-declaration] if ((mgr->epoll_fd = epoll_create1(EPOLL_CLOEXEC)) < 0) ^ /.../build/_deps/mongoose-src/mongoose.c:4875:38: error: use of undeclared identifier 'EPOLL_CLOEXEC' if ((mgr->epoll_fd = epoll_create1(EPOLL_CLOEXEC)) < 0)

I checked the file, the include is declared correctly, so I looked for more information and discovered that Android up to SDK 20 did not support the epoll_create1 syscall in the kernel, but it was only introduced in Android 5 (SDK21). in fact, trying to change the related setting to set(ANDROID_PLATFORM "android-21"), the compilation is successful. To stay at SDK level 19 the only fix that I suppose is correct was to add the -DMG_ENABLE_EPOLL=0 option for mongoose modifying this line in CMakeLists.txt: target_compile_options(mongoose PUBLIC -DMG_ENABLE_PACKED_FS=1 -DMG_ENABLE_EPOLL=0)

Now the compilation is successful, and when I run the program the error is gone, so it also works for armv7! I honestly don't know what kind of repercussions this modification might have on the program's behavior, maybe you know something more. The only thing I still can't explain is why, keeping this modification and using the zig cross-compiler, it still doesn't work giving bus_error on all architectures.

[xfangfang]

I honestly don't know what kind of repercussions this modification might have on the program's behavior, maybe you know something more.

If you haven't used --web to open a webpage, the mongoose code won't be run, so it shouldn't cause any problems.

The only thing I still can't explain is why, keeping this modification and using the zig cross-compiler, it still doesn't work giving bus_error on all architectures.

When using zig cross compilation, the pre compiled executable files have built-in musl as libc, which is different from the c library in Android systems. There may be conflicts, after all, the correct way to call c/c++ on Android should use ndk instead of running some pre compiled executable files.

[deviato]

Thank you for the explanation