Open hejiheji001 opened 4 years ago
这个看不到什么,把DEBUG打开,看过一点详细的信息
大佬应该都很忙, @zhkl0228 是否可以建个群?
@satng 其实并没有特别多的信息 这两句WARN已经是全部了 其他都是INFO 仅仅是加载文件之类的
[16:06:57 506] INFO [com.github.unidbg.linux.AndroidElfLoader] (AndroidElfLoader:386) - libdl.so load dependency ld-android.so failed
[16:06:57 567] INFO [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:1818) - faccessat dirfd=-100, pathname=/dev/urandom, oflags=0x4, mode=0 File opened failed '/proc/sys/vm/overcommit_memory' from RX@0x400a2319[libc.so]0x71319
[16:06:57 572] INFO [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:1873) - openat dirfd=-100, pathname=/proc/sys/vm/overcommit_memory, oflags=0x20000, mode=0 File opened failed '/sys/devices/system/cpu/online' from RX@0x4005141d[libc.so]0x2041d
[16:06:57 584] INFO [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:1873) - openat dirfd=-100, pathname=/sys/devices/system/cpu/online, oflags=0xa0000, mode=0 File opened '/dev/properties' from RX@0x40053bdf[libc.so]0x22bdf File closed '/dev/properties' from RX@0x4004c653[libc.so]0x1b653
[16:06:57 619] INFO [com.github.unidbg.linux.android.ArmLD] (ArmLD:157) - dlopen failed: libvendorconn.so propClient: PropClient failed to load
[16:06:57 625] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:55) - memory failed: address=0x0, size=4, value=0x0, PC=RX@0x40009f28[libnative-lib.so]0x9f28, LR=null
[16:06:57 625] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:357) - emulate RX@0x40009f95[libnative-lib.so]0x9f95 exception sp=unicorn@0xbffff6c0, msg=Invalid memory read (UC_ERR_READ_UNMAPPED), offset=1ms test offset=520ms
如果打开traceCode 可以多看到一些内容 倒数10条如下
首先是一段Python+AndroidNativeEmu的代码,调用JNI方法并获取加密后的字符串,整体比较简单。
test.zip
emulator = Emulator()
emulator.modules.add_symbol_hook('__aeabi_memclr', emulator.hooker.write_function(__aeabi_memclr) + 1)
emulator.modules.add_symbol_hook('__aeabi_memcpy', emulator.hooker.write_function(__aeabi_memcpy) + 1)
emulator.modules.add_symbol_hook('sprintf', emulator.hooker.write_function(sprintf) + 1)
emulator.load_library('lib/libc.so', do_init=False)
libmod = emulator.load_library('lib/libnative-lib.so', do_init=False)
dbg = udbg.UnicornDebugger(emulator.mu)
s = emulator.call_symbol(libmod, 'Java_com_sec_udemo_MainActivity_sign_1lv2', emulator.java_vm.jni_env.address_ptr, 0, "123")
print(s)
我自己照着python进行改动,基于AndroidNativeEmuTest.java 进行了一系列尝试 发现提示 [15:05:08 890] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:55) - memory failed: address=0x0, size=4, value=0x0, PC=RX@0x40009f3c[libnative-lib.so]0x9f3c, LR=null [15:05:08 891] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:357) - emulate RX@0x40009f95[libnative-lib.so]0x9f95 exception sp=unicorn@0xbffff6c0, msg=Invalid memory read (UC_ERR_READ_UNMAPPED), offset=195ms
从报错来看,应该是unicorn这边的内存地址没有map到,但是不清楚具体该如何操作
Module module = emulator.loadLibrary(new File("src/test/resources/tutorial/0x3/libnative-lib.so"));
Symbol sign = module.findSymbolByName("Java_com_sec_udemo_MainActivity_sign_1lv2");