Open q601180252 opened 4 months ago
错误信息 debugger break at: 0x400e9ce4 @ Runnable|Function64 address=0x400e2acc, arguments=[unidbg@0xfffe1640, -1662257446]
x0=0xfffe1640(-125376) x1=0xffffffff9cebf6da x2=0xd0 x3=0x403c0000 x4=0x403c0200 x5=0x403c02d0 x6=0x1 x7=0xbffff708 x8=0x0 x9=0x0 x10=0x1 x11=0xbfffe430 x12=0xb x13=0x0 x14=0x7fffffff x15=0x0 x16=0x40189358 x17=0x40348760 x18=0xb x19=0x0 x20=0x0 x21=0x0 x22=0x0 x23=0x0 x24=0x0 x25=0x0 x26=0x0 x27=0x0 x28=0x0 fp=0xbffff6d0 q0=0xbffff69000000000bffff700(1.591495705E-314, 1.5914956496E-314) q1=0xffffff80ffffffc800000000bffff650(1.591495618E-314, NaN) q2=0x72742f73676f6c2f73656c69662f6163(7.489563950000777E247, 2.153539780993943E243) q3=0xbffff5e0(-1.9996910095214844) q4=0x8dcf33a2(-1.2769790099084385E-30) q5=0x8b(1.9478048654114957E-43) q6=0x8b61(4.99997305055738E-41) q7=0x8b6165(1.280007254057179E-38) q8=0x0(0.0) q9=0x0(0.0) q10=0x0(0.0) q11=0x0(0.0) q12=0x0(0.0) q13=0x0(0.0) q14=0x0(0.0) q15=0x0(0.0) q16=0x0(0.0) q17=0x7b(1.723597111119525E-43) q18=0x7b90(4.4325873023522614E-41) q19=0x7b908e(1.1347622478403723E-38) q20=0x8ffe5d9b(-2.508238925581193E-29) q21=0xc4(2.7465449900766415E-43) q22=0xc4f3(7.065206727279295E-41) q23=0xc4f3aa(1.808716744257393E-38) q24=0x40180bf0(2.3757286071777344) q25=0x0(0.0) q26=0x4035528c(2.833163261413574) q27=0x0(0.0) q28=0xbffff6c0(-1.9997177124023438) q29=0x0(0.0) q30=0x0(0.0) q31=0x0(0.0) LR=RX@0x400e2ad8[libg.so]0xe2ad8 SP=0xbffff6d0 PC=RX@0x400e9ce4[libg.so]0xe9ce4 nzcv: N=0, Z=1, C=1, V=0, EL0, use SP_EL0 [libg.so 0x0e9ce0] [280100b4] 0x400e9ce0: "cbz x8, #0x400e9d04" => [libg.so 0x0e9ce4][080940f9]0x400e9ce4:*"ldr x8, [x8, #0x10]" [0x10] => mem_read address=0x10, size=8 [libg.so 0x0e9ce8] [087d4039] 0x400e9ce8: "ldrb w8, [x8, #0x1f]" [libg.so 0x0e9cec] [c8000037] 0x400e9cec: "tbnz w8, #0, #0x400e9d04" [libg.so 0x0e9cf0] [20fbffb0] 0x400e9cf0: "adrp x0, #0x4004e000" [libg.so 0x0e9cf4] [00c83791] 0x400e9cf4: "add x0, x0, #0xdf2" [libg.so 0x0e9cf8] [224f0294] 0x400e9cf8: "bl #0x4017d980" [libg.so 0x0e9cfc] [60008012] 0x400e9cfc: "mov w0, #-4" [libg.so 0x0e9d00] [07000014] 0x400e9d00: "b #0x400e9d1c" [libg.so 0x0e9d04] [280500b0] 0x400e9d04: "adrp x8, #0x4018e000" [libg.so 0x0e9d08] [08e10191] 0x400e9d08: "add x8, x8, #0x78" [libg.so 0x0e9d0c] [08fddf08] 0x400e9d0c: "ldarb w8, [x8]" [libg.so 0x0e9d10] [c8000036] 0x400e9d10: "tbz w8, #0, #0x400e9d28" [libg.so 0x0e9d14] [280500b0] 0x400e9d14: "adrp x8, #0x4018e000" [libg.so 0x0e9d18] [007140b9] 0x400e9d18: "ldr w0, [x8, #0x70]" [libg.so 0x0e9d1c] [f30b40f9] 0x400e9d1c: "ldr x19, [sp, #0x10]" [libg.so 0x0e9d20] [fd7bc2a8] 0x400e9d20: "ldp x29, x30, [sp], #0x20"
修改点1:
修改点2:
resole方法中增加对应文件即可
` package com.libre;
import com.abbottdiabetescare.flashglucose.sensorabstractionservice.dataprocessing.Out; import com.alibaba.fastjson.JSON; import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONObject; import com.github.unidbg.AndroidEmulator; import com.github.unidbg.Emulator; import com.github.unidbg.Module; import com.github.unidbg.arm.backend.Backend; import com.github.unidbg.arm.backend.CodeHook; import com.github.unidbg.arm.backend.UnHook; import com.github.unidbg.arm.backend.Unicorn2Factory; import com.github.unidbg.debugger.BreakPointCallback; import com.github.unidbg.debugger.Debugger; import com.github.unidbg.debugger.DebuggerType; import com.github.unidbg.file.FileResult; import com.github.unidbg.file.IOResolver; import com.github.unidbg.file.linux.AndroidFileIO; import com.github.unidbg.linux.android.AndroidEmulatorBuilder; import com.github.unidbg.linux.android.AndroidResolver; import com.github.unidbg.linux.android.dvm.*; import com.github.unidbg.linux.android.dvm.array.ByteArray; import com.github.unidbg.linux.android.dvm.jni.ProxyDvmObject; import com.github.unidbg.linux.file.ByteArrayFileIO; import com.github.unidbg.linux.file.SimpleFileIO; import com.github.unidbg.memory.Memory; import com.github.unidbg.memory.MemoryBlock; import com.github.unidbg.pointer.UnidbgPointer; import com.github.unidbg.spi.LibraryFile; import com.github.unidbg.utils.Inspector; import com.github.unidbg.virtualmodule.android.AndroidModule; import com.github.unidbg.virtualmodule.android.JniGraphics; import com.outshineiot.bubble.xabet.AlgorithmResults; import com.outshineiot.bubble.xabet.RequltData; import org.apache.commons.codec.DecoderException; import org.apache.commons.codec.binary.Hex; import org.apache.commons.io.IOUtils; import unicorn.Arm64Const; import unicorn.ArmConst; import unicorn.UnicornConst;
import java.io.File; import java.io.FileInputStream; import java.io.IOException; import java.io.InputStream; import java.math.BigInteger; import java.util.ArrayList; import java.util.Arrays; import java.util.HashMap; import java.util.List; import java.util.zip.DataFormatException; import java.util.zip.Inflater;
public class runlibre5 extends AbstractJni {
// .addBackendFactory(new DynarmicFactory((true))) // .addBackendFactory(new HypervisorFactory(true)) // .addBackendFactory(new Unicorn2Factory(true)) .build(); // 创建模拟器实例,要模拟32位或者64位,在这里区分 System.out.println("backend == =" + emulator.getBackend()); final Memory memory = emulator.getMemory(); // 设置系统类库解析 memory.setLibraryResolver(new AndroidResolver(23));
//// vm.set // emulator.getSyscallHandler().addIOResolver(this); // DalvikModule dm = vm.loadLibrary("g", true); // 加载libttEncrypt.so到unicorn虚拟内存,加载成功以后会默认调用init_array等函数 // module = dm.getModule(); // 加载好的libttEncrypt.so对应为一个模块 // dm.callJNI_OnLoad(emulator); //
// runLibre3Obj.initNFC(); runLibre3Obj.destroy(); }
}
`