You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Good morning!
I am having some problems testing adbi in my rooted device (Lollipop).
First, let me say that original code gives me "Only PIE are supported" error, so here's what I did to bypass that:
In every Application.mk to build:
APP_PLATFORM := android-16
APP_ABI := armeabi-v7a
In every Android.mk to build:
LOCAL_CFLAGS += -fPIE
Final thing:
before launching the hijacker on the device:
chmod 666 /data/local/tmp/adbi_example.log
With these modifications, everything build fine and I can inject the library in my device.
Now, the problem. Hooking doesn't work because the chosen process crashes as soon as I execute the hijacker, and then restarts with a different PID. Here are the highlights from logcat:
I/rmt_storage( 220): rmt_storage_connect_cb: clnt_h=0x1f conn_h=0xb8bc7820
I/rmt_storage( 220): rmt_storage_rw_iovec_cb: /boot/modem_fs1: clnt_h=0x1: req_h=0x23 msg_id=3: R/W request received
I/rmt_storage( 220): wakelock acquired: 1, error no: 42
I/rmt_storage( 220): rmt_storage_client_thread: /boot/modem_fs1: clnt_h=0x1 Unblock worker thread (th_id: -1195608776)
I/rmt_storage( 220): rmt_storage_client_thread: /boot/modem_fs1: clnt_h=0x1: req_h=0x23 msg_id=3: Bytes written = 1572864
I/rmt_storage( 220): rmt_storage_client_thread: /boot/modem_fs1: clnt_h=0x1: req_h=0x23 msg_id=3: Send response: res=0 err=0
I/rmt_storage( 220): rmt_storage_client_thread: /boot/modem_fs1: clnt_h=0x1 About to block rmt_storage client thread (th_id: -1195608776) wakelock released: 1, error no: 22
I/rmt_storage( 220):
I/rmt_storage( 220): rmt_storage_disconnect_cb: clnt_h=0x0x1f conn_h=0x0xb8bc7820 F/libc (26103): Fatal signal 11 (SIGSEGV), code 1, fault addr 0xc in tid 26103 (m.android.phone)
I/DEBUG ( 254): property debug.db.uid not set; NOT waiting for gdb.
I/DEBUG ( 254): HINT: adb shell setprop debug.db.uid 100000
I/DEBUG ( 254): HINT: adb forward tcp:5039 tcp:5039
I/DEBUG ( 254): Build fingerprint: 'motorola/condor_retgb/condor_umts:4.4.4/KXC21.5-40/46:user/release-keys'
I/DEBUG ( 254): Revision: '33456'
I/DEBUG ( 254): ABI: 'arm' I/DEBUG ( 254): pid: 26103, tid: 26103, name: m.android.phone >>> com.android.phone <<<
E/DEBUG ( 254): AM write failure (32 / Broken pipe) I/DEBUG ( 254): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xc
I/DEBUG ( 254): r0 ffffffff r1 bed15068 r2 00000010 r3 0000000c
I/DEBUG ( 254): r4 b6e470f8 r5 00000008 r6 bed15008 r7 00000000
I/DEBUG ( 254): r8 00000000 r9 b7dff5a0 sl 00000000 fp ffffffff
I/DEBUG ( 254): ip b6e4b31d sp bed14ff8 lr b6e4b325 pc b6e4b32a cpsr 00000030
I/DEBUG ( 254):
I/DEBUG ( 254): backtrace:
I/DEBUG ( 254): #.00 pc 0001632a /system/lib/libc.so (_set_errno+13)
I/DEBUG ( 254): #.01 pc 00011f15 /system/lib/libc.so (epoll_pwait+40)
I/DEBUG ( 254): #.02 pc 00011f27 /system/lib/libc.so (epoll_wait+10)
I/DEBUG ( 254): #.03 pc 00012fd7 /system/lib/libutils.so (android::Looper::pollInner(int)+98)
I/DEBUG ( 254): #.04 pc 000132c1 /system/lib/libutils.so (android::Looper::pollOnce(int, int, int, void/_)+40)
I/DEBUG ( 254): #.05 pc 00095311 /system/lib/libandroid_runtime.so (android::NativeMessageQueue::pollOnce(JNIEnv, int)+24)
I/DEBUG ( 254): #.06 pc 000b6f53 /data/dalvik-cache/arm/system@framework@boot,oat
I/DEBUG ( 254):
I/DEBUG ( 254): Tombstone written to: /data/tombstones/tombstone_07
I/BootReceiver( 932): Copying /data/tombstones/tombstone_07 to DropBox (SYSTEM_TOMBSTONE)
I/ServiceManager( 213): service 'isub' died
I/ServiceManager( 213): service 'simphonebook' died
I/ServiceManager( 213): service 'iphonesubinfo' died
I/ServiceManager( 213): service 'isms' died _I/ServiceManager( 213): service 'phone' died*
I/ServiceManager( 213): service 'sip' died
D/ConnectivityService( 932): unregisterNetworkFactory for Telephony
I/MmsServiceBroker( 932): MmsService unexpectedly disconnected
D/WifiService( 932): Client connection lost with reason: 4 I/Zygote ( 269): Process 26103 exited due to signal (11)
I/ActivityManager( 932): Process com.android.phone (pid 26103) has died
W/ActivityManager( 932): Scheduling restart of crashed service com.android.stk/.StkAppService in 1000ms
W/ActivityManager( 932): Scheduling restart of crashed service com.android.phone/.TelephonyDebugService in 0ms
W/ActivityManager( 932): Scheduling restart of crashed service com.android.mms.service/.MmsService in 11000ms
I/ActivityManager( 932): Start proc 26324:com.android.phone/1001 for restart com.android.phone
This is the output in adbi_example.log after launching ./hijack: /Users/bran/Documents/adbi-master/instruments/example/jni/../epoll.c started hooking: epoll_wait = 0xb6e46f1d THUMB using 0xa47224f1
Any idea about how can I solve this?
Also, what's the difference between m.android.phone and com.android.phone?
Thank you
The text was updated successfully, but these errors were encountered:
Good morning!
I am having some problems testing adbi in my rooted device (Lollipop).
First, let me say that original code gives me "Only PIE are supported" error, so here's what I did to bypass that:
In every Application.mk to build:
APP_PLATFORM := android-16
APP_ABI := armeabi-v7a
In every Android.mk to build:
LOCAL_CFLAGS += -fPIE
Final thing:
before launching the hijacker on the device:
chmod 666 /data/local/tmp/adbi_example.log
With these modifications, everything build fine and I can inject the library in my device.
Now, the problem. Hooking doesn't work because the chosen process crashes as soon as I execute the hijacker, and then restarts with a different PID. Here are the highlights from logcat:
I/rmt_storage( 220): rmt_storage_connect_cb: clnt_h=0x1f conn_h=0xb8bc7820
I/rmt_storage( 220): rmt_storage_rw_iovec_cb: /boot/modem_fs1: clnt_h=0x1: req_h=0x23 msg_id=3: R/W request received
I/rmt_storage( 220): wakelock acquired: 1, error no: 42
I/rmt_storage( 220): rmt_storage_client_thread: /boot/modem_fs1: clnt_h=0x1 Unblock worker thread (th_id: -1195608776)
I/rmt_storage( 220): rmt_storage_client_thread: /boot/modem_fs1: clnt_h=0x1: req_h=0x23 msg_id=3: Bytes written = 1572864
I/rmt_storage( 220): rmt_storage_client_thread: /boot/modem_fs1: clnt_h=0x1: req_h=0x23 msg_id=3: Send response: res=0 err=0
I/rmt_storage( 220): rmt_storage_client_thread: /boot/modem_fs1: clnt_h=0x1 About to block rmt_storage client thread (th_id: -1195608776) wakelock released: 1, error no: 22
I/rmt_storage( 220):
I/rmt_storage( 220): rmt_storage_disconnect_cb: clnt_h=0x0x1f conn_h=0x0xb8bc7820
F/libc (26103): Fatal signal 11 (SIGSEGV), code 1, fault addr 0xc in tid 26103 (m.android.phone)
I/DEBUG ( 254): property debug.db.uid not set; NOT waiting for gdb.
I/DEBUG ( 254): HINT: adb shell setprop debug.db.uid 100000
I/DEBUG ( 254): HINT: adb forward tcp:5039 tcp:5039
I/DEBUG ( 254): Build fingerprint: 'motorola/condor_retgb/condor_umts:4.4.4/KXC21.5-40/46:user/release-keys'
I/DEBUG ( 254): Revision: '33456'
I/DEBUG ( 254): ABI: 'arm'
I/DEBUG ( 254): pid: 26103, tid: 26103, name: m.android.phone >>> com.android.phone <<<
E/DEBUG ( 254): AM write failure (32 / Broken pipe)
I/DEBUG ( 254): signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xc
I/DEBUG ( 254): r0 ffffffff r1 bed15068 r2 00000010 r3 0000000c
I/DEBUG ( 254): r4 b6e470f8 r5 00000008 r6 bed15008 r7 00000000
I/DEBUG ( 254): r8 00000000 r9 b7dff5a0 sl 00000000 fp ffffffff
I/DEBUG ( 254): ip b6e4b31d sp bed14ff8 lr b6e4b325 pc b6e4b32a cpsr 00000030
I/DEBUG ( 254):
I/DEBUG ( 254): backtrace:
I/DEBUG ( 254): #.00 pc 0001632a /system/lib/libc.so (_set_errno+13)
I/DEBUG ( 254): #.01 pc 00011f15 /system/lib/libc.so (epoll_pwait+40)
I/DEBUG ( 254): #.02 pc 00011f27 /system/lib/libc.so (epoll_wait+10)
I/DEBUG ( 254): #.03 pc 00012fd7 /system/lib/libutils.so (android::Looper::pollInner(int)+98)
I/DEBUG ( 254): #.04 pc 000132c1 /system/lib/libutils.so (android::Looper::pollOnce(int, int, int, void/_)+40)
I/DEBUG ( 254): #.05 pc 00095311 /system/lib/libandroid_runtime.so (android::NativeMessageQueue::pollOnce(JNIEnv, int)+24)
I/DEBUG ( 254): #.06 pc 000b6f53 /data/dalvik-cache/arm/system@framework@boot,oat
I/DEBUG ( 254):
I/DEBUG ( 254): Tombstone written to: /data/tombstones/tombstone_07
I/BootReceiver( 932): Copying /data/tombstones/tombstone_07 to DropBox (SYSTEM_TOMBSTONE)
I/ServiceManager( 213): service 'isub' died
I/ServiceManager( 213): service 'simphonebook' died
I/ServiceManager( 213): service 'iphonesubinfo' died
I/ServiceManager( 213): service 'isms' died
_I/ServiceManager( 213): service 'phone' died*
I/ServiceManager( 213): service 'sip' died
D/ConnectivityService( 932): unregisterNetworkFactory for Telephony
I/MmsServiceBroker( 932): MmsService unexpectedly disconnected
D/WifiService( 932): Client connection lost with reason: 4
I/Zygote ( 269): Process 26103 exited due to signal (11)
I/ActivityManager( 932): Process com.android.phone (pid 26103) has died
W/ActivityManager( 932): Scheduling restart of crashed service com.android.stk/.StkAppService in 1000ms
W/ActivityManager( 932): Scheduling restart of crashed service com.android.phone/.TelephonyDebugService in 0ms
W/ActivityManager( 932): Scheduling restart of crashed service com.android.mms.service/.MmsService in 11000ms
I/ActivityManager( 932): Start proc 26324:com.android.phone/1001 for restart com.android.phone
This is the output in adbi_example.log after launching ./hijack:
/Users/bran/Documents/adbi-master/instruments/example/jni/../epoll.c started hooking: epoll_wait = 0xb6e46f1d THUMB using 0xa47224f1Any idea about how can I solve this?
Also, what's the difference between m.android.phone and com.android.phone?
Thank you
The text was updated successfully, but these errors were encountered: