Android NDK9e / Android 4.3 fixes and added Logcat output :)

[bkerler]

Hi,

I've fixed some compiling issues with Android NDK9e, made the build process easier and fixed the README. I've added logging to LOGCAT for the example instead of logging to a file.

Verified and working with Samsung Galaxy GT-I9300 with latest 4.3 firmware with SELinux Kernel and MobiCore code injection using Android NDK9e. The hook cleanup still needs to be fixed as it seems to crash the process after freeing the hook.

Kind regards and thanks for your great code,
Bjoern Kerler ([email protected])

P.S.: injectso isn't android 4.3 compatible in terms of system daemons :)

[crmulliner]

thanks! I'll take a look and integrate it.

Collin

On 01/04/2014 06:03 PM, bkerler wrote:

Hi,

I've fixed some compiling issues with Android NDK9e, made the build process easier and fixed the README. I've added logging to LOGCAT for the example instead of logging to a file.

Verified and working with Samsung Galaxy GT-I9300 with latest 4.3 firmware with SELinux Kernel and MobiCore code injection using Android NDK9e. The hook cleanup still needs to be fixed as it seems to crash the process after freeing the hook.

Kind regards and thanks for your great code,
Bjoern Kerler ([email protected])

P.S.: injectso isn't android 4.3 compatible in terms of system daemons :)
You can merge this Pull Request by running:

git pull https://github.com/bkerler/adbi master

Or you can view, comment on it, or merge it online at:

#1

-- Commit Summary --

• Android NDK9 + Logcat fixes
• Android NDK9 + Logcat fixes V2
• README Update
• Additional NDK9e fixes and cleanups.
• README fixes.

-- File Changes --

M README.md (22)
M instruments/base/hook.c (14)
M instruments/example/epoll.c (12)
M instruments/example/epoll_arm.c (1)
M instruments/example/jni/Android.mk (5)

-- Patch Links --

https://github.com/crmulliner/adbi/pull/1.patch
https://github.com/crmulliner/adbi/pull/1.diff

---

Reply to this email directly or view it on GitHub:
#1

Collin R. Mulliner [email protected] KeyID 0x5D89EEED
jabber: [email protected] skype: crmcrm
web:www.mulliner.org finger:[email protected]
Failure is not an option; it comes bundled with your Microsoft products.

[jduck]

I'm not a fan of adding the liblog dependency (using __android_log_print, etc). Perhaps it can be guarded by some compile-time configuration option instead of made a requirement.

[bkerler]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Joshua,

any other ideas what would be more suitable ?

BR,
Bjoern

On 02.02.2015 17:11, Joshua J. Drake wrote:

I'm not a fan of adding the liblog dependency (using
__android_log_print, etc)

--- Reply to this email directly or view it on GitHub:
#1 (comment)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJU0RM8AAoJEKPg+vefL0V4V5AP/ipLaV3dV5pGnOncgCVPTnTY
xo2VAIHuQ75tiZI0aauCXKrWFCnQlLId/2qpnoWuTgA12e89tDBv9Cc153MgaJae
C3kHUCRbt95aRRc42FiehcFwIpvlVgluLGIzF6OH5XY+2szGJtoaJxI3VPaJXbA0
vB4L1IIvrv/HtFMj91Vas/uLeOPY3nE6LokDrwOeB9p2XdUmEXyiCzX8fBJimkpG
YBjsbcV3AzTkiMJBmzycP11MTnC83/7c24m03UIKuUv6kG1FS+Taq2r2B+g4BU85
begSsEsDqFwwSJdcfubMvuhnN//u7/qKBPu1EdIvljwoQsQxJfuDxDtXHbdXbdob
lucyagtiIcE+qvVji+iTPMjrXj9rRsd2HWBiD3YEus5Z1y2USYSnHGrDBZUkK48o
pzQSlYwjtFIn1n1RVdllANIqtzVxpUbWZi7XGegzYQvgW68DujEqvGND5Q7umR2O
y1+9LWQj3NOlBq0drB2hpv63igjC4PJzdPpRQsz8MJ9X1tya+5Z56yDNi6LaH6VX
9UCjn5C+e81zJrz2zr9pZEOqXKzO3ul27tYpaD3BStwtg4OF+TC2mGBD9CWRDkNq
jv9dp3iufSaD2QZYHc1/fjd9XRbOU35uULs04zgXgKZxoJjMBtH/lXUA8BRKmxSI
cmpLHfndFekGagKVCVof
=N3r1
-----END PGP SIGNATURE-----

[crmulliner]

I just log to a file using fprintf()

Collin

On 02/03/2015 01:28 PM, Bjoern Kerler wrote:

Hi Joshua,

any other ideas what would be more suitable ?

BR,
Bjoern

On 02.02.2015 17:11, Joshua J. Drake wrote:

I'm not a fan of adding the liblog dependency (using
__android_log_print, etc)

--- Reply to this email directly or view it on GitHub:
#1 (comment)

---

Reply to this email directly or view it on GitHub:
#1 (comment)

Collin R. Mulliner [email protected] KeyID 0x5D89EEED
jabber: [email protected] skype: crmcrm
web:www.mulliner.org finger:[email protected]
There are two kinds of people: Those who finish what they start and...

[bkerler]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi Collin,

yeah, but for me that failed, as the systems
I needed to test use selinux and thus do not allow
write access without root and proper rights. And rooting
is no option to test secure MobiCore and Keymaster stuff,
as these detect root access. That's why I used the log functionality.

Cheers,
Bjoern

On 03.02.2015 19:29, Collin Mulliner wrote:

I just log to a file using fprintf()

Collin

On 02/03/2015 01:28 PM, Bjoern Kerler wrote:

Hi Joshua,

any other ideas what would be more suitable ?

BR, Bjoern

On 02.02.2015 17:11, Joshua J. Drake wrote:

I'm not a fan of adding the liblog dependency (using
__android_log_print, etc)

--- Reply to this email directly or view it on GitHub:
#1 (comment)

---

Reply to this email directly or view it on GitHub:
#1 (comment)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQIcBAEBAgAGBQJU0RW1AAoJEKPg+vefL0V4HdgP/1Sklot45cCkDW4CC1oOIfjZ
yjb39mXORwxGd7vsIQDfYGaGkIj7bPTU/tq0lQEPkFeL+FEdogpjh0YQTCwzeBBT
M7BIr35Y/5NH/++qAxP+P9A8KLtIGu2NcVbk4w8IRAlB5YkH8PcHQs34GBx3SIs7
N3kYUTc5lfZNJK499tPRB/tAu6zaQDutM5NY1PcE+FVoEpN0SzGrNNandLEiv1m4
Eb/PNQuRqErIlCA/JPbkjQwoWobtmdgtFDsOsSOqkoWOYmIdnej52lItqt8oXjYT
dPjrgY4zcel17Ow4peDQpQhpXVflUpDqXh4454i0342PPi9vzvMJ56rzyGUiPIwl
1Knp6zrqMzBpLzcSF+lXITvnPhOJU7u2/vcmcJic4QtHi3H/x5nYKe/tGI3BeVEg
euul84NioeEUj75EwXLcrvg09DxPhZao90L5o6DS0PVyLb5Aw8Voa5NJoPpGLG5V
OF1FSbrlFQBxDqcDixH9hDc3FvstFgM0T5jPjDuT8KFE8jKWlrGVSHOy7/9Knd09
SguEYsluw32jHuRKHfGVe3838RYLmXakBRLYI03pCwKnR9o1kAwupzaYo1MmAH9J
r62MDsHTz6GzCWLJj9pnOqi7bSIDzBchIncYniPEI8VF3ufKuZYmsNnco/7CNTa1
uPJlGPt/eg02gv1hO7jw
=hJnH
-----END PGP SIGNATURE-----

[jduck]

In your situation I would probably do logging separately in the instrument. I don't think the core logging features are required to succeed to do the hooking part. I'm surprised that you're able to hook whatever it is that's involved in MobiCore/Keymaster without rooting.

[jduck]

BTW, what's wrong with having android_log_* usage in a compile-time define? At least one other person has done this to their copy, yet no one has managed to make a PR that provides this functionality guarded by a compile-time option :-/

I use ADBI to do heap tracing and thus cannot have any dynamic memory allocation. In this case I disable SELinux (set it to permissive) and then just write to a log file in /data/local/tmp (make it world writable first). So, in my case I have logging in my instrument directly. I just use vsnprintf into a stack buffer and write that to a file descriptor using the low-level open and write system calls (see $ man 2 open).