ExternalVendorCode/AFLplusplus
1
0
Fork 0
mirror of https://github.com/AFLplusplus/AFLplusplus.git synced 2025-06-11 09:41:35 +00:00
Code Issues Packages Projects Releases Wiki Activity

Android fixes

Browse Source
This commit is contained in:
Your Name 2022-08-01 08:10:45 +01:00
parent 4b9c560b07
commit 7b6743f14c
5 changed files with 108 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

88
frida_mode/GNUmakefile
View File

@ -13,6 +13,16 @@ JS_SRC:=$(BUILD_DIR)api.c
JS_OBJ:=$(BUILD_DIR)api.o JS_OBJ:=$(BUILD_DIR)api.o
SOURCES:=$(wildcard $(SRC_DIR)**/*.c) $(wildcard $(SRC_DIR)*.c) SOURCES:=$(wildcard $(SRC_DIR)**/*.c) $(wildcard $(SRC_DIR)*.c)
OBJS:=$(foreach src,$(SOURCES),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src)))) OBJS:=$(foreach src,$(SOURCES),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src))))
TARGET_CC?=$(CC)
TARGET_CXX?=$(CXX)
HOST_CC?=$(CC)
HOST_CXX?=$(CXX)
IS_ANDROID:=$(findstring android, $(shell $(TARGET_CC) --version 2>/dev/null))
IS_x86:=$(findstring i686, $(shell $(TARGET_CC) --version 2>/dev/null))
IS_x86_64:=$(findstring x86_64, $(shell $(TARGET_CC) --version 2>/dev/null))
IS_ARM:=$(findstring arm, $(shell $(TARGET_CC) --version 2>/dev/null))
IS_ARM64:=$(findstring aarch64, $(shell $(TARGET_CC) --version 2>/dev/null))
CFLAGS+=-fPIC \ CFLAGS+=-fPIC \
-D_GNU_SOURCE \ -D_GNU_SOURCE \
-D_FORTIFY_SOURCE=2 \ -D_FORTIFY_SOURCE=2 \
@ -21,6 +31,10 @@ CFLAGS+=-fPIC \
-funroll-loops \ -funroll-loops \
-ffunction-sections \ -ffunction-sections \
ifdef IS_ANDROID
CFLAGS+=-DANDROID
endif
AFL_CFLAGS:=-Wno-unused-parameter \ AFL_CFLAGS:=-Wno-unused-parameter \
-Wno-sign-compare \ -Wno-sign-compare \
-Wno-unused-function \ -Wno-unused-function \
@ -28,9 +42,16 @@ AFL_CFLAGS:=-Wno-unused-parameter \
-Wno-int-to-pointer-cast \ -Wno-int-to-pointer-cast \
-Wno-pointer-sign -Wno-pointer-sign
ifdef IS_ANDROID
LDFLAGS+= -static-libstdc++ \
-DANDROID \
-llog \
-shared
else
LDFLAGS+=-shared \ LDFLAGS+=-shared \
-lpthread \ -lpthread \
-lresolv -lresolv
endif
ifdef DEBUG ifdef DEBUG
CFLAGS+=-Werror \ CFLAGS+=-Werror \
@ -78,11 +99,11 @@ else
ifdef DEBUG ifdef DEBUG
AFL_CFLAGS:=$(AFL_CFLAGS) -Wno-prio-ctor-dtor AFL_CFLAGS:=$(AFL_CFLAGS) -Wno-prio-ctor-dtor
endif endif
LDFLAGS+= -z noexecstack \ LDFLAGS+= -z noexecstack \
-Wl,--gc-sections \ -Wl,--gc-sections \
-Wl,--exclude-libs,ALL \ -Wl,--exclude-libs,ALL \
-ldl \ -ldl
-lrt
LDSCRIPT:=-Wl,--version-script=$(PWD)frida.map LDSCRIPT:=-Wl,--version-script=$(PWD)frida.map
endif endif
@ -93,22 +114,24 @@ ifeq "$(shell uname)" "Linux"
endif endif
endif endif
ifneq "$(findstring android, $(shell $(CC) --version 2>/dev/null))" ""
ifdef IS_ANDROID
OS:=android OS:=android
ifneq "$(findstring aarch64, $(shell $(CC) --version 2>/dev/null))" "" ifdef IS_x86
ARCH:=arm64 ARCH:=x86
endif endif
ifneq "$(findstring arm, $(shell $(CC) --version 2>/dev/null))" "" ifdef IS_x86
ARCH:=x86_64
endif
ifdef IS_ARM
ARCH:=arm ARCH:=arm
endif endif
ifneq "$(findstring x86_64, $(shell $(CC) --version 2>/dev/null))" "" ifdef IS_ARM64
ARCH:=x86_64 ARCH:=arm64
endif
ifneq "$(findstring i686, $(shell $(CC) --version 2>/dev/null))" ""
ARCH:=x86
endif endif
endif endif
ifeq "$(ARCH)" "armhf" ifeq "$(ARCH)" "armhf"
TARGET_CC:=arm-linux-gnueabihf-gcc TARGET_CC:=arm-linux-gnueabihf-gcc
TARGET_CXX:=arm-linux-gnueabihf-g++ TARGET_CXX:=arm-linux-gnueabihf-g++
@ -224,10 +247,22 @@ else ifeq "$(ARCH)" "arm64"
CFLAGS+=-I $(FRIDA_DIR)build/frida_thin-$(OS)-$(ARCH)/include/frida-1.0 \ CFLAGS+=-I $(FRIDA_DIR)build/frida_thin-$(OS)-$(ARCH)/include/frida-1.0 \
-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/glib-2.0/ \ -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/glib-2.0/ \
-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \
-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/capstone/ \ -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/capstone/ \
-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \ -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \
ifeq "$(OS)" "android"
CFLAGS += -static-libstdc++
endif
else
CFLAGS+=-I $(FRIDA_DIR)build/frida_thin-$(OS)-$(ARCH)/include/frida-1.0 \
-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/glib-2.0/ \
-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \
-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/capstone/ \
-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \
endif
TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \ TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \
$(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libsoup-2.4.a \ $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libsoup-2.4.a \
$(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libsqlite3.a \ $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libsqlite3.a \
@ -245,13 +280,15 @@ TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \
$(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/liblzma.a \ $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/liblzma.a \
$(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libz.a \ $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libz.a \
else
CFLAGS+=-I $(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/include/frida-1.0 \ CFLAGS+=-I $(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/include/frida-1.0 \
-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \ -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \
-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \ -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \
-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/capstone/ \ -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/capstone/ \
-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \ -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/
ifeq "$(OS)" "android"
CFLAGS += -static-libstdc++
endif
TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \ TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \
$(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsoup-2.4.a \ $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsoup-2.4.a \
@ -270,11 +307,6 @@ TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \
$(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/liblzma.a \ $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/liblzma.a \
$(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libz.a \ $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libz.a \
endif
else else
$(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR) $(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR)
@ -376,6 +408,7 @@ $(AFLPP_QEMU_DRIVER_HOOK_OBJ): $(AFLPP_QEMU_DRIVER_HOOK_SRC) | $(BUILD_DIR)
hook: $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_QEMU_DRIVER_HOOK_OBJ) hook: $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_QEMU_DRIVER_HOOK_OBJ)
############################# ADDR ############################################# ############################# ADDR #############################################
ifneq "$(OS)" "android"
$(ADDR_BIN): $(ADDR_SRC) | $(BUILD_DIR) $(ADDR_BIN): $(ADDR_SRC) | $(BUILD_DIR)
-$(TARGET_CC) \ -$(TARGET_CC) \
$(CFLAGS) \ $(CFLAGS) \
@ -389,7 +422,20 @@ $(ADDR_BIN): $(ADDR_SRC) | $(BUILD_DIR)
-ldl \ -ldl \
-lrt \ -lrt \
$< -o $@ $< -o $@
else
$(ADDR_BIN): $(ADDR_SRC) | $(BUILD_DIR)
-$(TARGET_CC) \
$(CFLAGS) \
-Werror \
-Wall \
-Wextra \
-Wpointer-arith \
-z noexecstack \
-Wl,--gc-sections \
-Wl,--exclude-libs,ALL \
-ldl \
$< -o $@
endif
addr: $(ADDR_BIN) addr: $(ADDR_BIN)
############################# CLEAN ############################################ ############################# CLEAN ############################################

2
frida_mode/include/seccomp.h
View File

@ -1,7 +1,7 @@
#ifndef _SECCOMP_H #ifndef _SECCOMP_H
#define _SECCOMP_H #define _SECCOMP_H
#ifndef __APPLE__ #if !defined(__APPLE__) && !defined(__ANDROID__)
#include <stdint.h> #include <stdint.h>
#include <linux/filter.h> #include <linux/filter.h>

31
frida_mode/src/main.c
View File

@ -36,6 +36,17 @@
#ifdef __APPLE__ #ifdef __APPLE__
extern mach_port_t mach_task_self(); extern mach_port_t mach_task_self();
extern GumAddress gum_darwin_find_entrypoint(mach_port_t task); extern GumAddress gum_darwin_find_entrypoint(mach_port_t task);
#elif defined(__ANDROID__)
typedef struct {
void (**preinit_array)(void);
void (**init_array)(void);
void (**fini_array)(void);
} structors_array_t;
extern void __libc_init(void* raw_args,
void (*onexit)(void) __unused,
int (*slingshot)(int, char **, char **),
structors_array_t const * const structors);
#else #else
extern int __libc_start_main(int (*main)(int, char **, char **), int argc, extern int __libc_start_main(int (*main)(int, char **, char **), int argc,
char **ubp_av, void (*init)(void), char **ubp_av, void (*init)(void),
@ -69,7 +80,11 @@ static void on_main_os(int argc, char **argv, char **envp) {
GumInterceptor *interceptor = gum_interceptor_obtain(); GumInterceptor *interceptor = gum_interceptor_obtain();
gum_interceptor_begin_transaction(interceptor); gum_interceptor_begin_transaction(interceptor);
#if defined(__ANDROID__)
gum_interceptor_revert(interceptor, __libc_init);
#else
gum_interceptor_revert(interceptor, __libc_start_main); gum_interceptor_revert(interceptor, __libc_start_main);
#endif
gum_interceptor_end_transaction(interceptor); gum_interceptor_end_transaction(interceptor);
gum_interceptor_flush(interceptor); gum_interceptor_flush(interceptor);
@ -275,6 +290,22 @@ static void intercept_main(void) {
main_fn = main; main_fn = main;
intercept_hook(main, on_main, NULL); intercept_hook(main, on_main, NULL);
}
#elif defined(__ANDROID__)
static void on_libc_init(void* raw_args,
void (*onexit)(void) __unused,
int (*slingshot)(int, char**, char**),
structors_array_t const * const structors){
main_fn = slingshot;
intercept_unhook_self();
intercept_hook(slingshot, on_main, NULL);
return __libc_init(raw_args, onexit, slingshot, structors);
}
static void intercept_main(void) {
intercept_hook(__libc_init, on_libc_init, NULL);
} }
#else #else

4
frida_mode/src/prefetch.c
View File

@ -298,12 +298,16 @@ void prefetch_init(void) {
/* /*
* Configure the shared memory region to be removed once the process dies. * Configure the shared memory region to be removed once the process dies.
* This doesn't work on Android, so we skip it. Would could end up leaking
* shared memory regions though.
*/ */
#ifndef __ANDROID__
if (shmctl(prefetch_shm_id, IPC_RMID, NULL) < 0) { if (shmctl(prefetch_shm_id, IPC_RMID, NULL) < 0) {
FFATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno); FFATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno);
} }
#endif
/* Clear it, not sure it's necessary, just seems like good practice */ /* Clear it, not sure it's necessary, just seems like good practice */
memset(prefetch_data, '\0', sizeof(prefetch_data_t)); memset(prefetch_data, '\0', sizeof(prefetch_data_t));

6
frida_mode/src/seccomp/seccomp.c
View File

@ -11,7 +11,9 @@ void seccomp_on_fork(void) {
#ifdef __APPLE__ #ifdef __APPLE__
FFATAL("Seccomp not supported on OSX"); FFATAL("Seccomp not supported on OSX");
#else #elif defined(__ANDROID__)
FFATAL("Seccomp not supported on Android");
#else
seccomp_callback_parent(); seccomp_callback_parent();
#endif #endif
@ -32,6 +34,8 @@ void seccomp_init(void) {
#ifdef __APPLE__ #ifdef __APPLE__
FFATAL("Seccomp not supported on OSX"); FFATAL("Seccomp not supported on OSX");
#elif defined(__ANDROID__)
FFATAL("Seccomp not supported on Android");
#else #else
seccomp_callback_initialize(); seccomp_callback_initialize();
#endif #endif