esilsolve icon indicating copy to clipboard operation
esilsolve copied to clipboard

Published 20 hours ago verified publisher icon radareorg

Unable to analyze escrackme.apk

Open as0ler opened this issue 3 years ago • 5 comments

I've tried to replicate the Android analysis of the application escrackme.apk as it's described here: https://www.nowsecure.com/blog/2021/03/10/how-to-perform-symbolic-execution-of-mobile-apps-with-r2frida-esilsolve/

However, after install the application and force the odex generation, it is not possible to find the symbols as it's shown in the example.

Screenshot 2021-04-06 at 17 37 15

I've tested it in a Google Pixel 4a physical device and I confirm the props are set correcly:

Any idea of what I'm missing?

as0ler avatar Apr 06 '21 17:04 as0ler

Hmm it looks like the -g option must not be working. What android version are you on? (I have also tested on pixel 4a)

aemmitt-ns avatar Apr 07 '21 14:04 aemmitt-ns

I'm using Android 11.

as0ler avatar Apr 07 '21 14:04 as0ler

I am facing the same problem on an POCO X3 NFC, having Lineage OS 11. Was there any solution?

GanbaruTobi avatar Feb 23 '22 11:02 GanbaruTobi

So in the video in the article Android 9 was used. I will try to do it with that one time. If anybody on a newer OS managed to get symbols let me know pls.

GanbaruTobi avatar Feb 24 '22 10:02 GanbaruTobi

By reviewing the source of Android 11 (Lineage OS 18.1), it seems that the compiler filter "everything" is not being honored, even though it can be available. This is inline with the statement found here: https://source.android.com/devices/tech/dalvik/configure#compilation_options

With setting the flag to "speed" the methods where available.

Using the -g option without --debuggable, is "best-effort only", so i guess it makes sense to use both. My setup in the end was:

setprop dalvik.vm.dex2oat-flags "--debuggable -g -inline-max-code-units=0 --compiler-filter=speed" adb shell compile pm -m speed com.nowsecure.escrackme

GanbaruTobi avatar Feb 24 '22 19:02 GanbaruTobi