unidbg
unidbg copied to clipboard
Published
20 hours ago •
zhkl0228
zhkl0228
msg=unicorn.UnicornException: Invalid memory read (UC_ERR_READ_UNMAPPED)
调用某个 so 的时候,发生以下异常。代码 main 函数位于附件中的 TujiaNUtils.java,求大佬解答,感谢!🙏
unidbg.zip
/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/bin/java -javaagent:/Applications/IntelliJ IDEA CE.app/Contents/lib/idea_rt.jar=51666:/Applications/IntelliJ IDEA CE.app/Contents/bin -Dfile.encoding=UTF-8 -classpath /Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/charsets.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/deploy.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/cldrdata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/dnsns.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/jaccess.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/jfxrt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/localedata.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/nashorn.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/sunec.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/sunjce_provider.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/sunpkcs11.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/ext/zipfs.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/javaws.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/jce.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/jfr.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/jfxswt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/jsse.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/management-agent.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/plugin.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/resources.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/jre/lib/rt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/lib/ant-javafx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/lib/dt.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/lib/javafx-mx.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/lib/jconsole.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/lib/packager.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/lib/sa-jdi.jar:/Library/Java/JavaVirtualMachines/jdk1.8.0_201.jdk/Contents/Home/lib/tools.jar:/Users/tiga_liang/workspace/airbnb/unidbg/unidbg-android/target/test-classes:/Users/tiga_liang/workspace/airbnb/unidbg/unidbg-android/target/classes:/Users/tiga_liang/workspace/airbnb/unidbg/unidbg-api/target/classes:/Users/tiga_liang/.m2/repository/com/github/zhkl0228/unicorn/1.0.12/unicorn-1.0.12.jar:/Users/tiga_liang/.m2/repository/org/scijava/native-lib-loader/2.3.5/native-lib-loader-2.3.5.jar:/Users/tiga_liang/.m2/repository/com/github/zhkl0228/capstone/3.0.11/capstone-3.0.11.jar:/Users/tiga_liang/.m2/repository/com/github/zhkl0228/keystone/0.9.5/keystone-0.9.5.jar:/Users/tiga_liang/.m2/repository/com/github/zhkl0228/jna_silicon/4.5.2-1/jna_silicon-4.5.2-1.jar:/Users/tiga_liang/.m2/repository/net/java/dev/jna/jna/4.5.2/jna-4.5.2.jar:/Users/tiga_liang/.m2/repository/commons-codec/commons-codec/1.10/commons-codec-1.10.jar:/Users/tiga_liang/.m2/repository/commons-io/commons-io/2.4/commons-io-2.4.jar:/Users/tiga_liang/.m2/repository/commons-logging/commons-logging/1.1.3/commons-logging-1.1.3.jar:/Users/tiga_liang/.m2/repository/com/alibaba/fastjson/1.2.60/fastjson-1.2.60.jar:/Users/tiga_liang/.m2/repository/com/github/zhkl0228/demumble/1.0.2/demumble-1.0.2.jar:/Users/tiga_liang/workspace/airbnb/unidbg/backend/dynarmic/target/classes:/Users/tiga_liang/workspace/airbnb/unidbg/backend/hypervisor/target/classes:/Users/tiga_liang/workspace/airbnb/unidbg/backend/kvm/target/classes:/Users/tiga_liang/.m2/repository/net/dongliu/apk-parser/2.6.4/apk-parser-2.6.4.jar:/Users/tiga_liang/.m2/repository/log4j/log4j/1.2.17/log4j-1.2.17.jar:/Users/tiga_liang/.m2/repository/junit/junit/4.13.1/junit-4.13.1.jar:/Users/tiga_liang/.m2/repository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar:/Users/tiga_liang/.m2/repository/org/slf4j/slf4j-api/1.7.26/slf4j-api-1.7.26.jar:/Users/tiga_liang/.m2/repository/org/slf4j/slf4j-log4j12/1.7.26/slf4j-log4j12-1.7.26.jar:/Users/tiga_liang/.m2/repository/com/google/protobuf/protobuf-java/3.10.0/protobuf-java-3.10.0.jar com.airspy.tujia.TujiaNUtils
JNIEnv->FindClass(com/qunar/rc/d/j) was called from RX@0x402e301d[libqlisp_v++.so]0xe601d
JNIEnv->RegisterNatives(com/qunar/rc/d/j, unidbg@0xbffff588, 5) was called from RX@0x402e2be1[libqlisp_v++.so]0xe5be1
RegisterNative(com/qunar/rc/d/j, sepa(Ljava/lang/String;)Ljava/lang/String;, RX@0x403373b5[libqlisp_v++.so]0x13a3b5)
RegisterNative(com/qunar/rc/d/j, cd(Ljava/lang/String;I)Ljava/lang/String;, RX@0x40338949[libqlisp_v++.so]0x13b949)
RegisterNative(com/qunar/rc/d/j, sfp(Ljava/lang/String;)V, RX@0x40338ea5[libqlisp_v++.so]0x13bea5)
RegisterNative(com/qunar/rc/d/j, ep()Ljava/lang/String;, RX@0x40339e71[libqlisp_v++.so]0x13ce71)
RegisterNative(com/qunar/rc/d/j, jcd(I)Ljava/lang/String;, RX@0x4033b8e5[libqlisp_v++.so]0x13e8e5)
JNIEnv->FindClass(com/qunar/rc/d/f) was called from RX@0x4025b019[libqlisp_v++.so]0x5e019
JNIEnv->FindClass(com/qunar/rc/d/e) was called from RX@0x4025b0c5[libqlisp_v++.so]0x5e0c5
JNIEnv->FindClass(com/qunar/rc/d/d) was called from RX@0x4025b66b[libqlisp_v++.so]0x5e66b
Find native function Java_com_qunar_rc_d_j_cd(Ljava/lang/String;I)Ljava/lang/String; => RX@0x40338949[libqlisp_v++.so]0x13b949
JNIEnv->FindClass(com/qunar/rc/d/f) was called from RX@0x4025b019[libqlisp_v++.so]0x5e019
JNIEnv->FindClass(com/qunar/rc/d/e) was called from RX@0x4025b0c5[libqlisp_v++.so]0x5e0c5
JNIEnv->FindClass(com/qunar/rc/d/d) was called from RX@0x4025b66b[libqlisp_v++.so]0x5e66b
JNIEnv->GetStringUtfChars("27fe192ea37047c82d9561defe9ed575") was called from RX@0x40338a11[libqlisp_v++.so]0x13ba11
[22:57:59 613] INFO [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:1933) - open pathname=/data/misc/zoneinfo/tzdata, oflags=0x20000, mode=0, from=RX@0x40187aa1[libc.so]0x2daa1
JNIEnv->FindClass(com/qunar/rc/d/d) was called from RX@0x402a5d99[libqlisp_v++.so]0xa8d99
JNIEnv->GetStaticMethodID(com/qunar/rc/d/d.u()Ljava/lang/String;) was called from RX@0x402a5e8b[libqlisp_v++.so]0xa8e8b
JNIEnv->CallStaticObjectMethod(class com/qunar/rc/d/d, u()Ljava/lang/String;) was called from RX@0x402a6963[libqlisp_v++.so]0xa9963
JNIEnv->GetStringUtfChars("tj_7b6e0fffffff60ffffffe2430ffffffc50fffffff51f52745e2345110fffffff126") was called from RX@0x402a65a9[libqlisp_v++.so]0xa95a9
JNIEnv->ReleaseStringUTFChars("tj_7b6e0fffffff60ffffffe2430ffffffc50fffffff51f52745e2345110fffffff126") was called from RX@0x402a65c7[libqlisp_v++.so]0xa95c7
JNIEnv->FindClass(com/qunar/rc/d/d) was called from RX@0x402a5d99[libqlisp_v++.so]0xa8d99
JNIEnv->GetStaticMethodID(com/qunar/rc/d/d.u()Ljava/lang/String;) was called from RX@0x402a5e8b[libqlisp_v++.so]0xa8e8b
JNIEnv->CallStaticObjectMethod(class com/qunar/rc/d/d, u()Ljava/lang/String;) was called from RX@0x402a6963[libqlisp_v++.so]0xa9963
JNIEnv->GetStringUtfChars("tj_555e0ffffffa4700ffffffe74f0ffffffce0c220ffffffa00ffffffd10ffffffb3046b0e46") was called from RX@0x402a65a9[libqlisp_v++.so]0xa95a9
JNIEnv->ReleaseStringUTFChars("tj_555e0ffffffa4700ffffffe74f0ffffffce0c220ffffffa00ffffffd10ffffffb3046b0e46") was called from RX@0x402a65c7[libqlisp_v++.so]0xa95c7
JNIEnv->FindClass(com/qunar/rc/d/d) was called from RX@0x4029adaf[libqlisp_v++.so]0x9ddaf
JNIEnv->GetStaticMethodID(com/qunar/rc/d/d.g(Ljava/lang/String;)Ljava/lang/String;) was called from RX@0x4029b35b[libqlisp_v++.so]0x9e35b
JNIEnv->NewStringUTF("_flightruid_") was called from RX@0x4029b911[libqlisp_v++.so]0x9e911
JNIEnv->CallStaticObjectMethod(class com/qunar/rc/d/d, g(Ljava/lang/String;)Ljava/lang/String;) was called from RX@0x4029b927[libqlisp_v++.so]0x9e927
JNIEnv->GetStringUtfChars("ta0pdx12oztj_027e2748ed876acb58d89c5ef8deceb5") was called from RX@0x4029b429[libqlisp_v++.so]0x9e429
JNIEnv->ReleaseStringUTFChars("ta0pdx12oztj_027e2748ed876acb58d89c5ef8deceb5") was called from RX@0x4029bd37[libqlisp_v++.so]0x9ed37
JNIEnv->FindClass(com/qunar/rc/d/d) was called from RX@0x4029f4a7[libqlisp_v++.so]0xa24a7
JNIEnv->GetStaticMethodID(com/qunar/rc/d/d.g(Ljava/lang/String;)Ljava/lang/String;) was called from RX@0x402a0427[libqlisp_v++.so]0xa3427
JNIEnv->NewStringUTF("_qfsucode_") was called from RX@0x402a00ab[libqlisp_v++.so]0xa30ab
JNIEnv->CallStaticObjectMethod(class com/qunar/rc/d/d, g(Ljava/lang/String;)Ljava/lang/String;) was called from RX@0x402a00c1[libqlisp_v++.so]0xa30c1
JNIEnv->GetStringUtfChars("AOKxZXxqiAskfU8wY8aclAd45RpAnkljy2q1w5qdzuFYtj1nxCTY3Ejn8zyh6JBo/3GthXXPL+0MdAv6BOg0szu/2Gt4Sv3Oo3eX8HzbVVNyOia8oUMlHZ4MjH3ZrkGzn/lWuc76Idklr+t+uPQAxw==") was called from RX@0x402a03f7[libqlisp_v++.so]0xa33f7
JNIEnv->ReleaseStringUTFChars("AOKxZXxqiAskfU8wY8aclAd45RpAnkljy2q1w5qdzuFYtj1nxCTY3Ejn8zyh6JBo/3GthXXPL+0MdAv6BOg0szu/2Gt4Sv3Oo3eX8HzbVVNyOia8oUMlHZ4MjH3ZrkGzn/lWuc76Idklr+t+uPQAxw==") was called from RX@0x402a03df[libqlisp_v++.so]0xa33df
JNIEnv->FindClass(com/qunar/rc/d/f) was called from RX@0x402f373d[libqlisp_v++.so]0xf673d
JNIEnv->GetStaticMethodID(com/qunar/rc/d/f.i()Ljava/lang/String;) was called from RX@0x402f3ab3[libqlisp_v++.so]0xf6ab3
JNIEnv->CallStaticObjectMethod(class com/qunar/rc/d/f, i()Ljava/lang/String;) was called from RX@0x402f381f[libqlisp_v++.so]0xf681f
JNIEnv->GetStringUtfChars("{"uid":"","deviceIds":"299aa6411bea109c","adid":"69021595af9c4bf93","imeis":"768134630004630","meids":"","imsi":"","seriaNo":"","phoneNo":"","simNo":""}") was called from RX@0x402f3ae3[libqlisp_v++.so]0xf6ae3
JNIEnv->ReleaseStringUTFChars("{"uid":"","deviceIds":"299aa6411bea109c","adid":"69021595af9c4bf93","imeis":"768134630004630","meids":"","imsi":"","seriaNo":"","phoneNo":"","simNo":""}") was called from RX@0x402f3b0b[libqlisp_v++.so]0xf6b0b
JNIEnv->FindClass(com/qunar/rc/d/d) was called from RX@0x402f373d[libqlisp_v++.so]0xf673d
JNIEnv->GetStaticMethodID(com/qunar/rc/d/d.ef()Ljava/lang/String;) was called from RX@0x402f3ab3[libqlisp_v++.so]0xf6ab3
JNIEnv->CallStaticObjectMethod(class com/qunar/rc/d/d, ef()Ljava/lang/String;) was called from RX@0x402f381f[libqlisp_v++.so]0xf681f
JNIEnv->GetStringUtfChars("") was called from RX@0x402f3ae3[libqlisp_v++.so]0xf6ae3
JNIEnv->ReleaseStringUTFChars("") was called from RX@0x402f3b0b[libqlisp_v++.so]0xf6b0b
JNIEnv->FindClass(com/qunar/rc/d/f) was called from RX@0x402f373d[libqlisp_v++.so]0xf673d
JNIEnv->GetStaticMethodID(com/qunar/rc/d/f.n()Ljava/lang/String;) was called from RX@0x402f3ab3[libqlisp_v++.so]0xf6ab3
JNIEnv->CallStaticObjectMethod(class com/qunar/rc/d/f, n()Ljava/lang/String;) was called from RX@0x402f381f[libqlisp_v++.so]0xf681f
JNIEnv->GetStringUtfChars("{"mac":"","bmac":"02:00:00:00:00:00","baseStationId":"","hasIccCard":false,"hasSimCard":true,"simOperator":""}") was called from RX@0x402f3ae3[libqlisp_v++.so]0xf6ae3
JNIEnv->ReleaseStringUTFChars("{"mac":"","bmac":"02:00:00:00:00:00","baseStationId":"","hasIccCard":false,"hasSimCard":true,"simOperator":""}") was called from RX@0x402f3b0b[libqlisp_v++.so]0xf6b0b
[22:57:59 691] WARN [com.github.unidbg.arm.AbstractARMEmulator] (AbstractARMEmulator$1:58) - memory failed: address=0xc, size=2, value=0x0, PC=RX@0x4016e544[libc.so]0x14544, LR=RX@0x402aadbd[libqlisp_v++.so]0xaddbd
[22:57:59 692] WARN [com.github.unidbg.AbstractEmulator] (AbstractEmulator:388) - emulate RX@0x40338949[libqlisp_v++.so]0x13b949 exception sp=unidbg@0xbfffed40, msg=unicorn.UnicornException: Invalid memory read (UC_ERR_READ_UNMAPPED), offset=91ms
cd result: null
package com.airspy;
import com.github.unidbg.AndroidEmulator;
import com.github.unidbg.Emulator;
import com.github.unidbg.arm.backend.Backend;
import com.github.unidbg.arm.backend.DynarmicFactory;
import com.github.unidbg.linux.ARM32SyscallHandler;
import com.github.unidbg.linux.android.AndroidEmulatorBuilder;
import com.github.unidbg.linux.android.AndroidResolver;
import com.github.unidbg.linux.android.dvm.AbstractJni;
import com.github.unidbg.linux.android.dvm.DalvikModule;
import com.github.unidbg.linux.android.dvm.VM;
import com.github.unidbg.memory.Memory;
import com.github.unidbg.memory.SvcMemory;
import unicorn.ArmConst;
import java.io.File;
import java.io.IOException;
import java.util.List;
public abstract class AirApkEmulator extends AbstractJni {
protected final AndroidEmulator emulator;
protected final VM vm;
private static class AirARMSyscallHandler extends ARM32SyscallHandler {
private boolean printSyscall = false;
private AirARMSyscallHandler(SvcMemory svcMemory, boolean printSyscall) {
super(svcMemory);
this.printSyscall = printSyscall;
}
@Override
protected int fork(Emulator<?> emulator) {
return emulator.getPid();
}
@Override
public void hook(Backend backend, int intno, int swi, Object user) {
super.hook(backend, intno, swi, user);
if (printSyscall) {
System.out.printf("[syscall] NR=%1$s\n", backend.reg_read(ArmConst.UC_ARM_REG_R7).intValue());
}
}
}
protected abstract List<String> libraries();
protected abstract String processName();
protected abstract String apkPath();
protected void beforeLibrariesLoaded(Memory memory) {
}
protected void beforeJniOnLoadCalled(String library) {
}
protected boolean callJniOnLoadOnStart(String library) {
return true;
}
protected boolean printSyscall() {
return false;
}
protected boolean verbose() {
return true;
}
public AirApkEmulator() {
emulator = AndroidEmulatorBuilder.for32Bit()
.setProcessName(processName())
.setRootDir(new File("target/rootfs"))
// .addBackendFactory(new DynarmicFactory(false))
.build();
Memory memory = emulator.getMemory();
memory.setLibraryResolver(new AndroidResolver(19));
// Load the apk so that the apk signature can be mocked.
String apkPath = apkPath();
vm = emulator.createDalvikVM(apkPath == null ? null : new File(apkPath));
vm.setJni(this);
vm.setVerbose(verbose());
beforeLibrariesLoaded(memory);
for (String lib : libraries()) {
DalvikModule dm = vm.loadLibrary(
new File(lib),
true
);
if (callJniOnLoadOnStart(lib)) {
beforeJniOnLoadCalled(lib);
dm.callJNI_OnLoad(emulator);
}
}
}
protected void close() {
try {
emulator.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}
`package com.airspy;
import com.github.unidbg.AndroidEmulator; import com.github.unidbg.Emulator; import com.github.unidbg.arm.backend.Backend; import com.github.unidbg.arm.context.EditableArm32RegisterContext; import com.github.unidbg.file.linux.AndroidFileIO; import com.github.unidbg.linux.ARM32SyscallHandler; import com.github.unidbg.linux.android.AndroidARMEmulator; import com.github.unidbg.linux.android.AndroidEmulatorBuilder; import com.github.unidbg.linux.android.AndroidResolver; import com.github.unidbg.linux.android.dvm.AbstractJni; import com.github.unidbg.linux.android.dvm.DalvikModule; import com.github.unidbg.linux.android.dvm.VM; import com.github.unidbg.linux.file.ByteArrayFileIO; import com.github.unidbg.linux.file.DumpFileIO; import com.github.unidbg.memory.Memory; import com.github.unidbg.memory.SvcMemory; import com.github.unidbg.unix.UnixSyscallHandler; import com.sun.jna.Pointer; import unicorn.ArmConst;
import java.io.File; import java.io.IOException; import java.util.List; import java.util.concurrent.ThreadLocalRandom;
public abstract class AirApkEmulator extends AbstractJni { protected final AndroidEmulator emulator; protected final VM vm;
private static class AirARMSyscallHandler extends ARM32SyscallHandler {
private boolean printSyscall = false;
private AirARMSyscallHandler(SvcMemory svcMemory, boolean printSyscall) {
super(svcMemory);
this.printSyscall = printSyscall;
}
@Override
protected int fork(Emulator<?> emulator) {
return emulator.getPid();
}
@Override
public void hook(Backend backend, int intno, int swi, Object user) {
super.hook(backend, intno, swi, user);
if (printSyscall) {
System.out.printf("[syscall] NR=%1$s\n", backend.reg_read(ArmConst.UC_ARM_REG_R7).intValue());
}
}
}
protected abstract List<String> libraries();
protected abstract String processName();
protected abstract String apkPath();
protected void beforeLibrariesLoaded(Memory memory) {
}
protected void beforeJniOnLoadCalled(String library) {
}
protected boolean callJniOnLoadOnStart(String library) {
return true;
}
protected boolean printSyscall() {
return false;
}
protected boolean verbose() {
return true;
}
public AirApkEmulator() {
AndroidEmulatorBuilder builder = new AndroidEmulatorBuilder(false) {
@Override
public AndroidEmulator build() {
return new AndroidARMEmulator(processName, rootDir, backendFactories) {
@Override
protected UnixSyscallHandler<AndroidFileIO> createSyscallHandler(SvcMemory svcMemory) {
return new ARM32SyscallHandler(svcMemory) {
@Override
protected int fork(Emulator<?> emulator) {
int childPid = emulator.getPid() + ThreadLocalRandom.current().nextInt(256);
System.out.println("fork childPid=" + childPid + ", LR=" + emulator.getContext().getLRPointer());
return childPid;
}
@Override
protected boolean handleUnknownSyscall(Emulator<?> emulator, int NR) {
if (NR == 359) {
EditableArm32RegisterContext context = emulator.getContext();
Pointer pipefd = context.getPointerArg(0);
int flags = context.getIntArg(1);
int write = getMinFd();
this.fdMap.put(write, new DumpFileIO(write));
int read = getMinFd();
// sh -c ip a
this.fdMap.put(read, new ByteArrayFileIO(0, "pipe2_read_side", ("1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default\n" +
" link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00\n" +
" inet 127.0.0.1/8 scope host lo\n" +
" valid_lft forever preferred_lft forever\n" +
" inet6 ::1/128 scope host\n" +
" valid_lft forever preferred_lft forever\n" +
"2: bond0: <BROADCAST,MULTICAST,MASTER> mtu 1500 qdisc noop state DOWN group default\n" +
" link/ether 56:a0:d7:16:46:44 brd ff:ff:ff:ff:ff:ff\n" +
"3: dummy0: <BROADCAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc noqueue state UNKNOWN group default\n" +
" link/ether 56:04:b8:d9:ea:5a brd ff:ff:ff:ff:ff:ff\n" +
" inet6 fe80::5404:b8ff:fed9:ea5a/64 scope link\n" +
" valid_lft forever preferred_lft forever\n" +
"4: sit0@NONE: <NOARP> mtu 1480 qdisc noop state DOWN group default\n" +
" link/sit 0.0.0.0 brd 0.0.0.0\n" +
"5: rmnet_ipa0: <UP,LOWER_UP> mtu 2000 qdisc pfifo_fast state UNKNOWN group default qlen 1000\n" +
" link/[530]\n" +
"6: rmnet_data0: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"7: rmnet_data1: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"8: rmnet_data2: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"9: rmnet_data3: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"10: rmnet_data4: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"11: rmnet_data5: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"12: rmnet_data6: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"13: rmnet_data7: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"14: r_rmnet_data0: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"15: r_rmnet_data1: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"16: r_rmnet_data2: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"17: r_rmnet_data3: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"18: r_rmnet_data4: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"19: r_rmnet_data5: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"20: r_rmnet_data6: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"21: r_rmnet_data7: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"22: r_rmnet_data8: <> mtu 1500 qdisc noop state DOWN group default qlen 1000\n" +
" link/[530]\n" +
"23: wlan0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc mq state UP group default qlen 3000\n" +
" link/ether 40:4e:36:25:1b:9b brd ff:ff:ff:ff:ff:ff\n" +
" inet 172.20.10.8/28 brd 172.20.10.15 scope global wlan0\n" +
" valid_lft forever preferred_lft forever\n" +
" inet6 fe80::424e:36ff:fe25:1b9b/64 scope link\n" +
" valid_lft forever preferred_lft forever\n" +
"24: p2p0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc mq state DOWN group default qlen 3000\n" +
" link/ether 42:4e:36:25:1b:9b brd ff:ff:ff:ff:ff:ff\n").getBytes()));
pipefd.setInt(0, read);
pipefd.setInt(4, write);
System.out.println("pipe2 pipefd=" + pipefd + ", flags=0x" + flags + ", read=" + read + ", write=" + write + ", LR=" + context.getLRPointer());
context.setR0(0);
return true;
}
return super.handleUnknownSyscall(emulator, NR);
}
};
}
};
}
};
emulator = builder.setProcessName(processName())
.setRootDir(new File("target/rootfs"))
.build();
Memory memory = emulator.getMemory();
memory.setLibraryResolver(new AndroidResolver(23));
// Load the apk so that the apk signature can be mocked.
String apkPath = apkPath();
vm = emulator.createDalvikVM(apkPath == null ? null : new File(apkPath));
vm.setJni(this);
vm.setVerbose(verbose());
beforeLibrariesLoaded(memory);
for (String lib : libraries()) {
DalvikModule dm = vm.loadLibrary(
new File(lib),
true
);
if (callJniOnLoadOnStart(lib)) {
beforeJniOnLoadCalled(lib);
dm.callJNI_OnLoad(emulator);
}
}
}
protected void close() {
try {
emulator.close();
} catch (IOException e) {
e.printStackTrace();
}
}
}`
@zhkl0228 万分谢谢!更新了 AirApkEmulator 并作了一些其他修改,之前的 case 终于跑通了。但是目前又遇到了新的问题。这是 error stack:
pipe2 pipefd=unidbg@0xbfffeaa0, flags=0x0, read=5, write=4, LR=RX@0x403ea54b[libqlisp_v++.so]0x6a54b
fork childPid=92881, LR=RX@0x4020b2b5[libc.so]0x192b5
pipe2 pipefd=unidbg@0xbfffeb58, flags=0x0, read=6, write=4, LR=RX@0x403ea54b[libqlisp_v++.so]0x6a54b
fork childPid=92707, LR=RX@0x4020b2b5[libc.so]0x192b5
pipe2 pipefd=unidbg@0xbfffeba0, flags=0x0, read=7, write=4, LR=RX@0x403ea54b[libqlisp_v++.so]0x6a54b
fork childPid=92892, LR=RX@0x4020b2b5[libc.so]0x192b5
pipe2 pipefd=unidbg@0xbfffeb30, flags=0x0, read=8, write=4, LR=RX@0x402215b9[libc.so]0x2f5b9
[14:36:22 779] WARN [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:449) - handleInterrupt intno=2, NR=190, svcNumber=0x0, PC=RX@0x40233b5c[libc.so]0x41b5c, syscall=null
[14:36:22 782] INFO [com.github.unidbg.linux.ARM32SyscallHandler] (ARM32SyscallHandler:970) - execve filename=/system/bin/sh, args=[sh, -c, cat /proc/driver/rtc ], env=[ANDROID_DATA=/data, ANDROID_ROOT=/system]
exit with code: 127
另外,上次上传的代码也做了一些更新:
-
更新了
com.github.unidbg.linux.ARM32SyscallHandler的clock_gettime,如下图:
-
TujiaNUtils增加了一些 Java 代码反射的调用,代码如下:
package com.airspy.tujia;
import com.github.unidbg.linux.android.dvm.*;
import com.github.unidbg.linux.android.dvm.api.ApplicationInfo;
import org.apache.commons.codec.digest.DigestUtils;
import java.io.FileWriter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Locale;
public class TujiaNUtils extends TujiaEmulator {
private final DvmClass jDvmClass;
@Override
protected List<String> libraries() {
List<String> libraries = new ArrayList<>();
libraries.add("unidbg-android/src/test/resources/tjres/liblottie.so");
libraries.add("unidbg-android/src/test/resources/tjres/libqlisp_v++.so");
return libraries;
}
@Override
protected boolean callJniOnLoadOnStart(String library) {
return "unidbg-android/src/test/resources/tjres/libqlisp_v++.so".equals(library);
}
private TujiaNUtils() {
jDvmClass = vm.findClass("com/qunar/rc/d/j");
}
@Override
public DvmObject<?> callStaticObjectMethod(BaseVM vm, DvmClass dvmClass, String signature, VarArg varArg) {
switch (signature) {
case "com/qunar/rc/d/d->g(Ljava/lang/String;)Ljava/lang/String;": {
if (varArg.getObject(0).toString().equals("\"_flightruid_\"")) {
// return new StringObject(vm, "ta0pdx12oztj_365957efbb89cc975824238df3fe7d69");
return new StringObject(vm, "ta0pdx12oztj_" + DigestUtils.md5Hex("" + System.currentTimeMillis()).toLowerCase(Locale.ROOT));
} else if (varArg.getObject(0).toString().equals("\"_qfsucode_\"")) {
return new StringObject(vm, "AOKxZXxqiAskfU8wY8aclAd45RpAnkljy2q1w5qdzuFYtj1nxCTY3Ejn8zyh6JBo/3GthXXPL+0MdAv6BOg0szu/2Gt4Sv3Oo3eX8HzbVVNyOia8oUMlHZ4MjH3ZrkGzn/lWuc76Idklr+t+uPQAxw==");
} else {
throw new UnsupportedOperationException(
String.format("parameter %1$s is not supported.", varArg.getObject(0).toString())
);
}
}
case "android/app/ActivityThread->currentActivityThread()Landroid/app/ActivityThread;":
return dvmClass.newObject(null);
case "com/qunar/rc/d/d->u()Ljava/lang/String;":
return new StringObject(vm, "tj_" + TujiaUtils.uuidMd5());
case "com/qunar/rc/d/f->i()Ljava/lang/String;":
return new StringObject(vm, "{\"uid\":\"\",\"deviceIds\":\"299aa6411bea109c\",\"adid\":\"69021595af9c4bf93\",\"imeis\":\"768134630004630\",\"meids\":\"\",\"imsi\":\"\",\"seriaNo\":\"\",\"phoneNo\":\"\",\"simNo\":\"\"}");
case "com/qunar/rc/d/d->ef()Ljava/lang/String;":
case "com/qunar/rc/d/d->a()Ljava/lang/String;":
case "com/qunar/rc/d/d->ev()Ljava/lang/String;":
return new StringObject(vm, "");
case "com/qunar/rc/d/f->n()Ljava/lang/String;":
return new StringObject(vm, "{\"mac\":\"\",\"bmac\":\"02:00:00:00:00:00\",\"baseStationId\":\"\",\"hasIccCard\":false,\"hasSimCard\":true,\"simOperator\":\"\"}");
case "com/qunar/rc/d/f->s()Ljava/lang/String;":
return new StringObject(vm, "{\"appInfo\":{\"versionCode\":224,\"appCode\":\"com.tujia.hotel\",\"versionName\":\"8.32.2\",\"firstInstallTime\":1619800504782,\"lastUpdateTime\":1619800504782,\"appSign\":\"d2d084e2259c551aebd2eb06312791b7\",\"apkSize\":60045342},\"userPrivileges\":{\"readPhoneState\":0,\"writeExternalStorage\":-1,\"accessFineLocation\":0},\"ads\":\"\"}");
case "com/qunar/rc/d/f->h()Ljava/lang/String;":
return new StringObject(vm, "{\"model\":\"Pixel 4a\",\"osVersion\":\"11\"}");
case "com/qunar/rc/d/d->k()Ljava/lang/String;":
return new StringObject(vm, "aa9b6fda8a2543bd82cdf65909193b1d");
case "com/qunar/rc/d/e->n()Ljava/lang/String;":
return new StringObject(vm, "{\"apn\":\"\",\"ip\":\"192.168.0.183\",\"linkedWifi\":\"{\\\"ssid\\\":\\\"xianhu1820\\\",\\\"bssid\\\":\\\"04:95:e6:bd:e0:61\\\",\\\"ip\\\":\\\"192.168.0.183\\\",\\\"mask\\\":\\\"0.0.0.0\\\",\\\"gateway\\\":\\\"192.168.0.1\\\",\\\"dns\\\":\\\"192.168.0.1\\\"}\",\"wifiList\":\"[{\\\"ssid\\\":\\\"xianhu1820\\\",\\\"bssid\\\":\\\"04:95:e6:bd:e0:61\\\",\\\"level\\\":1000,\\\"capabilities\\\":\\\"[WPA-PSK-TKIP+CCMP][WPA2-PSK-TKIP+CCMP][RSN-PSK-TKIP+CCMP][ESS][WPS]\\\",\\\"frequency\\\":2432,\\\"describeContents\\\":0},{\\\"ssid\\\":\\\"ChinaNet-dUbN\\\",\\\"bssid\\\":\\\"1c:55:7c:0b:b9:b6\\\",\\\"level\\\":1000,\\\"capabilities\\\":\\\"[WPA-PSK-TKIP][WPA2-PSK-CCMP][RSN-PSK-CCMP][ESS][WPS]\\\",\\\"frequency\\\":2447,\\\"describeContents\\\":0},{\\\"ssid\\\":\\\"lhwyqjh\\\",\\\"bssid\\\":\\\"8c:f1:18:14:6c:e4\\\",\\\"level\\\":1000,\\\"capabilities\\\":\\\"[WPA-PSK-CCMP][WPA2-PSK-CCMP][RSN-PSK-CCMP][ESS]\\\",\\\"frequency\\\":2412,\\\"describeContents\\\":0},{\\\"ssid\\\":\\\"xianhu1820-5G\\\",\\\"bssid\\\":\\\"04:95:e6:bd:e0:65\\\",\\\"level\\\":933,\\\"capabilities\\\":\\\"[WPA-PSK-TKIP+CCMP][WPA2-PSK-TKIP+CCMP][RSN-PSK-TKIP+CCMP][ESS][WPS]\\\",\\\"frequency\\\":5765,\\\"describeContents\\\":0},{\\\"ssid\\\":\\\"CMCC-bX42\\\",\\\"bssid\\\":\\\"b8:41:11:f0:3f:f8\\\",\\\"level\\\":644,\\\"capabilities\\\":\\\"[WPA-PSK-TKIP+CCMP][WPA2-PSK-TKIP+CCMP][RSN-PSK-TKIP+CCMP][ESS][WPS]\\\",\\\"frequency\\\":2437,\\\"describeContents\\\":0},{\\\"ssid\\\":\\\"110\\\",\\\"bssid\\\":\\\"98:bb:99:16:14:ee\\\",\\\"level\\\":622,\\\"capabilities\\\":\\\"[WPA-PSK-TKIP+CCMP][WPA2-PSK-TKIP+CCMP][RSN-PSK-TKIP+CCMP][ESS]\\\",\\\"frequency\\\":5180,\\\"describeContents\\\":0},{\\\"ssid\\\":\\\"Topway_110C70\\\",\\\"bssid\\\":\\\"c8:8f:16:11:0c:70\\\",\\\"level\\\":622,\\\"capabilities\\\":\\\"[WPA2-PSK-CCMP][RSN-PSK-CCMP][ESS][WPS]\\\",\\\"frequency\\\":2412,\\\"describeContents\\\":0},{\\\"ssid\\\":\\\"CMCC-9AWE\\\",\\\"bssid\\\":\\\"00:66:19:11:68:98\\\",\\\"level\\\":533,\\\"capabilities\\\":\\\"[WPA2-PSK-CCMP+TKIP][RSN-PSK-CCMP+TKIP][WPA-PSK-CCMP+TKIP][ESS][WPS]\\\",\\\"frequency\\\":5745,\\\"describeContents\\\":0},{\\\"ssid\\\":\\\"CMCC-hw\\\",\\\"bssid\\\":\\\"ec:6c:b5:91:8e:90\\\",\\\"level\\\":511,\\\"capabilities\\\":\\\"[WPA-PSK-TKIP+CCMP][WPA2-PSK-TKIP+CCMP][RSN-PSK-TKIP+CCMP][ESS]\\\",\\\"frequency\\\":2427,\\\"describeContents\\\":0},{\\\"ssid\\\":\\\"ESON\\\",\\\"bssid\\\":\\\"e8:65:d4:18:bb:18\\\",\\\"level\\\":466,\\\"capabilities\\\":\\\"[WPA-PSK-CCMP][WPA2-PSK-CCMP][RSN-PSK-CCMP][ESS]\\\",\\\"frequency\\\":2437,\\\"describeContents\\\":0}]\",\"netTypeName\":\"WIFI\",\"gsm\":{},\"wifiProxy\":\"\"}");
case "com/qunar/rc/d/e->s()Ljava/lang/String;":
return new StringObject(vm, "{\"media\":{\"imageCount\":0,\"imageList\":{\"total\":0,\"ls\":[]},\"videoList\":{}},\"screen\":{\"mode\":1,\"brightness\":5,\"whd\":\"1080x2160x440\"},\"adbEnable\":true,\"usb\":true,\"battery\":{\"batC\":3080,\"batteryCapacity\":61,\"batteryStatus\":2,\"batBundle\":{\"technology\":\"Unknown\",\"icon-small\":17303562,\"max_charging_voltage\":5000000,\"health\":2,\"max_charging_current\":500000,\"status\":2,\"plugged\":2,\"present\":true,\"seq\":5497,\"charge_counter\":1991650,\"level\":61,\"scale\":100,\"temperature\":315,\"voltage\":4011,\"invalid_charger\":0,\"battery_low\":false}},\"memInfo\":{\"sdSize\":\"4096*28728827\",\"sysSize\":\"4096*197324\",\"dataSize\":\"4096*28728827\",\"avaSize\":\"2284941312*5865353216\"},\"bootTime\":\"1619720514602\",\"appDir\":{\"nativeLibraryDir\":\"\\/data\\/app\\/~~IbiA-emgFm-0GEh3Z_D1bg==\\/com.tujia.hotel-Cwmf8wtW-52V722VtapRkg==\\/lib\\/arm\",\"sdCardDir\":\"\\/storage\\/emulated\\/0\",\"filesDir\":\"\\/data\\/user\\/0\\/com.tujia.hotel\\/files\",\"cacheDir\":\"\\/data\\/user\\/0\\/com.tujia.hotel\\/cache\"},\"stackInfo\":\"at[android.os.Looper.loop(Looper.java:183)]at[android.app.ActivityThread.main(ActivityThread.java:7660)]at[java.lang.reflect.Method.invoke(Native Method)]at[com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:592)]at[com.android.internal.os.ZygoteInit.main(ZygoteInit.java:947)]\",\"appList2\":[{\"packageName\":\"com.google.android.apps.docs.editors.docs\",\"lastUpdateTime\":1618911150688,\"firstInstallTime\":1618143502874,\"sourceDir\":\"\\/data\\/app\\/~~fbfnJmcNYeNcTCqAIu9vPQ==\\/com.google.android.apps.docs.editors.docs-FaW2Fpw3T45oxZxrtHmNvA==\\/base.apk\",\"versionName\":\"1.21.142.01.40\",\"flags\":953925188},{\"packageName\":\"com.v2ray.ang\",\"lastUpdateTime\":1618142242839,\"firstInstallTime\":1618142242839,\"sourceDir\":\"\\/data\\/app\\/~~PTcOCRjvzHZ-q_Btl_Xk-A==\\/com.v2ray.ang-eOZIJVzFPE87r7jHeSuA_Q==\\/base.apk\",\"versionName\":\"1.6.3\",\"flags\":952680004},{\"packageName\":\"com.hupu.games\",\"lastUpdateTime\":1619547438500,\"firstInstallTime\":1618300279578,\"sourceDir\":\"\\/data\\/app\\/~~mkLKULjO-OfuLiu3l1HKtw==\\/com.hupu.games-xKW9EXqCFgfYTdTzXTUIXg==\\/base.apk\",\"versionName\":\"7.5.36.04193\",\"flags\":953728580},{\"packageName\":\"com.silverlab.app.deviceidchanger.free\",\"lastUpdateTime\":1619677334867,\"firstInstallTime\":1619677334867,\"sourceDir\":\"\\/data\\/app\\/~~U-63C0LX1lBt1mlxnHEFfQ==\\/com.silverlab.app.deviceidchanger.free-Q6JxyRdDaT5xuy7BwFuG0g==\\/base.apk\",\"versionName\":\"2.2.2-free\",\"flags\":818462276},{\"packageName\":\"com.airbnb.android.planetarium.lite\",\"lastUpdateTime\":1618829925639,\"firstInstallTime\":1618391789228,\"sourceDir\":\"\\/data\\/app\\/~~7C5xG2c8lEy6jVK_gqbyUw==\\/com.airbnb.android.planetarium.lite-xptMQLR8IjYkTDPM9Tooig==\\/base.apk\",\"versionName\":\"1.0\",\"flags\":550027078},{\"packageName\":\"com.tujia.hotel\",\"lastUpdateTime\":1619800504782,\"firstInstallTime\":1619800504782,\"sourceDir\":\"\\/data\\/app\\/~~IbiA-emgFm-0GEh3Z_D1bg==\\/com.tujia.hotel-Cwmf8wtW-52V722VtapRkg==\\/base.apk\",\"versionName\":\"8.32.2\",\"flags\":819477572},{\"packageName\":\"com.topjohnwu.magisk\",\"lastUpdateTime\":1619675933134,\"firstInstallTime\":1618129057760,\"sourceDir\":\"\\/data\\/app\\/~~I7DtBieFch5cpXrYcO6TJA==\\/com.topjohnwu.magisk-AVTLtkbTh7V1RcOmtjtgsw==\\/base.apk\",\"versionName\":\"22.1\",\"flags\":-1194836412},{\"packageName\":\"com.airbnb.android.development\",\"lastUpdateTime\":1619938743907,\"firstInstallTime\":1619938716232,\"sourceDir\":\"\\/data\\/app\\/~~XRYmhhXbD7sfN2ydDtz5sg==\\/com.airbnb.android.development-SXg-h4V4PNtvpqMcPUpxww==\\/base.apk\",\"versionName\":\"21.18.myFlavor.debug\",\"flags\":551059270},{\"packageName\":\"com.google.android.apps.magazines\",\"lastUpdateTime\":1619422661566,\"firstInstallTime\":1618143675103,\"sourceDir\":\"\\/data\\/app\\/~~E1Byzn6l68o8cu6ic9peTQ==\\/com.google.android.apps.magazines-QiGJEFzU1-fu7GkabkMI2Q==\\/base.apk\",\"versionName\":\"5.30.0.21040204\",\"flags\":952745028}]}");
case "com/qunar/rc/d/e->h()Ljava/lang/String;":
return new StringObject(vm, "{\"cpu\":\"Processor\\t: AArch64 Processor rev 14 (aarch64)\\nprocessor\\t: 0\\nmodel name\\t: ARMv8 Processor rev 14 (v8l)\\nBogoMIPS\\t: 38.00\\nFeatures\\t: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt lpae evtstrm aes pmull sha1 sha2 crc32\\nCPU implementer\\t: 0x51\\nCPU architecture: 8\\nCPU variant\\t: 0xd\\nCPU part\\t: 0x805\\nCPU revision\\t: 14\\n\\nprocessor\\t: 1\\nmodel name\\t: ARMv8 Processor rev 14 (v8l)\\nBogoMIPS\\t: 38.00\\nFeatures\\t: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt lpae evtstrm aes pmull sha1 sha2 crc32\\nCPU implementer\\t: 0x51\\nCPU architecture: 8\\nCPU variant\\t: 0xd\\nCPU part\\t: 0x805\\nCPU revision\\t: 14\\n\\nprocessor\\t: 2\\nmodel name\\t: ARMv8 Processor rev 14 (v8l)\\nBogoMIPS\\t: 38.00\\nFeatures\\t: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt lpae evtstrm aes pmull sha1 sha2 crc32\\nCPU implementer\\t: 0x51\\nCPU architecture: 8\\nCPU variant\\t: 0xd\\nCPU part\\t: 0x805\\nCPU revision\\t: 14\\n\\nprocessor\\t: 3\\nmodel name\\t: ARMv8 Processor rev 14 (v8l)\\nBogoMIPS\\t: 38.00\\nFeatures\\t: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt lpae evtstrm aes pmull sha1 sha2 crc32\\nCPU implementer\\t: 0x51\\nCPU architecture: 8\\nCPU variant\\t: 0xd\\nCPU part\\t: 0x805\\nCPU revision\\t: 14\\n\\nprocessor\\t: 4\\nmodel name\\t: ARMv8 Processor rev 14 (v8l)\\nBogoMIPS\\t: 38.00\\nFeatures\\t: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt lpae evtstrm aes pmull sha1 sha2 crc32\\nCPU implementer\\t: 0x51\\nCPU architecture: 8\\nCPU variant\\t: 0xd\\nCPU part\\t: 0x805\\nCPU revision\\t: 14\\n\\nprocessor\\t: 5\\nmodel name\\t: ARMv8 Processor rev 14 (v8l)\\nBogoMIPS\\t: 38.00\\nFeatures\\t: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt lpae evtstrm aes pmull sha1 sha2 crc32\\nCPU implementer\\t: 0x51\\nCPU architecture: 8\\nCPU variant\\t: 0xd\\nCPU part\\t: 0x805\\nCPU revision\\t: 14\\n\\nprocessor\\t: 6\\nmodel name\\t: ARMv8 Processor rev 14 (v8l)\\nBogoMIPS\\t: 38.00\\nFeatures\\t: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt lpae evtstrm aes pmull sha1 sha2 crc32\\nCPU implementer\\t: 0x51\\nCPU architecture: 8\\nCPU variant\\t: 0xd\\nCPU part\\t: 0x804\\nCPU revision\\t: 14\\n\\nprocessor\\t: 7\\nmodel name\\t: ARMv8 Processor rev 14 (v8l)\\nBogoMIPS\\t: 38.00\\nFeatures\\t: half thumb fastmult vfp edsp neon vfpv3 tls vfpv4 idiva idivt lpae evtstrm aes pmull sha1 sha2 crc32\\nCPU implementer\\t: 0x51\\nCPU architecture: 8\\nCPU variant\\t: 0xd\\nCPU part\\t: 0x804\\nCPU revision\\t: 14\\n\\nHardware\\t: Qualcomm Technologies, Inc SDMMAGPIE\\n\",\"sensor\":{\"LSM6DSR Accelerometer\":\"{Sensor name=\\\"LSM6DSR Accelerometer\\\", vendor=\\\"STMicro\\\", version=142855, type=1, maxRange=156.90636, resolution=0.0047856453, power=0.17, minDelay=2404}\",\"LIS2MDL Magnetometer\":\"{Sensor name=\\\"LIS2MDL Magnetometer\\\", vendor=\\\"STMicro\\\", version=262, type=2, maxRange=4915.1997, resolution=0.01, power=0.2, minDelay=10000}\",\"LSM6DSR Gyroscope\":\"{Sensor name=\\\"LSM6DSR Gyroscope\\\", vendor=\\\"STMicro\\\", version=142855, type=4, maxRange=34.90549, resolution=0.0012216945, power=0.55, minDelay=2404}\",\"TCS3701 Ambient Light Sensor\":\"{Sensor name=\\\"TCS3701 Ambient Light Sensor\\\", vendor=\\\"AMS\\\", version=1, type=5, maxRange=1.0, resolution=0.01, power=0.001, minDelay=0}\",\"BMP380 Pressure Sensor\":\"{Sensor name=\\\"BMP380 Pressure Sensor\\\", vendor=\\\"Bosch\\\", version=8709, type=6, maxRange=1250.0, resolution=0.0017, power=0.7, minDelay=40000}\",\"TCS3701 Proximity Sensor (wake-up)\":\"{Sensor name=\\\"TCS3701 Proximity Sensor (wake-up)\\\", vendor=\\\"AMS\\\", version=1, type=8, maxRange=5.0, resolution=0.01, power=0.001, minDelay=0}\",\"LIS2MDL Magnetometer-Uncalibrated\":\"{Sensor name=\\\"LIS2MDL Magnetometer-Uncalibrated\\\", vendor=\\\"STMicro\\\", version=262, type=14, maxRange=4915.1997, resolution=0.01, power=0.2, minDelay=10000}\",\"LSM6DSR Gyroscope-Uncalibrated\":\"{Sensor name=\\\"LSM6DSR Gyroscope-Uncalibrated\\\", vendor=\\\"STMicro\\\", version=142855, type=16, maxRange=34.90549, resolution=0.0012216945, power=0.55, minDelay=2404}\",\"LSM6DSR Accelerometer-Uncalibrated\":\"{Sensor name=\\\"LSM6DSR Accelerometer-Uncalibrated\\\", vendor=\\\"STMicro\\\", version=142855, type=35, maxRange=156.90636, resolution=0.0047856453, power=0.17, minDelay=2404}\",\"LSM6DSR Temperature\":\"{Sensor name=\\\"LSM6DSR Temperature\\\", vendor=\\\"STMicro\\\", version=142855, type=33172002, maxRange=85.0, resolution=0.0039, power=0.24, minDelay=200000}\",\"BMP380 Temperature\":\"{Sensor name=\\\"BMP380 Temperature\\\", vendor=\\\"Bosch\\\", version=8709, type=33172003, maxRange=1.0, resolution=0.01, power=0.3, minDelay=200000}\",\"LIS2MDL Temperature\":\"{Sensor name=\\\"LIS2MDL Temperature\\\", vendor=\\\"STMicro\\\", version=262, type=33172004, maxRange=1.0, resolution=0.01, power=0.001, minDelay=10000}\",\"camera v-sync 0\":\"{Sensor name=\\\"camera v-sync 0\\\", vendor=\\\"Google\\\", version=1, type=33172005, maxRange=1.0, resolution=0.01, power=0.001, minDelay=0}\",\"camera v-sync 1\":\"{Sensor name=\\\"camera v-sync 1\\\", vendor=\\\"Google\\\", version=1, type=33172005, maxRange=1.0, resolution=0.01, power=0.001, minDelay=0}\",\"Binned Brightness\":\"{Sensor name=\\\"Binned Brightness\\\", vendor=\\\"Google\\\", version=1, type=65541, maxRange=255.0, resolution=1.0, power=0.2, minDelay=1000000}\",\"Device Pickup Sensor\":\"{Sensor name=\\\"Device Pickup Sensor\\\", vendor=\\\"Google\\\", version=1, type=25, maxRange=1.0, resolution=1.0, power=0.25, minDelay=-1}\",\"Proximity Gated Single Tap Gesture\":\"{Sensor name=\\\"Proximity Gated Single Tap Gesture\\\", vendor=\\\"Google\\\", version=1, type=65547, maxRange=1.0, resolution=1.0, power=0.001, minDelay=-1}\",\"Double Twist\":\"{Sensor name=\\\"Double Twist\\\", vendor=\\\"Google\\\", version=1, type=65537, maxRange=1.0, resolution=1.0, power=1.0, minDelay=0}\",\"Game Rotation Vector Sensor\":\"{Sensor name=\\\"Game Rotation Vector Sensor\\\", vendor=\\\"Google\\\", version=1, type=15, maxRange=1.0, resolution=1.0E-5, power=1.0, minDelay=5000}\",\"Geomagnetic Rotation Vector Sensor\":\"{Sensor name=\\\"Geomagnetic Rotation Vector Sensor\\\", vendor=\\\"Google\\\", version=1, type=20, maxRange=1.0, resolution=1.0E-5, power=1.0, minDelay=5000}\",\"Gravity Sensor\":\"{Sensor name=\\\"Gravity Sensor\\\", vendor=\\\"Google\\\", version=1, type=9, maxRange=9.810001, resolution=1.0E-5, power=1.0, minDelay=5000}\",\"Linear Acceleration Sensor\":\"{Sensor name=\\\"Linear Acceleration Sensor\\\", vendor=\\\"Google\\\", version=1, type=10, maxRange=156.96, resolution=1.0E-5, power=1.0, minDelay=20000}\",\"Orientation Sensor\":\"{Sensor name=\\\"Orientation Sensor\\\", vendor=\\\"Google\\\", version=1, type=3, maxRange=360.0, resolution=1.0E-5, power=1.0, minDelay=5000}\",\"Rotation Vector Sensor\":\"{Sensor name=\\\"Rotation Vector Sensor\\\", vendor=\\\"Google\\\", version=1, type=11, maxRange=1.0, resolution=1.0E-5, power=1.0, minDelay=5000}\",\"Significant Motion\":\"{Sensor name=\\\"Significant Motion\\\", vendor=\\\"Google\\\", version=1, type=17, maxRange=1.0, resolution=1.0, power=0.25, minDelay=-1}\",\"Step Counter\":\"{Sensor name=\\\"Step Counter\\\", vendor=\\\"Google\\\", version=1, type=19, maxRange=1.8446744E19, resolution=1.0, power=0.1, minDelay=0}\",\"Step Detector\":\"{Sensor name=\\\"Step Detector\\\", vendor=\\\"Google\\\", version=1, type=18, maxRange=1.0, resolution=1.0, power=0.1, minDelay=0}\",\"Tilt Sensor\":\"{Sensor name=\\\"Tilt Sensor\\\", vendor=\\\"Google\\\", version=1, type=22, maxRange=1.0, resolution=1.0, power=0.25, minDelay=0}\",\"Device Orientation\":\"{Sensor name=\\\"Device Orientation\\\", vendor=\\\"Google\\\", version=1, type=27, maxRange=3.0, resolution=1.0, power=1.0, minDelay=0}\"},\"features\":\"feature:reqGlEsVersion=0x30002feature:android.hardware.audio.low_latency\\nfeature:android.hardware.audio.output\\nfeature:android.hardware.audio.pro\\nfeature:android.hardware.bluetooth\\nfeature:android.hardware.bluetooth_le\\nfeature:android.hardware.camera\\nfeature:android.hardware.camera.any\\nfeature:android.hardware.camera.autofocus\\nfeature:android.hardware.camera.capability.manual_post_processing\\nfeature:android.hardware.camera.capability.manual_sensor\\nfeature:android.hardware.camera.capability.raw\\nfeature:android.hardware.camera.flash\\nfeature:android.hardware.camera.front\\nfeature:android.hardware.camera.level.full\\nfeature:android.hardware.context_hub\\nfeature:android.hardware.device_unique_attestation\\nfeature:android.hardware.faketouch\\nfeature:android.hardware.fingerprint\\nfeature:android.hardware.location\\nfeature:android.hardware.location.gps\\nfeature:android.hardware.location.network\\nfeature:android.hardware.microphone\\nfeature:android.hardware.nfc\\nfeature:android.hardware.nfc.any\\nfeature:android.hardware.nfc.ese\\nfeature:android.hardware.nfc.hce\\nfeature:android.hardware.nfc.hcef\\nfeature:android.hardware.nfc.uicc\\nfeature:android.hardware.opengles.aep\\nfeature:android.hardware.ram.normal\\nfeature:android.hardware.reboot_escrow\\nfeature:android.hardware.screen.landscape\\nfeature:android.hardware.screen.portrait\\nfeature:android.hardware.se.omapi.ese\\nfeature:android.hardware.se.omapi.uicc\\nfeature:android.hardware.sensor.accelerometer\\nfeature:android.hardware.sensor.barometer\\nfeature:android.hardware.sensor.compass\\nfeature:android.hardware.sensor.gyroscope\\nfeature:android.hardware.sensor.hifi_sensors\\nfeature:android.hardware.sensor.light\\nfeature:android.hardware.sensor.proximity\\nfeature:android.hardware.sensor.stepcounter\\nfeature:android.hardware.sensor.stepdetector\\nfeature:android.hardware.strongbox_keystore\\nfeature:android.hardware.telephony\\nfeature:android.hardware.telephony.carrierlock\\nfeature:android.hardware.telephony.cdma\\nfeature:android.hardware.telephony.euicc\\nfeature:android.hardware.telephony.gsm\\nfeature:android.hardware.telephony.ims\\nfeature:android.hardware.touchscreen\\nfeature:android.hardware.touchscreen.multitouch\\nfeature:android.hardware.touchscreen.multitouch.distinct\\nfeature:android.hardware.touchscreen.multitouch.jazzhand\\nfeature:android.hardware.usb.accessory\\nfeature:android.hardware.usb.host\\nfeature:android.hardware.vulkan.compute\\nfeature:android.hardware.vulkan.level=1\\nfeature:android.hardware.vulkan.version=4198400\\nfeature:android.hardware.wifi\\nfeature:android.hardware.wifi.aware\\nfeature:android.hardware.wifi.direct\\nfeature:android.hardware.wifi.passpoint\\nfeature:android.hardware.wifi.rtt\\nfeature:android.software.activities_on_secondary_displays\\nfeature:android.software.app_enumeration\\nfeature:android.software.app_widgets\\nfeature:android.software.autofill\\nfeature:android.software.backup\\nfeature:android.software.cant_save_state\\nfeature:android.software.companion_device_setup\\nfeature:android.software.connectionservice\\nfeature:android.software.controls\\nfeature:android.software.cts\\nfeature:android.software.device_admin\\nfeature:android.software.device_id_attestation\\nfeature:android.software.file_based_encryption\\nfeature:android.software.home_screen\\nfeature:android.software.incremental_delivery\\nfeature:android.software.input_methods\\nfeature:android.software.ipsec_tunnels\\nfeature:android.software.live_wallpaper\\nfeature:android.software.managed_users\\nfeature:android.software.midi\\nfeature:android.software.picture_in_picture\\nfeature:android.software.print\\nfeature:android.software.secure_lock_screen\\nfeature:android.software.securely_removes_users\\nfeature:android.software.sip\\nfeature:android.software.sip.voip\\nfeature:android.software.verified_boot\\nfeature:android.software.voice_recognizers\\nfeature:android.software.vulkan.deqp.level=132383489\\nfeature:android.software.webview\\nfeature:com.google.android.apps.dialer.SUPPORTED\\nfeature:com.google.android.feature.ADAPTIVE_CHARGING\\nfeature:com.google.android.feature.AER_OPTIMIZED\\nfeature:com.google.android.feature.EXCHANGE_6_2\\nfeature:com.google.android.feature.GOOGLE_BUILD\\nfeature:com.google.android.feature.GOOGLE_EXPERIENCE\\nfeature:com.google.android.feature.NEXT_GENERATION_ASSISTANT\\nfeature:com.google.android.feature.PIXEL_2017_EXPERIENCE\\nfeature:com.google.android.feature.PIXEL_2018_EXPERIENCE\\nfeature:com.google.android.feature.PIXEL_2019_EXPERIENCE\\nfeature:com.google.android.feature.PIXEL_2019_MIDYEAR_EXPERIENCE\\nfeature:com.google.android.feature.PIXEL_2020_MIDYEAR_EXPERIENCE\\nfeature:com.google.android.feature.PIXEL_EXPERIENCE\\nfeature:com.google.android.feature.TURBO_PRELOAD\\nfeature:com.google.android.feature.WELLBEING\\nfeature:com.google.android.feature.ZERO_TOUCH\\nfeature:com.nxp.mifare\\nfeature:com.verizon.hardware.telephony.ehrpd\\nfeature:com.verizon.hardware.telephony.lte\\n\",\"properties\":{\"http.agent\":\"Dalvik\\/2.1.0 (Linux; U; Android 11; Pixel 4a Build\\/RQ1A.201205.008)\",\"java.runtime.name\":\"Android Runtime\",\"android.icu.impl.ICUBinary.dataPath\":\"\\/data\\/misc\\/zoneinfo\\/current\\/icu\\/:\\/apex\\/com.android.tzdata\\/etc\\/icu\\/:\\/apex\\/com.android.i18n\\/etc\\/icu\\/\",\"java.vm.version\":\"2.1.0\",\"android.icu.cldr.version\":\"36.1\",\"java.vm.vendor\":\"The Android Project\",\"java.vendor.url\":\"http:\\/\\/www.android.com\\/\",\"path.separator\":\":\",\"java.vm.name\":\"Dalvik\",\"java.vm.vendor.url\":\"http:\\/\\/www.android.com\\/\",\"java.vm.specification.name\":\"Dalvik Virtual Machine Specification\",\"user.dir\":\"\\/\",\"java.runtime.version\":\"0.9\",\"os.arch\":\"armv8l\",\"java.io.tmpdir\":\"\\/data\\/user\\/0\\/com.tujia.hotel\\/cache\",\"line.separator\":\"\\n\",\"android.icu.library.version\":\"66.1\",\"java.vm.specification.vendor\":\"The Android Project\",\"user.variant\":\"\",\"os.name\":\"Linux\",\"android.zlib.version\":\"1.2.11\",\"java.library.path\":\"\\/system\\/lib:\\/system_ext\\/lib:\\/product\\/lib\",\"java.net.preferIPv6Addresses\":\"false\",\"http.keepAlive\":\"false\",\"java.specification.name\":\"Dalvik Core Library\",\"java.class.version\":\"50.0\",\"user.locale\":\"zh-Hans-CN\",\"os.version\":\"4.14.191-g1960f4e93c00-ab6924778\",\"android.openssl.version\":\"OpenSSL 1.1.0 (compatible; BoringSSL)\",\"user.home\":\"\",\"file.encoding\":\"UTF-8\",\"java.specification.version\":\"0.9\",\"user.name\":\"root\",\"java.class.path\":\".\",\"java.vm.specification.version\":\"0.9\",\"java.home\":\"\\/system\",\"user.language\":\"zh\",\"java.specification.vendor\":\"The Android Project\",\"java.version\":\"0\",\"java.ext.dirs\":\"\",\"java.boot.class.path\":\"\\/apex\\/com.android.art\\/javalib\\/core-oj.jar:\\/apex\\/com.android.art\\/javalib\\/core-libart.jar:\\/apex\\/com.android.art\\/javalib\\/core-icu4j.jar:\\/apex\\/com.android.art\\/javalib\\/okhttp.jar:\\/apex\\/com.android.art\\/javalib\\/bouncycastle.jar:\\/apex\\/com.android.art\\/javalib\\/apache-xml.jar:\\/system\\/framework\\/framework.jar:\\/system\\/framework\\/ext.jar:\\/system\\/framework\\/telephony-common.jar:\\/system\\/framework\\/voip-common.jar:\\/system\\/framework\\/ims-common.jar:\\/system\\/framework\\/framework-atb-backward-compatibility.jar:\\/apex\\/com.android.conscrypt\\/javalib\\/conscrypt.jar:\\/apex\\/com.android.media\\/javalib\\/updatable-media.jar:\\/apex\\/com.android.mediaprovider\\/javalib\\/framework-mediaprovider.jar:\\/apex\\/com.android.os.statsd\\/javalib\\/framework-statsd.jar:\\/apex\\/com.android.permission\\/javalib\\/framework-permission.jar:\\/apex\\/com.android.sdkext\\/javalib\\/framework-sdkextensions.jar:\\/apex\\/com.android.wifi\\/javalib\\/framework-wifi.jar:\\/apex\\/com.android.tethering\\/javalib\\/framework-tethering.jar\",\"java.vendor\":\"The Android Project\",\"file.separator\":\"\\/\",\"java.compiler\":\"\",\"taichi_magisk\":\"1\",\"android.icu.unicode.version\":\"13.0\",\"user.region\":\"CN\"},\"sysProp2\":{\"BOARD\":\"sunfish\",\"BOOTLOADER\":\"s5-0.3-6835615\",\"BRAND\":\"google\",\"CPU_ABI\":\"armeabi-v7a\",\"CPU_ABI2\":\"armeabi\",\"DEVICE\":\"sunfish\",\"DISPLAY\":\"RQ1A.201205.008\",\"FINGERPRINT\":\"google\\/sunfish\\/sunfish:11\\/RQ1A.201205.008\\/6943376:user\\/release-keys\",\"HARDWARE\":\"sunfish\",\"HOST\":\"abfarm-01358\",\"ID\":\"RQ1A.201205.008\",\"IS_DEBUGGABLE\":\"false\",\"IS_EMULATOR\":\"false\",\"MANUFACTURER\":\"Google\",\"MODEL\":\"Pixel 4a\",\"PERMISSIONS_REVIEW_REQUIRED\":\"true\",\"PRODUCT\":\"sunfish\",\"RADIO\":\"g7150-00023-201008-B-6891498\",\"SERIAL\":\"unknown\",\"SUPPORTED_32_BIT_ABIS\":\"[Ljava.lang.String;@c017f8d\",\"SUPPORTED_64_BIT_ABIS\":\"[Ljava.lang.String;@58e7542\",\"SUPPORTED_ABIS\":\"[Ljava.lang.String;@86e3953\",\"TAGS\":\"release-keys\",\"TIME\":\"1604104967000\",\"TYPE\":\"user\",\"UNKNOWN\":\"unknown\",\"USER\":\"android-build\",\"ACTIVE_CODENAMES\":\"[Ljava.lang.String;@597e290\",\"BASE_OS\":\"\",\"CODENAME\":\"REL\",\"INCREMENTAL\":\"6943376\",\"PREVIEW_SDK_FINGERPRINT\":\"REL\",\"PREVIEW_SDK_INT\":\"0\",\"RELEASE\":\"11\",\"RELEASE_OR_CODENAME\":\"11\",\"SDK\":\"30\",\"SDK_INT\":\"30\",\"SECURITY_PATCH\":\"2020-12-05\"},\"libraries\":\"library:android.ext.shared\\nlibrary:android.hidl.base-V1.0-java\\nlibrary:android.hidl.manager-V1.0-java\\nlibrary:android.net.ipsec.ike\\nlibrary:android.test.base\\nlibrary:android.test.mock\\nlibrary:android.test.runner\\nlibrary:com.android.future.usb.accessory\\nlibrary:com.android.hotwordenrollment.common.util\\nlibrary:com.android.location.provider\\nlibrary:com.android.media.remotedisplay\\nlibrary:com.android.mediadrm.signer\\nlibrary:com.android.nfc_extras\\nlibrary:com.android.omadm.radioconfig\\nlibrary:com.google.android.camera.experimental2020_midyear\\nlibrary:com.google.android.dialer.support\\nlibrary:com.google.android.gms\\nlibrary:com.google.android.hardwareinfo\\nlibrary:com.qti.media.secureprocessor\\nlibrary:com.qualcomm.qcrilhook\\nlibrary:com.qualcomm.qti.QtiTelephonyServicelibrary\\nlibrary:com.qualcomm.qti.imscmservice-V2.0-java\\nlibrary:com.qualcomm.qti.imscmservice-V2.1-java\\nlibrary:com.qualcomm.qti.imscmservice-V2.2-java\\nlibrary:com.qualcomm.uimremoteclientlibrary\\nlibrary:com.qualcomm.uimremoteserverlibrary\\nlibrary:com.vzw.apnlib\\nlibrary:javax.obex\\nlibrary:org.apache.http.legacy\\nlibrary:qti-telephony-hidl-wrapper\\nlibrary:qti-telephony-utils\\nlibrary:vendor.qti.hardware.data.connection-V1.0-java\\nlibrary:vendor.qti.hardware.data.connection-V1.1-java\\n\"}");
case "com/qunar/rc/d/e->c()Ljava/lang/String;":
return new StringObject(vm, "{\"isEmulator\":false,\"isDebug\":false,\"isVPN\":false}");
}
return super.callStaticObjectMethod(vm, dvmClass, signature, varArg);
}
@Override
public void callStaticVoidMethod(BaseVM vm, DvmClass dvmClass, String signature, VarArg varArg) {
switch (signature) {
case "com/qunar/rc/d/d->p(Ljava/lang/String;Ljava/lang/String;)V":
System.out.printf(
"com/qunar/rc/d/d->p key=%1$s, value=%2$s\n",
varArg.getObject(0).toString(),
varArg.getObject(1).toString()
);
break;
default:
super.callStaticVoidMethod(vm, dvmClass, signature, varArg);
}
}
@Override
public DvmObject<?> getObjectField(BaseVM vm, DvmObject<?> dvmObject, String signature) {
switch (signature) {
case "android/content/pm/ApplicationInfo->nativeLibraryDir:Ljava/lang/String;":
return new StringObject(vm, "/data/app/~~IbiA-emgFm-0GEh3Z_D1bg==/com.tujia.hotel-Cwmf8wtW-52V722VtapRkg==/lib/arm");
}
return super.getObjectField(vm, dvmObject, signature);
}
@Override
public DvmObject<?> callObjectMethod(BaseVM vm, DvmObject<?> dvmObject, String signature, VarArg varArg) {
switch (signature) {
case "android/app/ActivityThread->getApplication()Landroid/app/Application;":
return vm.resolveClass("android/app/Application", vm.resolveClass("android/content/ContextWrapper", vm.resolveClass("android/content/Context"))).newObject(signature);
case "android/app/Application->getApplicationInfo()Landroid/content/pm/ApplicationInfo;":
return new ApplicationInfo(vm);
}
return super.callObjectMethod(vm, dvmObject, signature, varArg);
}
private void testEp(boolean writeToFile) {
String epMethodSign = "ep()Ljava/lang/String;";
Object result = jDvmClass.callStaticJniMethodObject(
emulator,
epMethodSign
);
String resultString = result == null ? "null" : result.toString().replace("\n", "").replace("\"", "");
System.out.println("ep result: " + (resultString));
if (writeToFile) {
try (FileWriter writer = new FileWriter("appfp.txt", true)) {
writer.write(resultString + "\n");
} catch (IOException e) {
e.printStackTrace();
}
}
}
private void testSfp() {
String sfpMethodSign = "sfp(Ljava/lang/String;)V";
jDvmClass.callStaticJniMethod(
emulator,
sfpMethodSign,
"AOKxZXxqiAskfU8wY8aclAd45RpAnkljy2q1w5qdzuFYtj1nxCTY3Ejn8zyh6JBo/3GthXXPL+0MdAv6BOg0szu/2Gt4Sv3Oo3eX8HzbVVNyOia8oUMlHZ4MjH3ZrkGzn/lWuc76Idklr+t+uPQAxw=="
);
}
private void testCd() {
String cdMethodSign = "cd(Ljava/lang/String;I)Ljava/lang/String;";
Object result = jDvmClass.callStaticJniMethodObject(
emulator,
cdMethodSign,
"27fe192ea37047c82d9561defe9ed575",
10003
);
System.out.println("cd result: " + (result == null ? "null" : result.toString()));
}
public static void main(String[] args) {
for (int i = 0; i < 1; i++) {
TujiaNUtils tujiaNUtils = new TujiaNUtils();
tujiaNUtils.testCd();
// tujiaNUtils.testSfp();
// tujiaNUtils.testEp(false);
// tujiaNUtils.close();
}
}
}
麻烦您方便的时间再帮忙看一下,我在这方便的知识不是很足。万分感谢!
@Pr0214 Could you please show how to hook popen function to return my result and prevent to call real popen function?
@Pr0214 Could you please show how to hook popen function to return my result and prevent to call real popen function?
Hi,Maybe you have already resolved the problem?(I knew your question just now
@Pr0214 Didn't find way to hook popen but issue was in other place and I managed to implement my tool without this hook need. So, I guess not relevant for now.