Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Syscall crashes on emulator #2

Open
ghost opened this issue May 29, 2021 · 5 comments
Open

Syscall crashes on emulator #2

ghost opened this issue May 29, 2021 · 5 comments

Comments

@ghost
Copy link

ghost commented May 29, 2021

It seems emulators, Memu and LDplayer does not like being syscalled. It cause crashes
It's working fine on my arm64 android 11, however it doesn't detect dump at all. GG successfully finished whole memory dump without detection

2021-05-29 12:49:41.547 11764-11764/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:41.547 11764-11764/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:41.551 676-676/com.android.phone E/PhoneInterfaceManager: [PhoneIntfMgr] getCarrierPackageNamesForIntent: No UICC
2021-05-29 12:49:42.735 11775-11775/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:42.735 11775-11775/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:42.739 676-676/com.android.phone E/PhoneInterfaceManager: [PhoneIntfMgr] getCarrierPackageNamesForIntent: No UICC
2021-05-29 12:49:42.896 11786-11786/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:42.896 11786-11786/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:42.916 11790-11790/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:42.916 11790-11790/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:42.921 676-676/com.android.phone E/PhoneInterfaceManager: [PhoneIntfMgr] getCarrierPackageNamesForIntent: No UICC
2021-05-29 12:49:43.084 11810-11810/? E/memtrack: Couldn't load memtrack module (No such file or directory)
2021-05-29 12:49:43.084 11810-11810/? E/android.os.Debug: failed to load memtrack module: -2
2021-05-29 12:49:43.209 11819-11836/com.darvin.security.detectdebugger A/libc: Fatal signal 11 (SIGSEGV), code 1, fault addr 0x0 in tid 11836 (.detectdebugger)
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: Build fingerprint: 'google/google/G011A:7.1.2/20171130.376229:user/release-keys'
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: Revision: '0'
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: ABI: 'x86'
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: pid: 11819, tid: 11836, name: flush-8:0  >>> com.darvin.security.detectdebugger <<<
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x0
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG:     eax 0000014c  ebx 00000000  ecx 0000014c  edx b1db2898
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG:     esi 00000000  edi 9a013928
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG:     xcs 00000073  xds 0000007b  xes 0000007b  xfs 0000003b  xss 0000007b
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG:     eip 00000000  ebp 9a00b3e8  esp 9a00b3cc  flags 00010282
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG: backtrace:
2021-05-29 12:49:43.214 11837-11837/? A/DEBUG:     #00 pc 00000000  <unknown>
2021-05-29 12:49:43.274 92-92/? E/lowmemorykiller: Error opening /proc/11819/oom_score_adj; errno=2
2021-05-29 12:49:43.340 925-1381/com.microvirt.launcher2 E/EGL_adreno: tid 1381: eglSurfaceAttrib(1582): error 0x3009 (EGL_BAD_MATCH)
2021-05-29 12:49:43.475 520-2853/system_process E/EGL_adreno: tid 2853: eglSurfaceAttrib(1582): error 0x3009 (EGL_BAD_MATCH)
@darvincisec
Copy link
Owner

Thanks for reporting this. As of now, I don't plan to fix this, as long as it works on devices. However the concerning thing is detection not working on Android 11 device. I will check that part. Can you share some logs when GG does memory dump

@ghost
Copy link
Author

ghost commented Jun 13, 2021

Which excatly log are you looking for? I don't wanna share my whole logs here as it may contain senitive info
And anyway, this project is totally useless if you don't plan fixing for emulators because they can just go use emulators to get around anti-dump

@darvincisec
Copy link
Owner

Need just the application logs of this project

@ghost
Copy link
Author

ghost commented Jul 2, 2021

Created a new issue
Please support emulators because you already have x86 supported. i tried to target x86 only but still crash

@ghost
Copy link

ghost commented Jan 1, 2022

It's an easy fix to make it work again, #include "sys/inotify.h" , remove the syscalls and replace the inotify syscalls with the inotify functions from inotify.h

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@darvincisec