def test_64_elf(self): # Initialize emulator emulator = Emulator( vfs_root="vfs", arch=emu_const.ARCH_ARM64 ) emulator.java_classloader.add_class(TestClass) try: libcm = emulator.load_library("vfs/system/lib64/libc.so") libtest = emulator.load_library("tests/bin64/libnative-lib.so") #emulator.memory.dump_maps(sys.stdout) emulator.call_symbol(libtest, 'JNI_OnLoad', emulator.java_vm.address_ptr, 0x00) t = TestClass() r = t.testJni2(emulator, 10000000000) self.assertEqual(r, 125) app = ActivityThread.currentApplication(emulator) s = t.testJni1(emulator, app).get_py_string() self.assertEqual(s, "com.ss.android.ugc.aweme") #emulator.memory.dump_maps(sys.stdout) except UcError as e: print("Exit at 0x%08X" % emulator.mu.reg_read(UC_ARM64_REG_PC)) emulator.memory.dump_maps(sys.stdout) raise
def test_load_bias_new_delete(self): emulator = Emulator( vfs_root="vfs", arch=emu_const.ARCH_ARM64 ) try: libcpp = emulator.load_library("vfs/system/lib64/libc++.so") new_ptr = emulator.call_symbol(libcpp, "_Znwm", 100) emulator.mu.mem_write(new_ptr, b'hello world...') self.assertTrue(new_ptr!=0) emulator.call_symbol(libcpp, "_ZdlPv", new_ptr) # except UcError as e: print("Exit at 0x%08X" % emulator.mu.reg_read(UC_ARM64_REG_PC)) emulator.memory.dump_maps(sys.stdout) raise
def test_something(self): # Initialize emulator emulator = Emulator(vfp_inst_set=True, vfs_root=posixpath.join(dir_samples, "vfs")) emulator.load_library(posixpath.join(dir_samples, "example_binaries", "libdl.so"), do_init=False) emulator.load_library(posixpath.join(dir_samples, "example_binaries", "libc.so"), do_init=False) emulator.load_library(posixpath.join(dir_samples, "example_binaries", "libstdc++.so"), do_init=False) module = emulator.load_library(posixpath.join( posixpath.dirname(__file__), "test_binaries", "test_native.so"), do_init=False) print(module.base) emulator.mu.hook_add(UC_HOOK_CODE, debug_utils.hook_code) emulator.mu.hook_add(UC_HOOK_MEM_UNMAPPED, debug_utils.hook_unmapped) res = emulator.call_symbol( module, 'Java_com_aeonlucid_nativetesting_MainActivity_testOneArg', emulator.java_vm.address_ptr, 0x00, 'Hello', 'asd') print(res)
def test_thread32(self): emulator = Emulator(vfs_root="vfs", muti_task=True) libcm = emulator.load_library("vfs/system/lib/libc.so") sym = libcm.find_symbol("pthread_create") h = FuncHooker(emulator) h.fun_hook(sym, 4, self.__pthread_create32_before_hook, self.__pthread_create32_after_hook) libdemo = emulator.load_library("tests/bin/libdemo.so") r = emulator.call_symbol(libdemo, "test_thread", 3) self.assertEqual(r, 3) self.assertTrue(self.__is32_before_call) self.assertTrue(self.__is32_after_call)
def test_something(self): # Initialize emulator emulator = Emulator( vfp_inst_set=True, vfs_root="vfs" ) module = emulator.load_library(posixpath.join(posixpath.dirname(__file__), "bin", "test_native.so")) self.assertTrue(module.base != 0) #emulator.mu.hook_add(UC_HOOK_CODE, hook_code, emulator) res = emulator.call_symbol(module, 'Java_com_aeonlucid_nativetesting_MainActivity_testOneArg', emulator.java_vm.jni_env.address_ptr, 0x00, String('Hello')) pystr = emulator.java_vm.jni_env.get_local_reference(res).value.get_py_string() self.assertEqual(pystr, "Hello")
def test_thread64(self): emulator = Emulator(vfs_root="vfs", arch=emu_const.ARCH_ARM64, muti_task=True) libcm = emulator.load_library("vfs/system/lib64/libc.so") sym = libcm.find_symbol("pthread_create") #print("sym : %s"%hex(sym)) h = FuncHooker(emulator) h.fun_hook(sym, 4, self.__pthread_create64_before_hook, self.__pthread_create64_after_hook) #emulator.mu.hook_add(UC_HOOK_CODE, hook_code, emulator) libdemo = emulator.load_library("tests/bin64/libdemo.so") r = emulator.call_symbol(libdemo, "test_thread", 3) self.assertEqual(r, 3) self.assertTrue(self.__is64_before_call) self.assertTrue(self.__is64_after_call)
#got hook emulator.modules.add_symbol_hook( '__aeabi_memclr', emulator.hooker.write_function(__aeabi_memclr) + 1) emulator.modules.add_symbol_hook( '__aeabi_memcpy', emulator.hooker.write_function(__aeabi_memcpy) + 1) emulator.modules.add_symbol_hook('sprintf', emulator.hooker.write_function(sprintf) + 1) emulator.java_classloader.add_class(com_sec_udemo_MainActivity) emulator.load_library('jnilibs/libc.so', do_init=False) libmod = emulator.load_library('jnilibs/libnative-lib.so', do_init=False) try: dbg = udbg.UnicornDebugger(emulator.mu) obj = com_sec_udemo_MainActivity() s = emulator.call_symbol(libmod, 'Java_com_sec_udemo_MainActivity_sign_1lv3', emulator.java_vm.jni_env.call_float_method_a, obj, "123") print(s) except UcError as e: list_tracks = dbg.get_tracks() for addr in list_tracks[-100:-1]: print(hex(addr - 0xcbc66000)) print(e)
emulator = Emulator() emulator.modules.add_symbol_hook( "__aeabi_memclr", emulator.hooker.write_function(hook_aeabi_memclr) + 1) emulator.modules.add_symbol_hook( "__aeabi_memcpy", emulator.hooker.write_function(hook_aeabi_memcpy) + 1) emulator.modules.add_symbol_hook( "sprintf", emulator.hooker.write_function(hook_sprintf) + 1) emulator.java_classloader.add_class(com_sec_udemo_MainActivity) emulator.load_library("lib/libc.so", do_init=False) libmod = emulator.load_library("lib/libnative-lib.so", do_init=False) try: dbg = udbg.UnicornDebugger(emulator.mu) activity = com_sec_udemo_MainActivity() result = emulator.call_symbol(libmod, "Java_com_sec_udemo_MainActivity_sign_1lv3", emulator.java_vm.jni_env.address_ptr, activity, "123") print(f">>> result: {result}") except UcError as e: track_list = dbg.get_tracks() for el in track_list[-100:-1]: print(f">>> dbg trace: 0x{el - 0xcbc66000:x}") print(e)