def test_64_elf(self):
# Initialize emulator
emulator = Emulator(
vfs_root="vfs",
arch=emu_const.ARCH_ARM64
)
emulator.java_classloader.add_class(TestClass)
try:
libcm = emulator.load_library("vfs/system/lib64/libc.so")
libtest = emulator.load_library("tests/bin64/libnative-lib.so")
#emulator.memory.dump_maps(sys.stdout)
emulator.call_symbol(libtest, 'JNI_OnLoad', emulator.java_vm.address_ptr, 0x00)
t = TestClass()
r = t.testJni2(emulator, 10000000000)
self.assertEqual(r, 125)
app = ActivityThread.currentApplication(emulator)
s = t.testJni1(emulator, app).get_py_string()
self.assertEqual(s, "com.ss.android.ugc.aweme")
#emulator.memory.dump_maps(sys.stdout)
except UcError as e:
print("Exit at 0x%08X" % emulator.mu.reg_read(UC_ARM64_REG_PC))
emulator.memory.dump_maps(sys.stdout)
raise
def test_load_bias_new_delete(self):
emulator = Emulator(
vfs_root="vfs",
arch=emu_const.ARCH_ARM64
)
try:
libcpp = emulator.load_library("vfs/system/lib64/libc++.so")
new_ptr = emulator.call_symbol(libcpp, "_Znwm", 100)
emulator.mu.mem_write(new_ptr, b'hello world...')
self.assertTrue(new_ptr!=0)
emulator.call_symbol(libcpp, "_ZdlPv", new_ptr)
#
except UcError as e:
print("Exit at 0x%08X" % emulator.mu.reg_read(UC_ARM64_REG_PC))
emulator.memory.dump_maps(sys.stdout)
raise
def test_something(self):
# Initialize emulator
emulator = Emulator(vfp_inst_set=True,
vfs_root=posixpath.join(dir_samples, "vfs"))
emulator.load_library(posixpath.join(dir_samples, "example_binaries",
"libdl.so"),
do_init=False)
emulator.load_library(posixpath.join(dir_samples, "example_binaries",
"libc.so"),
do_init=False)
emulator.load_library(posixpath.join(dir_samples, "example_binaries",
"libstdc++.so"),
do_init=False)
module = emulator.load_library(posixpath.join(
posixpath.dirname(__file__), "test_binaries", "test_native.so"),
do_init=False)
print(module.base)
emulator.mu.hook_add(UC_HOOK_CODE, debug_utils.hook_code)
emulator.mu.hook_add(UC_HOOK_MEM_UNMAPPED, debug_utils.hook_unmapped)
res = emulator.call_symbol(
module, 'Java_com_aeonlucid_nativetesting_MainActivity_testOneArg',
emulator.java_vm.address_ptr, 0x00, 'Hello', 'asd')
print(res)
def test_thread32(self):
emulator = Emulator(vfs_root="vfs", muti_task=True)
libcm = emulator.load_library("vfs/system/lib/libc.so")
sym = libcm.find_symbol("pthread_create")
h = FuncHooker(emulator)
h.fun_hook(sym, 4, self.__pthread_create32_before_hook,
self.__pthread_create32_after_hook)
libdemo = emulator.load_library("tests/bin/libdemo.so")
r = emulator.call_symbol(libdemo, "test_thread", 3)
self.assertEqual(r, 3)
self.assertTrue(self.__is32_before_call)
self.assertTrue(self.__is32_after_call)
def test_something(self):
# Initialize emulator
emulator = Emulator(
vfp_inst_set=True,
vfs_root="vfs"
)
module = emulator.load_library(posixpath.join(posixpath.dirname(__file__), "bin", "test_native.so"))
self.assertTrue(module.base != 0)
#emulator.mu.hook_add(UC_HOOK_CODE, hook_code, emulator)
res = emulator.call_symbol(module, 'Java_com_aeonlucid_nativetesting_MainActivity_testOneArg', emulator.java_vm.jni_env.address_ptr, 0x00, String('Hello'))
pystr = emulator.java_vm.jni_env.get_local_reference(res).value.get_py_string()
self.assertEqual(pystr, "Hello")
def test_thread64(self):
emulator = Emulator(vfs_root="vfs",
arch=emu_const.ARCH_ARM64,
muti_task=True)
libcm = emulator.load_library("vfs/system/lib64/libc.so")
sym = libcm.find_symbol("pthread_create")
#print("sym : %s"%hex(sym))
h = FuncHooker(emulator)
h.fun_hook(sym, 4, self.__pthread_create64_before_hook,
self.__pthread_create64_after_hook)
#emulator.mu.hook_add(UC_HOOK_CODE, hook_code, emulator)
libdemo = emulator.load_library("tests/bin64/libdemo.so")
r = emulator.call_symbol(libdemo, "test_thread", 3)
self.assertEqual(r, 3)
self.assertTrue(self.__is64_before_call)
self.assertTrue(self.__is64_after_call)
#got hook
emulator.modules.add_symbol_hook(
'__aeabi_memclr',
emulator.hooker.write_function(__aeabi_memclr) + 1)
emulator.modules.add_symbol_hook(
'__aeabi_memcpy',
emulator.hooker.write_function(__aeabi_memcpy) + 1)
emulator.modules.add_symbol_hook('sprintf',
emulator.hooker.write_function(sprintf) + 1)
emulator.java_classloader.add_class(com_sec_udemo_MainActivity)
emulator.load_library('jnilibs/libc.so', do_init=False)
libmod = emulator.load_library('jnilibs/libnative-lib.so', do_init=False)
try:
dbg = udbg.UnicornDebugger(emulator.mu)
obj = com_sec_udemo_MainActivity()
s = emulator.call_symbol(libmod,
'Java_com_sec_udemo_MainActivity_sign_1lv3',
emulator.java_vm.jni_env.call_float_method_a, obj,
"123")
print(s)
except UcError as e:
list_tracks = dbg.get_tracks()
for addr in list_tracks[-100:-1]:
print(hex(addr - 0xcbc66000))
print(e)
emulator = Emulator()
emulator.modules.add_symbol_hook(
"__aeabi_memclr",
emulator.hooker.write_function(hook_aeabi_memclr) + 1)
emulator.modules.add_symbol_hook(
"__aeabi_memcpy",
emulator.hooker.write_function(hook_aeabi_memcpy) + 1)
emulator.modules.add_symbol_hook(
"sprintf",
emulator.hooker.write_function(hook_sprintf) + 1)
emulator.java_classloader.add_class(com_sec_udemo_MainActivity)
emulator.load_library("lib/libc.so", do_init=False)
libmod = emulator.load_library("lib/libnative-lib.so", do_init=False)
try:
dbg = udbg.UnicornDebugger(emulator.mu)
activity = com_sec_udemo_MainActivity()
result = emulator.call_symbol(libmod,
"Java_com_sec_udemo_MainActivity_sign_1lv3",
emulator.java_vm.jni_env.address_ptr,
activity, "123")
print(f">>> result: {result}")
except UcError as e:
track_list = dbg.get_tracks()
for el in track_list[-100:-1]:
print(f">>> dbg trace: 0x{el - 0xcbc66000:x}")
print(e)