Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Failed to run lkl hijack on android 10 #533

Open
fish4terrisa-MSDSM opened this issue Oct 8, 2023 · 6 comments
Open

Failed to run lkl hijack on android 10 #533

fish4terrisa-MSDSM opened this issue Oct 8, 2023 · 6 comments

Comments

@fish4terrisa-MSDSM
Copy link

I have tried the hijack library on android 10 with termux , and I got this output:

$ LD_PRELOAD=./liblkl-hijack.so ip                                                            
CANNOT LINK EXECUTABLE "ip": "/data/data/com.termux/files/home/lib/hijack/liblkl-hijack.so": W+E load segments are not allowed                                                                      
$ LD_PRELOAD=./liblkl-zpoline.so ip                                                  
CANNOT LINK EXECUTABLE "ip": "/data/data/com.termux/files/home/lib/hijack/liblkl-zpoline.so": W+E load segments are not allowed

And I have built the libs with linaro-6.3 toolchain, does anyone knows how to fix that?
@fish4terrisa-MSDSM
Copy link
Author

Is there any updates now? The problem still presists.

@ddiss
Copy link

ddiss commented May 15, 2024

IIUC, zpoline is x86-64 specific, so won't work on arm/aarch64 Android. zpoline also relies on modifications to the running binary, which I think Android security policies disallow, as indicated by the W(rite)+E(xecute) error message.

https://www.usenix.org/system/files/atc23-yasukata.pdf explains why it's very x86 specific.

@thehajime
Copy link
Member

I'm not familiar with this area, and have no local environment to reproduce it.
But the message looks like a case of newer Android NDK API; I got a link from random walk.

https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#writable-and-executable-segments-enforced-for-api-level-26

can you do the same thing without errors in non-termux environment ?

@thehajime
Copy link
Member

IIUC, zpoline is x86-64 specific, so won't work on arm/aarch64 Android. zpoline also relies on modifications to the running binary, which I think Android security policies disallow, as indicated by the W(rite)+E(xecute) error message.

although zpoline is indeed x86 specific, the command @fish4terrisa-MSDSM gave us is using the default hijack library (i.e., LD_PRELOAD w/ symbol replacement of glibc) so, it should be not related to zpoline.

@ddiss
Copy link

ddiss commented May 15, 2024
edited
Loading

...

although zpoline is indeed x86 specific, the command @fish4terrisa-MSDSM gave us is using the default hijack library (i.e., LD_PRELOAD w/ symbol replacement of glibc) so, it should be not related to zpoline.

Oops, you're right. zpoline was only used in the second example, the first was just plain hijack.so

@thehajime thehajime mentioned this issue May 15, 2024
Open
@fish4terrisa-MSDSM
Copy link
Author

I'm not familiar with this area, and have no local environment to reproduce it. But the message looks like a case of newer Android NDK API; I got a link from random walk.

https://android.googlesource.com/platform/bionic/+/master/android-changes-for-ndk-developers.md#writable-and-executable-segments-enforced-for-api-level-26

can you do the same thing without errors in non-termux environment ?

That problem is caused by a limit of bionic linker, which bans the load of .so libraries with W+E load segments , and the hijack library of lkl always have W+E load segments, so it isn't the problem of termux, but android bionic linker.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@thehajime @ddiss @fish4terrisa-MSDSM