Skip to content

Commit 3ef9cb9

Browse files
cinitcinit
committed
chore: update embedded shellcode
1 parent 884780c commit 3ef9cb9

File tree

5 files changed

+374
-288
lines changed

5 files changed

+374
-288
lines changed

core-syscall/src/main/java/dev/tmpfs/libcoresyscall/core/impl/arch/ShellcodeImpl_Arm32.java

Lines changed: 90 additions & 57 deletions
Original file line numberDiff line numberDiff line change
@@ -15,54 +15,87 @@ private ShellcodeImpl_Arm32() {
1515

1616
@Override
1717
public byte[] getShellcodeBytes() {
18-
//05e0 l O .text 0018 get_hook_info.sHookInfo
19-
//0000 g F .text 0008 NativeBridge_breakpoint
20-
//0008 g F .text 0024 __clear_cache
21-
//002c g F .text 0038 syscall_ext
22-
//0064 g F .text 0040 NativeBridge_nativeSyscall
23-
//00a4 g F .text 0030 NativeBridge_nativeClearCache
24-
//00d4 g F .text 0014 NativeBridge_nativeCallPointerFunction0
25-
//00e8 g F .text 0018 NativeBridge_nativeCallPointerFunction1
26-
//0100 g F .text 001c NativeBridge_nativeCallPointerFunction2
27-
//011c g F .text 0024 NativeBridge_nativeCallPointerFunction3
28-
//0140 g F .text 0028 NativeBridge_nativeCallPointerFunction4
29-
//0168 g F .text 0040 NativeBridge_nativeGetJavaVM
30-
//01a8 g F .text 0010 get_hook_info
31-
//01b8 g F .text 003c lsw_pread64
32-
//01f4 g F .text 0038 lsw_mprotect
33-
//022c g F .text 0104 fake_fstat64
34-
//0330 g F .text 0284 fake_mmap64
35-
//05b4 g F .text 002c fake_mmap
18+
//0000 g DF .text 0008 NativeBridge_breakpoint
19+
//0000 g D .text 0000 ___text_section
20+
//0008 g DF .text 0040 NativeBridge_nativeSyscall
21+
//0048 g DF .text 0038 syscall_ext
22+
//0080 g DF .text 0030 NativeBridge_nativeClearCache
23+
//00b0 g DF .text 0020 __clear_cache
24+
//00d0 g DF .text 0014 NativeBridge_nativeCallPointerFunction0
25+
//00e4 g DF .text 0018 NativeBridge_nativeCallPointerFunction1
26+
//00fc g DF .text 001c NativeBridge_nativeCallPointerFunction2
27+
//0118 g DF .text 0024 NativeBridge_nativeCallPointerFunction3
28+
//013c g DF .text 0028 NativeBridge_nativeCallPointerFunction4
29+
//0164 g DF .text 0040 NativeBridge_nativeGetJavaVM
30+
//01a4 g DF .text 0038 ashmem_dev_get_size_region
31+
//01dc g DF .text 0010 get_hook_info
32+
//01ec g DF .text 0008 get_current_pc
33+
//01f4 g DF .text 00e0 fake_fstat64
34+
//02d4 g DF .text 0480 fake_mmap64
35+
//0858 g DF .text 002c fake_mmap
36+
//0bd0 l O .rodata 0018 _ZZ13get_hook_infoE9sHookInfo
3637
String b64 =
37-
"cAAg4R7/L+GATC3pCLCN4gJwAOMAIKDjD3BA4wAAAO8AAFDjgIy9CP7e/+cwSC3pCLCN4ghQi+ID\n" +
38-
"4KDhAMCg4QEAoOECEKDhOACV6A4goOEEcC3lDHCg4QAAAO8EcJ3kMIi96BBMLekIsI3iENBN4gIA\n" +
39-
"oOEIEJvlECCb5Rgwm+UgwJvlMECb5Sjgm+UAUI3oCECN5eT//+sAEKDjCNBL4hCMveiATC3pCLCN\n" +
40-
"4ggQm+UCcADjAgCg4Q9wQOMCEIHgACCg4wAAAO8AAFDjgIy9CP7e/+cASC3pDbCg4TL/L+EAEKDj\n" +
41-
"AIi96ABILekNsKDhCACb5TL/L+EAEKDjAIi96ABILekNsKDhCACb5RAQm+Uy/y/hABCg4wCIvegA\n" +
42-
"SC3pDbCg4QIwoOEIAJvlEBCb5Rggm+Uz/y/hABCg4wCIvegASC3pDbCg4QLAoOEIAJvlEBCb5Rgg\n" +
43-
"m+UgMJvlPP8v4QAQoOMAiL3oEEwt6QiwjeII0E3iABCQ5QBAoOMEQI3lbCOR5QQQjeIy/y/hBBCd\n" +
44-
"5QAAUOMEEKARAQCg4QAQoOMI0EviEIy96AQAn+UAAI/gHv8v4SwEAAAASC3pDbCg4RDQTeICMKDh\n" +
45-
"ASCg4QAQoOEAAKDjCOCb5QzAm+UBQI3otACg4wjAjeWP///rC9Cg4QCIvegASC3pDbCg4RDQTeIC\n" +
46-
"MKDhASCg4QAQoOEAAKDjAACN5QQAjeUIAI3lfQCg44H//+sL0KDhAIi96PBNLekYsI3iENBN4gFA\n" +
47-
"oOEAUKDhAHCg48UAoOMFEKDhBCCg4QAwoOMAcI3lBHCN5QhwjeVx///rAQpw4xIAAIq0AJ/l0CDE\n" +
48-
"4QAAj+AEAJDlqBCf5QAwI+ABEJ/nASAi4AMgkuEFAAAaAACR4QMAAAowALTlBBCU5QEAkOENAAAK\n" +
49-
"BwCg4RjQS+Lwjb3oAGCg4WAAn+UAAI/gCACQ5TD/L+EAEGbiABCA5QBw4OMHAKDhGNBL4vCNvegB\n" +
50-
"gA/jNgCg4wUQoOEEJwfjADCg4/+PT+MAcI3lBHCN5QhwjeVH///rCABQ4QBgoDHwYMQxBwCg4RjQ\n" +
51-
"S+Lwjb3oGAMAAGQDAABUAwAA8E8t6RywjeKM0E3iFACN5QAA4OMcEI3lAkCg4RgAjeUAoKDjTIKf\n" +
52-
"5QCQoOMIEJvlCICP4BAwjeUAAFHjGAAASiIAA+IAYKDjAgBQ4wBwoOMEUKDhFQAAGiAQjeJQAMDy\n" +
53-
"hJCN5QEAoOHNCkD0zQpA9M0KQPTNCkD0zQpA9M0KQPQAkIDlCACb5Zv//+sAAFDjZgAACgAA4OME\n" +
54-
"UKDhGACN5QIAAOoAYKDjAHCg4wRQoOEIAJjlDECN5TD/L+EQMJvlAICg4f8fAOMWAKDjAQAT4VIA\n" +
55-
"ABoAIA/j/y9P4wMgUuAUIJvlAhDR4EwAADoQEJ3lIwag4QAQjeUCCoDhCBCb5QUwoOEEEI3lFBCd\n" +
56-
"5RwgneUIAI3lwACg4/f+/+sBCnDjPQAAihhQneUBAHXjOAAAChQAjeUKAJnhFgAAChRAneUBiqDj\n" +
57-
"BgAA6gBgluAEQIDgAHCn4gCQWeAAoMriCgCZ4QwAAAoBClnjASqg4wkgoDEAAFrjCCCgEQUAoOEE\n" +
58-
"EKDh8GDN4T///+sAAFDj7f//ygQAcOPw//8K4HCf5RwQneUHcI/gDGCd5QFQQeIUQJ3lEACX5QYg\n" +
59-
"oOEAEIXgAABg4gAQAeAEAKDhPf//6wQAoOEEABbjDgAAChAQl+UCcADjD3BA4wAwYeIDIADgAACF\n" +
60-
"4AEAgOADEADgAgCg4QAgoOMAAADvABCg4RQAneUAAFHjFwAAGhzQS+Lwj73oAABg4gAAiOUAAODj\n" +
61-
"HNBL4vCPveggIJ3lJDCd5QQAmOU4EJ/lADAj4AEQn+cBICLgAyCS4Y///xoAAJHhjf//ChyQneUD\n" +
62-
"UITjEGCb5RRwm+UIAJvlif//6v7e/+d4AgAAZAAAAAgBAAAwSC3pCLCN4hDQTeIIwJvlAFCg4wxA\n" +
63-
"m+X4QM3hAMCN5VX//+sI0EviMIi96O++r94AAAAAFEURAAAAAAAAAAAAAAAAAA==";
38+
"cAAg4R7/L+EQTC3pCLCN4hDQTeICAKDhCBCb5RAgm+UYMJvlIMCb5TBAm+Uo4JvlAFCN6AhAjeUC\n" +
39+
"AADrABCg4wjQS+IQjL3oMEgt6QiwjeIIUIviA+Cg4QDAoOEBAKDhAhCg4TgAlegOIKDhBHAt5Qxw\n" +
40+
"oOEAAADvBHCd5DCIveiATC3pCLCN4ggQm+UCcADjAgCg4Q9wQOMCEIHgACCg4wAAAO8AAFDjgIy9\n" +
41+
"CP7e/+eAQC3pAnAA4wAgoOMPcEDjAAAA7wAAUOOAgL0I/t7/5wBILekNsKDhMv8v4QAQoOMAiL3o\n" +
42+
"AEgt6Q2woOEIAJvlMv8v4QAQoOMAiL3oAEgt6Q2woOEIAJvlEBCb5TL/L+EAEKDjAIi96ABILekN\n" +
43+
"sKDhAjCg4QgAm+UQEJvlGCCb5TP/L+EAEKDjAIi96ABILekNsKDhAsCg4QgAm+UQEJvlGCCb5SAw\n" +
44+
"m+U8/y/hABCg4wCIvegQTC3pCLCN4gjQTeIAEJDlAECg4wRAjeVsI5HlBBCN4jL/L+EEEJ3lAABQ\n" +
45+
"4wQQoBEBAKDhABCg4wjQS+IQjL3oAEgt6Q2woOEQ0E3iABCg4QAAoOMAAI3lBCcH4wQAjeUAMKDj\n" +
46+
"CACN5TYAoOOc///rC9Cg4QCIvegEAJ/lAACP4B7/L+HoCQAADgCg4R7/L+HwTS3pGLCN4hDQTeIB\n" +
47+
"QKDhAFCg4QBwoOPFAKDjBRCg4QQgoOEAMKDjAHCN5QRwjeUIcI3lhv//6wEKcOMKAACaAGCg4YgA\n" +
48+
"n+UAAI/gCACQ5TD/L+EAEGbiABCA5QBw4OMHAKDhGNBL4vCNvehkAJ/l0CDE4QAAj+AEAJDlWBCf\n" +
49+
"5QAwI+ABEJ/nASAi4AMgkuHy//8aAACR4fD//wowALTlBBCU5QEAkOHs//8aAIAP4wUAoOH/j0/j\n" +
50+
"vP//6wgAUOEAYKCR8GDEkQcAoOEY0Evi8I296IwJAABgCQAAUAkAAPBPLekcsI3i3NBN4hAAjeUD\n" +
51+
"UKDhFBCN5QKgoOFMZJ/lAJCg4wgAm+UBcKDjEICb5QZgj+AAAFDjXgAASiIABeICAFDjWwAAGnBw\n" +
52+
"jeJQAMDyCBCb5QAwoOMHAKDhByCg4c0KQPTNCkD0zQpA9M0KQPTNCkD0zQpA9ACQgOXFAKDj1JCN\n" +
53+
"5QCQjeUEkI3lCJCN5Tf//+sBCnDjBgAAmgBAoOEIAJblMP8v4QAQZOIAEIDlAQCg4z4AAOpwIJ3l\n" +
54+
"dDCd5QQAluWoE5/lADAj4AEQn+cBICLgAyCS4Q0AABoAAJHhCwAACqAAneWkEJ3lAQCQ4QcAABoI\n" +
55+
"AJvlAEAP4/9PT+Ny///rBABQ4TAQh5IAMKCTCQCBmHAAneV0EJ3lBCCW5VAzn+UCECHgAzCf5wMA\n" +
56+
"IOABAIDhAhCT4RAPb+EBEAATBAAa46ACoOEBkADgAQCg4xcAAAoYII3iUADA8gAQoOMAMKDjAgCg\n" +
57+
"4WwQjeXNCkD0zQpA9M0KQPTNCkD0zQpA9AAQgOULAQDjABCN5QQQjeUIEI3lCBCb5fX+/+sYEJ3l\n" +
58+
"lCkB4wIhQOMCECHgAQCQ4QEAABMJcMDhCACW5TD/L+H/HwDjFmCg4wEAGOEqAAAaFECb5UoQ4OMM\n" +
59+
"oI3lJKaw4REAABoIEJvlAGCg4QwwneUoBqDhBBCN5QAAWeMQEJ3lBAqA4RQgneUCMIMTCACN5cAA\n" +
60+
"oOMAUI3l1f7/6wAQoOEBCnDjGQAAmgYAoOEMIJ3lpTDg4Q0AceMiIeDhpSKC4QMgguEBIALiByCC\n" +
61+
"4QEgABMAAFLjAQAACgBgYeIGAADqAABa4w1goOMCEAUCASCgA6EQIgAHEJEBPQAACgBggOUAEODj\n" +
62+
"AQCg4RzQS+Lwj73oAABZ4/r//woUAJ3lEBCN5QAAUOMbAAAKEHCd5QBQoOMUoJ3lAZqg4wBgoOMG\n" +
63+
"AADqAICY4AdwgOAAQKTiAKBa4ABgxuIGAJrhDgAACgEKWuMBOqDjCBCb5QowoDEAAFbjtACg4wkw\n" +
64+
"oBEHIKDhIAGN6AhAjeWa/v/rAABQ4+v//8oEAHDj7v//Clxhn+UAEKDjABCN5QZgj+AEEI3lCBCN\n" +
65+
"5RQQneUQAJblAUBB4gxQneUAEITgAABg4gAgAeAQEJ3lfQCg4wUwoOGF/v/rBAAV4zMAABoQEJ3l\n" +
66+
"AQCg4RzQS+Lwj73oKBag4Qggm+UEGoHhDHCd5QQgjeUAoKDhCBCN5QQwx+MQEJ3lwACg4xQgneUA\n" +
67+
"UI3lcv7/6wAQoOEKAKDhAQpx47D//4oUkJ3lAGCg41sAoOMAMKDjAGCN5QkgoOEEYI3lCGCN5WX+\n" +
68+
"/+sAEA/j/x9P4wEQgeIBAFDhHgAAKiAQheMAEI3lEBCd5QAA4OMCMIfjQQCN6cAAoOMJIKDhV/7/\n" +
69+
"6wAQoOEAAA/j/w9P4wAAUeGb//+aAGBh4goAoOGR///qEDCd5RAQluUDcITgACBh4gEQh+ACcADj\n" +
70+
"AwAC4AIQAeAPcEDjACCg4wAAAO8DEKDhAABQ44X//wr+3v/nxAgAACgIAADMBwAA0AUAAABILekN\n" +
71+
"sKDhENBN4gEgoOEAEKDhAACg4wAwoOMAAI3lBACN5QgAjeULAQDjMP7/6wvQoOEAiL3oEEwt6Qiw\n" +
72+
"jeIQ0E3iAsCg4RQgm+UB4KDhABCg4SIGsOFKAODjCQAAGhAAm+UIQJvlGACN6AwwoOEgBqDhAgqA\n" +
73+
"4QgAjeXAAKDjDiCg4Rr+/+sI0EviEIy96ABILekNsKDhENBN4gIwoOEBIKDhABCg4QAAoOMI4Jvl\n" +
74+
"DMCb5QFAjei0AKDjCMCN5Qv+/+sL0KDhAIi96ABILekNsKDhENBN4gIwoOEBIKDhABCg4QAAoOMA\n" +
75+
"AI3lBACN5QgAjeV9AKDj/f3/6wvQoOEAiL3oMEgt6QiwjeIQ0E3iCMCb5QBQoOMMQJvl+EDN4QDA\n" +
76+
"jeWV/v/rCNBL4jCIvegASC3pDbCg4RDQTeIBIKDhABCg4QAAoOMAMKDjAACN5QQAjeUIAI3lWwCg\n" +
77+
"4+T9/+sL0KDhAIi96ABILekNsKDhENBN4gIwoOEBIKDhABCg4QAAoOMAAI3lBACN5QgAjeUDAKDj\n" +
78+
"1v3/6wvQoOEAiL3oAEgt6Q2woOEQ0E3iAjCg4QEgoOEAEKDhAACg4wAAjeUEAI3lCACN5QQAoOPI\n" +
79+
"/f/rC9Cg4QCIvegASC3pDbCg4RDQTeICwKDhASCg4QAQoOEAAKDjADCN5QwwoOEEAI3lCACN5UIB\n" +
80+
"AOO5/f/rC9Cg4QCIvegASC3pDbCg4RDQTeICwKDhASCg4QAQoOEAAKDjADCN5QwwoOEEAI3lCACN\n" +
81+
"5UcBAOOq/f/rC9Cg4QCIvegASC3pDbCg4RDQTeIAIKDhAACg4wEwoOEAAI3lBACN5WMQ4OMIAI3l\n" +
82+
"RwEA45z9/+sL0KDhAIi96ABILekNsKDhENBN4gEgoOEAEKDhAACg4wAwoOMAAI3lBACN5QgAjeXF\n" +
83+
"AKDjjv3/6wvQoOEAiL3oAEgt6Q2woOEQ0E3iABCg4QAAoOMAAI3lACCg4wQAjeUAMKDjCACN5QYA\n" +
84+
"oOOA/f/rC9Cg4QCIvegASC3pDbCg4RDQTeICMKDhASCg4QAQoOEAAKDjAACN5QQAjeUIAI3lNgCg\n" +
85+
"43L9/+sL0KDhAIi96ABILekNsKDhENBN4gAQoOEAAKDjAACN5QAgoOMEAI3lADCg4wgAjeX4AKDj\n" +
86+
"ZP3/6/7e/+cAAFLjPwAACgAwoOEDAFLjAhDD5gEQQ+U6AAA6BwBS4wIQwOUBEMDlAxBD5QIQQ+U0\n" +
87+
"AAA6CQBS4wMQwOUEEEPlHv8vMQBILekNsKDhATEA43EQ7+YBMUDjkQMB4AAwYOIDwAPiADCg4Qwg\n" +
88+
"QuAMEKPnA8DC4wwgg+AJAFzjBBAC5R8AADoZAFzjBBCD5QgQg+UMEALlCBAC5RkAADoMEIPlEBCD\n" +
89+
"5RQQg+UYEIPlHBAC5RgQAuUUEALlEBAC5QQgA+IY4ILjDiBM4CAAUuMMAAA6DjCD4CAgQuIAEIPl\n" +
90+
"BBCD5R8AUuMIEIPlDBCD5RAQg+UUEIPlGBCD5RwQg+UgMIPi8///igBIvege/y/hAAAAAAAAAAAA\n" +
91+
"AAAA776v3gAAAAAURREAAAAAAAAQAAAAAAAAGPT/fwEAAAAY9P9/AQAAAFD0/38BAAAAgPT/fwEA\n" +
92+
"AACo9P9/AQAAAMD0/38BAAAAzPT/fwEAAADc9P9/AQAAAPD0/38BAAAADPX/fwEAAAAs9f9/AQAA\n" +
93+
"AGT1/38BAAAAlPX/fwEAAACc9f9/AQAAAJz1/38BAAAAdPb/fwEAAADs+v9/AQAAABz7/38BAAAA\n" +
94+
"bPv/fwEAAACg+/9/AQAAAND7/38BAAAA9Pv/fwEAAAAk/P9/AQAAAFT8/38BAAAAhPz/fwEAAAC4\n" +
95+
"/P9/AQAAAOz8/38BAAAAHP3/fwEAAABM/f9/AQAAAHz9/38BAAAArP3/fwEAAADU/f9/AQAAAND9\n" +
96+
"/38BAAAA1P7/fwEAAAA=\n";
6497
byte[] bytes = android.util.Base64.decode(b64, android.util.Base64.DEFAULT);
65-
int hookInfoOffset = 0x05e0;
98+
int hookInfoOffset = 0x0bd0;
6699
fillInHookInfo(bytes, hookInfoOffset);
67100
return bytes;
68101
}
@@ -74,57 +107,57 @@ public int getNativeDebugBreakOffset() {
74107

75108
@Override
76109
public int getNativeClearCacheOffset() {
77-
return 0x00a4;
110+
return 0x0080;
78111
}
79112

80113
@Override
81114
public int getNativeSyscallOffset() {
82-
return 0x0064;
115+
return 0x0008;
83116
}
84117

85118
@Override
86119
public int getNativeCallPointerFunction0Offset() {
87-
return 0x00d4;
120+
return 0x00d0;
88121
}
89122

90123
@Override
91124
public int getNativeCallPointerFunction1Offset() {
92-
return 0x00e8;
125+
return 0x00e4;
93126
}
94127

95128
@Override
96129
public int getNativeCallPointerFunction2Offset() {
97-
return 0x0100;
130+
return 0x00fc;
98131
}
99132

100133
@Override
101134
public int getNativeCallPointerFunction3Offset() {
102-
return 0x011c;
135+
return 0x0118;
103136
}
104137

105138
@Override
106139
public int getNativeCallPointerFunction4Offset() {
107-
return 0x0140;
140+
return 0x013c;
108141
}
109142

110143
@Override
111144
public int getNativeGetJavaVmOffset() {
112-
return 0x0168;
145+
return 0x0164;
113146
}
114147

115148
@Override
116149
public int getFakeStat64Offset() {
117-
return 0x022c;
150+
return 0x01f4;
118151
}
119152

120153
@Override
121154
public int getFakeMmap64Offset() {
122-
return 0x0330;
155+
return 0x02d4;
123156
}
124157

125158
@Override
126159
public int getFakeMmapOffset() {
127-
return 0x05b4;
160+
return 0x0858;
128161
}
129162

130163
@Override

0 commit comments

Comments
 (0)