Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

执行错误 #604

Open
q601180252 opened this issue Feb 27, 2024 · 2 comments
Open

执行错误 #604

q601180252 opened this issue Feb 27, 2024 · 2 comments

Comments

@q601180252
Copy link

q601180252 commented Feb 27, 2024
edited

`
package com.libre;

import com.abbottdiabetescare.flashglucose.sensorabstractionservice.dataprocessing.Out;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.github.unidbg.AndroidEmulator;
import com.github.unidbg.Emulator;
import com.github.unidbg.Module;
import com.github.unidbg.arm.backend.Backend;
import com.github.unidbg.arm.backend.CodeHook;
import com.github.unidbg.arm.backend.UnHook;
import com.github.unidbg.arm.backend.Unicorn2Factory;
import com.github.unidbg.debugger.BreakPointCallback;
import com.github.unidbg.debugger.Debugger;
import com.github.unidbg.debugger.DebuggerType;
import com.github.unidbg.file.FileResult;
import com.github.unidbg.file.IOResolver;
import com.github.unidbg.file.linux.AndroidFileIO;
import com.github.unidbg.linux.android.AndroidEmulatorBuilder;
import com.github.unidbg.linux.android.AndroidResolver;
import com.github.unidbg.linux.android.dvm.*;
import com.github.unidbg.linux.android.dvm.array.ByteArray;
import com.github.unidbg.linux.android.dvm.jni.ProxyDvmObject;
import com.github.unidbg.linux.file.ByteArrayFileIO;
import com.github.unidbg.linux.file.SimpleFileIO;
import com.github.unidbg.memory.Memory;
import com.github.unidbg.memory.MemoryBlock;
import com.github.unidbg.pointer.UnidbgPointer;
import com.github.unidbg.spi.LibraryFile;
import com.github.unidbg.utils.Inspector;
import com.github.unidbg.virtualmodule.android.AndroidModule;
import com.github.unidbg.virtualmodule.android.JniGraphics;
import com.outshineiot.bubble.xabet.AlgorithmResults;
import com.outshineiot.bubble.xabet.RequltData;
import org.apache.commons.codec.DecoderException;
import org.apache.commons.codec.binary.Hex;
import org.apache.commons.io.IOUtils;
import unicorn.Arm64Const;
import unicorn.ArmConst;
import unicorn.UnicornConst;

import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import java.util.zip.DataFormatException;
import java.util.zip.Inflater;

public class runlibre5 extends AbstractJni {

static runlibre5 runLibre3Obj;


public static void init(String path) {
    if (runLibre3Obj == null) {
        try {
            String apkFilePath = path + "libre3/libreoop.apk";
            apkFile2 = new File(apkFilePath);
            runLibre3Obj = new runlibre5(apkFilePath);
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}

public static void clear() {
    if (runLibre3Obj != null) {
        try {
            runLibre3Obj.destroy();
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
    runLibre3Obj = null;
    System.gc();
}


private final AndroidEmulator emulator;
private final VM vm;
private final Module module;

private static File apkFile2;

private final DvmClass cNativeClass;

public runlibre5(String apkFilePath) throws DecoderException, IOException {
    System.out.println("runlibre4 == =====");
    emulator = AndroidEmulatorBuilder.for64Bit()
            .setProcessName("com.bubble.minalibre2ca")

// .addBackendFactory(new DynarmicFactory((true)))
// .addBackendFactory(new HypervisorFactory(true))
// .addBackendFactory(new Unicorn2Factory(true))
.build(); // 创建模拟器实例,要模拟32位或者64位,在这里区分
System.out.println("backend == =" + emulator.getBackend());
final Memory memory = emulator.getMemory();
// 设置系统类库解析
memory.setLibraryResolver(new AndroidResolver(23));

    vm = emulator.createDalvikVM(new File(apkFilePath)); // 创建Android虚拟机
    vm.setJni(this);
    vm.setVerbose(true); // 设置是否打印Jni调用细节

//// vm.set
// emulator.getSyscallHandler().addIOResolver(this);
// DalvikModule dm = vm.loadLibrary("g", true); // 加载libttEncrypt.so到unicorn虚拟内存,加载成功以后会默认调用init_array等函数
// module = dm.getModule(); // 加载好的libttEncrypt.so对应为一个模块
// dm.callJNI_OnLoad(emulator);
//

    DalvikModule dm = vm.loadLibrary("g", true);
    module = dm.getModule();

    // 执行JNIOnLoad(如果有的话)
    dm.callJNI_OnLoad(emulator);
    String classPath = "tk/glucodata/Natives";

    cNativeClass = vm.resolveClass(classPath);


}

private void destroy() throws IOException {
    emulator.close();
}

public DvmObject<?> allocObject(BaseVM vm, DvmClass dvmClass, String signature) {
    System.out.println("allocObject111111=====" + signature);
    if ("com/outshineiot/bubble/xabet/AlgorithmResults->allocObject".equals(signature)) {
        return dvmClass.newObject(new AlgorithmResults());
    }
    throw new UnsupportedOperationException(signature);
}

public int getIntField(BaseVM vm, DvmObject<?> dvmObject, String signature) {
    System.out.println("getIntField=====" + signature);
    if ("android/content/pm/PackageInfo->versionCode:I".equals(signature)) {
        return (int) vm.getVersionCode();
    }
    throw new UnsupportedOperationException(signature);
}

@Override
public DvmObject<?> newObject(BaseVM vm, DvmClass dvmClass, String signature, VarArg varArg) {
    System.out.println("newObject");
    if ("com/github/unidbg/android/AndroidTest-><init>()V".equals(signature)) {
        return dvmClass.newObject(null);
    }
    return super.newObject(vm, dvmClass, signature, varArg);
}


public static void main(String[] args) throws IOException, DecoderException, Exception {


    File file = new File("");
    String path = file.getCanonicalPath();
    System.out.println("path===" + path);
    String apkFilePath = path + "/libre3/libreoop.apk";
    apkFile2 = new File(apkFilePath);

    runlibre5 runLibre3Obj = new runlibre5(apkFilePath);
    runLibre3Obj.init();

// runLibre3Obj.initNFC();
runLibre3Obj.destroy();
}

// /data/user/0/com.bubble.minalibre2ca/files before setfilesdir country=CN nativeDir=/data/app/com.bubble.minalibre2ca-El4SZwJUYPPCboNjatnzAQ==/lib/arm64
public void init() {
    LibraryFile file = vm.findLibrary("libg.so");
    String fileName = file.getPath().replace("/libg.so", "");
    System.out.println(fileName);

    String s1 = "/data/user/0/com.bubble.minalibre2ca-1/files";
    String s2 = "CN";
    String s3 = fileName;
    int processScan = cNativeClass.callStaticJniMethodInt(emulator, "setfilesdir(Ljava/lang/String;Ljava/lang/String;Ljava/lang/String;)I", s1, s2, s3);
    cNativeClass.callStaticJniMethod(emulator, "startsensors()V");
    System.out.println(JSON.toJSONString(processScan));
    boolean flag = cNativeClass.callStaticJniMethodBoolean(emulator, "abbottinit()Z");
}

public void initNFC() {
    AlgorithmResults algorithmResults = new AlgorithmResults();
    byte[] uid = UtilBlue.hexStringToBytes("5751b50200a407e0");
    byte[] info = UtilBlue.hexStringToBytes("9d0830017709");
    byte[] data = UtilBlue.hexStringToBytes("a665c3bf772138b274313497cfeadf760a2d8b40be8cf226a7b4830a8b7b20d320b4f4d131cd915191b7f1964d4599452363d29375257f95772a93d75e4631365b30fd94b3b64f60a54e06385f7b670047dce9e9e5a9d6f2d85d291b87e85fd16d850a7aa088b55525f73b7103f359510eed4e7aee4f22070fbadee295ba3a8eea701134fd58cc7499879a199d11ceb63f5cfedcf771dd4a6b1dbc98c94e92c53107960f64e2ef9396f48a800f737ea97e6744514c34c5d66ae6a567e4e003f55ed78cc39280ac4c790a22fb78cedd676b10c24d9f2b5831d87a1669b1deb42dfe8d04b986b10e42a0e895b3240102f05851bcabb361a811c67543effd7f2d83b66f99d5daf20bd5de30a800fa3fb050368308d246c00b47a9014d6eeeacd96716bf644282cf62f9a11ddad729536b20910784cd81f38877412913458304c356fe690791536f91571b6cc62e36afc5646307f5791d6abdf4");
    String mname = "nfcdata([B[B[BLcom/outshineiot/bubble/xabet/RequltData;[B[B[B)Ljava/lang/Object";
    RequltData out = new RequltData();
    DvmObject<?> out1 = ProxyDvmObject.createObject(vm, out);
    out.sensorStartTime = 0;
    out.currentTime = 326855705;
    DvmObject<?> processScan = cNativeClass.callStaticJniMethodObject(emulator, mname, uid, info, data, out1, null, null, null);
    System.out.println(JSON.toJSONString(processScan));
}

}

`
@q601180252
Copy link
Author

错误信息
debugger break at: 0x400e9ce4 @ Runnable|Function64 address=0x400e2acc, arguments=[unidbg@0xfffe1640, -1662257446]

x0=0xfffe1640(-125376) x1=0xffffffff9cebf6da x2=0xd0 x3=0x403c0000 x4=0x403c0200 x5=0x403c02d0 x6=0x1 x7=0xbffff708 x8=0x0 x9=0x0 x10=0x1 x11=0xbfffe430 x12=0xb x13=0x0 x14=0x7fffffff
x15=0x0 x16=0x40189358 x17=0x40348760 x18=0xb x19=0x0 x20=0x0 x21=0x0 x22=0x0 x23=0x0 x24=0x0 x25=0x0 x26=0x0 x27=0x0 x28=0x0 fp=0xbffff6d0
q0=0xbffff69000000000bffff700(1.591495705E-314, 1.5914956496E-314) q1=0xffffff80ffffffc800000000bffff650(1.591495618E-314, NaN) q2=0x72742f73676f6c2f73656c69662f6163(7.489563950000777E247, 2.153539780993943E243) q3=0xbffff5e0(-1.9996910095214844) q4=0x8dcf33a2(-1.2769790099084385E-30) q5=0x8b(1.9478048654114957E-43) q6=0x8b61(4.99997305055738E-41) q7=0x8b6165(1.280007254057179E-38) q8=0x0(0.0) q9=0x0(0.0) q10=0x0(0.0) q11=0x0(0.0) q12=0x0(0.0) q13=0x0(0.0) q14=0x0(0.0) q15=0x0(0.0)
q16=0x0(0.0) q17=0x7b(1.723597111119525E-43) q18=0x7b90(4.4325873023522614E-41) q19=0x7b908e(1.1347622478403723E-38) q20=0x8ffe5d9b(-2.508238925581193E-29) q21=0xc4(2.7465449900766415E-43) q22=0xc4f3(7.065206727279295E-41) q23=0xc4f3aa(1.808716744257393E-38) q24=0x40180bf0(2.3757286071777344) q25=0x0(0.0) q26=0x4035528c(2.833163261413574) q27=0x0(0.0) q28=0xbffff6c0(-1.9997177124023438) q29=0x0(0.0) q30=0x0(0.0) q31=0x0(0.0)
LR=RX@0x400e2ad8[libg.so]0xe2ad8
SP=0xbffff6d0
PC=RX@0x400e9ce4[libg.so]0xe9ce4
nzcv: N=0, Z=1, C=1, V=0, EL0, use SP_EL0
[libg.so 0x0e9ce0] [280100b4] 0x400e9ce0: "cbz x8, #0x400e9d04"
=> *[libg.so 0x0e9ce4][080940f9]0x400e9ce4:"ldr x8, [x8, #0x10]" [0x10] => mem_read address=0x10, size=8
[libg.so 0x0e9ce8] [087d4039] 0x400e9ce8: "ldrb w8, [x8, #0x1f]"
[libg.so 0x0e9cec] [c8000037] 0x400e9cec: "tbnz w8, #0, #0x400e9d04"
[libg.so 0x0e9cf0] [20fbffb0] 0x400e9cf0: "adrp x0, #0x4004e000"
[libg.so 0x0e9cf4] [00c83791] 0x400e9cf4: "add x0, x0, #0xdf2"
[libg.so 0x0e9cf8] [224f0294] 0x400e9cf8: "bl #0x4017d980"
[libg.so 0x0e9cfc] [60008012] 0x400e9cfc: "mov w0, #-4"
[libg.so 0x0e9d00] [07000014] 0x400e9d00: "b #0x400e9d1c"
[libg.so 0x0e9d04] [280500b0] 0x400e9d04: "adrp x8, #0x4018e000"
[libg.so 0x0e9d08] [08e10191] 0x400e9d08: "add x8, x8, #0x78"
[libg.so 0x0e9d0c] [08fddf08] 0x400e9d0c: "ldarb w8, [x8]"
[libg.so 0x0e9d10] [c8000036] 0x400e9d10: "tbz w8, #0, #0x400e9d28"
[libg.so 0x0e9d14] [280500b0] 0x400e9d14: "adrp x8, #0x4018e000"
[libg.so 0x0e9d18] [007140b9] 0x400e9d18: "ldr w0, [x8, #0x70]"
[libg.so 0x0e9d1c] [f30b40f9] 0x400e9d1c: "ldr x19, [sp, #0x10]"
[libg.so 0x0e9d20] [fd7bc2a8] 0x400e9d20: "ldp x29, x30, [sp], #0x20"

@heckerstone
Copy link

修改点1:
image
修改点2:
image
resole方法中增加对应文件即可

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@q601180252 @heckerstone