From Scudo page:
Some parameters of the allocator can be defined on a per-process basis through several ways:
Statically: Define a __scudo_default_options function in the program that returns the options string to be parsed. This function must have the following prototype: extern "C" const char *__scudo_default_options().
Dynamically: Use the environment variable SCUDO_OPTIONS containing the options string to be parsed. Options defined this way override any definition made through __scudo_default_options.
Im fairly new to Android, could someone help me understand where to put functions like __scudo_default_options in cpp code, I have MainActivity.cpp and MidiManager.cpp
The function can be located anywhere within the application, as long as it's discoverable by the linker. Putting it in the vicinity of your main compilation unit is probably better.
You want to make sure that the symbol has a public visibility.
You can refer to the example in the tests here:
https://github.com/llvm/llvm-project/blob/main/compiler-rt/lib/scudo/standalone/tests/scudo_unit_test_main.cpp#L23
eg. in MainActivity.cpp, something to the extent of:
extern "C" __attribute__((visibility("default"))) const char *
__scudo_default_options() {
return "quarantine_size_kb=256:thread_local_quarantine_size_kb=128:"
"quarantine_max_chunk_size=512";
}
Related
We can write methods to get the key as below both Method 1 and Method 2 for the Android app
Are both Methods have the same security strength? or is there any security weakness in one of the below Methods while decompile/reverse engineering or other app cracking procedures?
Method 1
declare/assign key inside the method in the lib.cpp file
lib.cpp file
extern "C"
JNIEXPORT jstring JNICALL
Java_com_app_keytest_KeyHelper_getKey(JNIEnv *env, jobject) {
std::string API_KEY = "YOUR_API_KEY";
return env->NewStringUTF(API_KEY.c_str());
}
Method 2
declare/assign keys in separate keys.h file in the same directory with lib.cpp and import to lib.cpp file
keys.h file
std::string API_KEY = "YOUR_API_KEY";
lib.cpp file
#include "keys.h"
extern "C"
JNIEXPORT jstring JNICALL
Java_com_app_keytest_KeyHelper_getKey(JNIEnv *env, jobject) {
return env->NewStringUTF(API_KEY.c_str());
}
Your two snippets compile to nearly the exact same code. In both cases the API key is present in plain text in the compiled library. Even if you took pains to obfuscate the native code, an attacker can just attach a debugger and catch the return value of getKey.
You need to rethink your approach and decide if it is actually worth the effort on your part.
You can achieve a good result in another way:
you have to obfuscate JNI function name because "getKey()" is too much self-explained and easy to understand during reverse engineering
add unused parameters to "getKey()" to make it more complex when scrolling while viewing reversed code
getKey() haven't to return the Key but have to call a Java method or set a specific Java variable
About #3: I'm using a dedicated Thread on JNI to receive a "command" and a "callback" for its results:
Java calls JNI's "getKey(fakeArg1, fakeArg2, fn_callback, fakeArg3)"
getKey() sends a request to JNI dedicated Thread and pass even "fn_callback" as part of that request
the dedicated Thread process the request and then call Java Callback
In this way event during normal debugging it's very difficult to follow the Flow because debugging won't go inside dedicated Thread automatically using StepInto/Over key/button.
Update: callback is the first approach but create a link between caller and the result. To avoid this you could call a completly separated Java method from JNI to pass the variable to.
I am trying to call external C++ function from NASM. As I was searching on google I did not find any related solution.
C++
void kernel_main()
{
char* vidmem = (char*)0xb8000;
/* And so on... */
}
NASM
;Some calls before
section .text
;nothing special here
global start
extern kernel_main ;our problem
After running compiling these two files I am getting this error: kernel.asm(.text+0xe): undefined reference to kernel_main'
What is wrong here? Thanks.
There is no standardized method of calling C++ functions from assembly, as of now. This is due to a feature called name-mangling. The C++ compiler toolchain does not emit symbols with the names exactly written in the code. Therefore, you don't know what the name will be for the symbol representing the function coded with the name kernel_main or kernelMain, whatever.
Why is name-mangling required?
You can declare multiple entities (classes, functions, methods, namespaces, etc.) with the same name in C++, but under different parent namespaces. This causes symbol conflicts if two entities with the name local name (e.g. local name of class SomeContainer in namespace SymbolDomain is SomeContainer but global name is SymbolDomain::SomeContainer, atleast to talk in this answer, okay) have the same symbol name.
Conflicts also occur with method overloading, therefore, the types of each argument are also emitted (in some form) for methods of classes. To cope with this, the C++ toolchain will somehow mangle the actual names in the ELF binary object.
So, can't I use the C++ mangled name in assembly?
Yes, this is one solution. You can use readelf -s fileName with the object-file for kernel_main. You'll have to search for a symbol having some similarity with kernel_main. Once you think you got it, then confirm that with echo _ZnSymbolName | c++filt which should output kernel_main.
You use this name in assembly instead of kernel_main.
The problem with this solution is that, if for some reason, you change the arguments, return value, or anything else (we don't know what affects name-mangling), your assembly code may break. Therefore, you have to be careful about this. On the other hand, this is not a good practice, as your going into non-standard stuff.
Note that name-mangling is not standardized, and varies from toolchain to toolchain. By depending on it, your sticking to the same compiler too.
Can't I do something standardized?
Yep. You could use a C function in C++ by declaring the function extern "C" like this
extern "C" void kernelMain(void);
This is the best solution in your case, as your kernel_main is already a C-style function with no parent class and namespace. Note that, the C function is written in C++ and still uses C++ features (internally).
Other solutions include using a macro indirection, where a C function calls the C++ function, if you really need to. Something like this -
///
/// Simple class containing a method to illustrate the concept of
/// indirection.
///
class SomeContainer
{
public:
int execute(int y)
{
}
}
#define _SepArg_ , // Comma macro, to pass into args, comma not used directly
///
/// Indirection for methods having return values and arguments (other than
/// this). For methods returning void or having no arguments, make something
/// similar).
///
#define _Generate_Indirection_RetEArgs(ret, name, ThisType, thisArg, eargs) \
extern "C" ret name ( ThisType thisArg, eargs ) \
{ \
return thisArg -> name ( eargs ); \
} \
_Generate_Indirection_RetEArgs(int, execute, SomeContainer, x, int y);
I have Mobile Application projects for IOS & Android which internally uses the same Native cpp code. IOS project calls the Native file 'MyNativeFile.cpp' from 'MyApplication.m'. Android project calls the Native file 'MyNativeFile.cpp' through 'MyActivity.java' (Application Layer) via 'MyJNIInterface.cpp' (JNI Interface).
I need a generic implementation in my Native layer file 'MyNativeFile.cpp' through which some char string type data in Native layer can be sent to Application Layers (IOS/Android). (Please note that if I use JNI callback methods like the one mentioned in https://github.com/googlesamples/android-ndk/tree/master/hello-jniCallback it would not work for IOS environment)
My Android Application has below files
MyActivity.java (Application Layer)
MyJNIInterface.cpp (JNI Interface)
MyNativeFile.cpp (Native implementation)
My IOS Project has below files
MyApplication.m (Application Layer)
MyNativeFile.cpp (Native implementation)
One way of doing this is writing the character string to a file from Native code & then reading the same file in Application layer. But this method will have performance issues.
Please suggest a good way for doing this. Share some sample code if possible.
Even I am doing such a project where strings, integer arrays and other longer data types have to be returned.
I need a generic implementation in my Native layer file
'MyNativeFile.cpp' through which some char string type data in Native
layer can be sent to Application Layers
A method for your problem of returning a string can be solved by a reference to string, in your .cpp file, the function should have a parameter of a pointer to a character array, i.e, std::string & varName.
In this parameter, be it your .m file in iOS or JNI in JAVA, all you have to do is first declare an empty in string. Then pass this empty string while you call your function.
The header file of my project is as follows.
//.h file
class FindData {
public:
void findDataPt(int corrOut, string &result_array);
//In this function make changes to result_array directly and they'll reflect on the original string too
};
To call this from .m, I IMPORT THE .h first and then do the following in iOS:
Note: Make the .m as .mm to include C++ includes and functionality
//ViewController.mm
#include <string>
viewDidLoad{
string varName;
FindData fd;
fd. findDataPt(15,varName);
}
After this, make changes to the string, in findDataPt function.
IDA (the interactive disassembler by hex-rays.com) reports native C++ functions (Android NDK, arm) as __fastcall, for example:
// int __fastcall QVariant::toULongLong(_DWORD, _DWORD); weak
By the way, this function is declared in the docs as
qulonglong QVariant::toULongLong ( bool * ok = 0 ) const
When I define a native function with __attribute__((fastcall)), I get
warning: 'fastcall' attribute directive ignored [-Wattributes]
Question:
I need to call a library function whose prototype I can (hopefully) guess.
How do I declare functions so that they would be called with the right calling convention (namely, the __fastcall one reported by IDA)?
IDA just uses fastcall for any calling convention involving registers. In the case of ARM, fastcall basically means "default calling convention".
Adding #define __fastcall to the source should let you compile it. However, there is an additional issue for this function:
Note that QVariant::toULongLong() is a C++ method, so the first argument shown by the decompiler is actually the hidden this pointer which is passed to all non-static methods of C++ classes. Since the decompiler does not support C++ it converts it to an explicit argument. You may need to undo this operation to make it valid C++ code.
Or you could just use the actual source code.
I'm having the next kind of error when linking the application:
undefined reference to 'MyStructure::K_VARIABLE_A
undefined reference to 'MyStructure::K_VARIABLE_B
...
The structure is defined inside "MyStructure.h" as:
struct MyStructure
{
const static int K_VARIABLE_A=1;
const static int K_VARIABLE_B=2;
...
}
How can i get rid of this error?
My source code compiles successfully for Windows platform but I get the error mentioned above when compiling for the android platform.
The header of this structure is properly included in the .cpp file.
Thanks in advance.
The preferred way to define constant values in the scope of a class/struct is this:
struct MyStructure
{
enum
{
K_VARIABLE_A=1,
K_VARIABLE_B=2, // Note that you CAN keep the trailing comma
...
};
};
The construct which you are using is called as In-Class Initialization. It is a valid syntax for integral constant types but it maynot work with some compilers.
Solution is to do:
const int MyStructure::K_VARIABLE_A=1;
const int MyStructure::K_VARIABLE_B=2;
in one of your cpp(Implementation) files.
For each of your static variables you will need to declare them in an compilation unit (traditionally .cpp file) so that they have storage space as such
#include "Mystructure.h"
const int MyStructure::K_VARIABLE_A = 1;
const int MyStructure::K_VARIABLE_B = 2;
// other stuff here...
This is because static members do not belong to any instance of the structure/class, but need storage space declared somewhere. The compilers leave it up to the programmer to specify which compilation unit contains the storage for the static members, but traditionally they will be placed in the .cpp file corresponding to the .h file.