while looking in android logging frame work -
I checked /dev/log/main |system |event log files. in these log file I dont see time stamp. but at the same time "logcat -v time" display time stamp along with log.
I check Logcat code Its reading androidlog_entry from /dev/log/* buffers and displaying on cmdline.
While tracing android logging code , I could not find at what point we are adding timestamp with our log.
I did trace following flow -
LOGI("pre_alloc_cap_mem_thread_init: inited=%d", obj->mPreAllocCapMemInited);
#define LOGE ALOGE
#define ALOGE(...) ((void)ALOG(LOG_ERROR, LOG_TAG, VA_ARGS))
#define LOG_PRI(priority, tag, ...) \
android_printLog(priority, tag, VA_ARGS)
#define android_printLog(prio, tag, fmt...) \
__android_log_print(prio, tag, fmt)
int __android_log_print(int prio, const char *tag, const char *fmt, ...)
{
va_list ap;
char buf[LOG_BUF_SIZE];
va_start(ap, fmt);
vsnprintf(buf, LOG_BUF_SIZE, fmt, ap);
va_end(ap);
return __android_log_write(prio, tag, buf);
}
and on and on till NR_writev system call .
can somebody please guide me, when Its adding timestamp to android logs.
I appreciate help.. what ever i could get ..
But i have figure out it -
"Android frame work does not add time stamp, threadid etc. to android logs that goes to /dev/log/, but It rather pass it down to kernel to logger driver(check logger.c in kernel code) that further add up the timestamp+PID etc. as prefix to each android log. "
Related
I am interested in demoing printf vulnerabilities via an NDK app. To be clear, I am aware that to log in the console we can use __android_log_print(ANDROID_LOG_DEBUG, "LOG_TAG", "Print : %d %s",someVal, someStr);. I have tried it and I know it works. But I explicitly want to demo the vulnerabilities of printf(), specifically to use the %n specifier to write to a pointed location.
Is there a way to make printf() work to this effect or is it possible to achieve this via __android_log_print()? I attempted it with the android/log.h header but it didn't work.
I can get the app to crash by running something along the lines of printf(%s%s%s%s%s%s%s%s%s%s). But again, I can't manipulate pointers.
For general knowledge purposes, why is it that printf() doesn't work in the first place and how does __android_log_print() prevent these exploits?
You do realize that Android is open source.
Starting with looking for __android_log_print()
and finding it: https://android.googlesource.com/platform/system/core/+/refs/heads/master/liblog/logger_write.cpp
int __android_log_print(int prio, const char* tag, const char* fmt, ...) {
va_list ap;
char buf[LOG_BUF_SIZE];
va_start(ap, fmt);
vsnprintf(buf, LOG_BUF_SIZE, fmt, ap);
va_end(ap);
return __android_log_write(prio, tag, buf);
}
I eventually ended up looking at: https://android.googlesource.com/platform/bionic/+/refs/heads/master/libc/stdio/vfprintf.cpp
lines 453-454:
case 'n':
__fortify_fatal("%%n not allowed on Android");
Also referenced in the code is additional safety through FORTIFY which is described in the following blog post:
https://android-developers.googleblog.com/2017/04/fortify-in-android.html
Android specifically does not support %n format specifiers because they're vulnerable.
https://android.googlesource.com/platform/bionic/+/400b073ee38ecc2a38234261b221e3a7afc0498e/tests/stdio_test.cpp#328
I am new at worknig on android chromium, and I need to print the log msg in it, then how to print the log in android chromium, which interface can be used to print log?
There several ways to print the log in android chromium, and you try the two flowing ways:
1. The first way:
//Add the head file
#include <cutils/log.h>
#define XLOGC(...) android_printLog(ANDROID_LOG_DEBUG, "Your Tags", __VA_ARGS__)
//use the XLOGC to print the log
XLOGC("Your log message");
2. The second way:
//Add the head file
#include "base/logging.h"
LOG(INFO) << "Your log message";
When I use LKM to hook syscall about Android Kernel,I get something wrong
but I'm not good at Linux kernel debug,and I want to know how to deal with this problem.The similar problem told me the reason is read is blocked but module has been rmmod,I want to know how to solve this problem.
The reason is I want to monitor the apk's behavior.so I choose hook Linux kernel 3.4.67(goldfish) and with Android 4.4.4 code complied
Here is My code,when I insmod the module,it really get the action about read sth. But when I rommd the module ,the emulator direct get oops,and I finally find the reason is in my sys_read() hook,because when I hook syscall open ,it's okay.
#include <linux/kernel.h>
#include <linux/module.h>
#include<linux/init.h>
#include <linux/unistd.h>
#include <linux/semaphore.h>
#include <linux/moduleparam.h>
#include <asm/cacheflush.h>
#include<linux/delay.h>
#include<linux/file.h>
#include<linux/fs.h>
#include<linux/dirent.h>
MODULE_LICENSE("GPL");
MODULE_AUTHOR("SafeCode han");
void ** sys_call_table;
asmlinkage int (*original_call_read) (unsigned int, char*, int);
asmlinkage int hack_sys_read(unsigned int fd, char * buf, int count){
if(fd == 0 && count == 1)
{
printk("something is read aha %s\n", buf);
}
return original_call_read(fd,buf count);
}
int init_module()
{
//this is my sys_call_table address which found in System.map
sys_call_table =(void*)0xc000d984;
printk(KERN_ALERT "testhahaha\n");
original_call_read = sys_call_table[__NR_read];
sys_call_table[__NR_read] = hack_sys_read;
return 0;
}
/*when I need to rommd my module ,the devices oops..*/
void cleanup_module()
{
sys_call_table[__NR_read]=original_call_read;
//sys_call_table[__NR_open]=original_call_open;
}
so ,Plz help me~ thanks~,I want to know the depth reason and the solution
It is unsafe to revert previous value of the syscall's pointer and unload the module, contained replacement code: some process may use your syscall function at this moment, and it will be very upset when its code is gone off. As far as I know, there is no protection against that.
Syscalls are not intended to be changed by kernel modules. Either patch kernel code itself, or do not touch syscalls at all and use some sort of hooks, e.g. kprobes.
I have a function like
__android_log_print(ANDROID_LOG_INFO, "HelloNDK!");
on my C code
I wouldn't find that output on my LogCat. What kind of filter I need to setup
by Log Tag, by Log Message, by Application Name, by Log Level...etc.
You don't find output because you have misused the function. The function has the prototype:
int __android_log_print(int prio, const char *tag, const char *fmt, ...);
So you must supply a "tag" as well as the format.
For example
__android_log_print(ANDROID_LOG_INFO, "MyTag", "The value is %d", some_variable);
Once you use the function properly, you can use any filtering method (or none at all - such as you'd get from the adb logcat command without further arguments) just as with java code.
I am stuck and am getting an error somewhere within my C code, and I do not know where. I would like to use the simple Log.i( tag, msg ) or Log.e( tag, msg ) commands. I have looked around online and have found two other questions on SO but neither of them deal with exactly what I'm saying.
This method is not what I'm looking for...
And this is exactly what I'm looking for, but in C++, not C
If the syntax in C++/C is the same, I'm sorry but I have little experience in both.
Syntax in C is the same
#include <android/log.h>
#define TAG "MYDEBUG"
#ifdef DEBUG
# define D(x...) __android_log_print(ANDROID_LOG_INFO, TAG , x)
#else
# define D(x...) do {} while (0)
#endif
# define W(x...) __android_log_print(ANDROID_LOG_WARN, TAG , x)
# define E(x...) __android_log_print(ANDROID_LOG_ERROR, TAG , x)
#include <cutils/log.h>
#define LOG_TAG "MYDEBUG"
...
ALOGD("Here we are!");
In older releases the macro was:
LOGD("Here we are!");