Presently, my phone is a Samsung Galaxy S3 GT-I9300. But in general the following steps should be applicable to any Android device.
First, download Android SDK and NDK. From SDK you can get the “adb” to connect into the phone. From NDK you can get the gdbserver in ARM binary, upload that to the phone via “adb”.
Next mount the /system as read-writeable:
mount -o rw,remount /dev/block/mmcblk0p9 /system
(the block device “/dev/block/mmcblk0p9″ is specific to my device, yours may differ. Just use “mount” to see which block device the “/system” directory is mounted on. If “/system” does not appear in “mount” command, then most probably the root filesystem block device should be used.)
And then copy the gdbserver from the Android NDK into /system/bin directory.
Next, assuming the process ID of the target process is 16835, then run this inside the Android phone:
gdbserver :4567 --attach 16835
Attached; pid = 16835
Listening on port 4567
In another PC (which is accessible by TCP/IP from the phone, download all the ARM-based libraries from the phone and run the gdb client):
Get all the ARM libraries and the target binaries (to be debugged, and in my case, it is called “debuggerd”) from mobile phone:
adb pull /system/lib /tmp/system_lib ( 디바이스에서 lib 파일을 가져옴 )
And run the gdb client (which is from the NDK):
$ adb forward tcp:4567 tcp:4567
/android-ndk-r7/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/bin/arm-linux-androideabi-gdb /tmp/debuggerd (디바이스에서 바이너리를 가져옴 - 바이너리 에 있는 심볼을 가져오기 위함 )
(gdb) set auto-solib-add on
(gdb) target remote :4567
(gdb) set solib-search-path /tmp/system_lib ( 디바이스에서 가져온 lib 파일 )
Subsequent messages:
Error while mapping shared library sections:
/system/bin/linker: No such file or directory.
Symbol file not found for /system/bin/linker
Reading symbols from /tmp/system_lib/libc.so...(no debugging symbols found)...done.
Loaded symbols for /tmp/system_lib/libc.so
Reading symbols from /tmp/system_lib/libstdc++.so...(no debugging symbols found)...done.
Loaded symbols for /tmp/system_lib/libstdc++.so
Reading symbols from /tmp/system_lib/libm.so...
(no debugging symbols found)...done.
Loaded symbols for /tmp/system_lib/libm.so
Reading symbols from /tmp/system_lib/libz.so...(no debugging symbols found)...done.
Loaded symbols for /tmp/system_lib/libz.so
Reading symbols from /tmp/system_lib/libcrypto.so...
(no debugging symbols found)...done.
Loaded symbols for /tmp/system_lib/libcrypto.so
Reading symbols from /tmp/system_lib/libssl.so...(no debugging symbols found)...done.
Loaded symbols for /tmp/system_lib/libssl.so
(gdb) info sharedlibrary
From To Syms Read Shared Object Library
No /system/bin/linker
0x4015a0c0 0x401882d4 Yes /tmp/system_lib/libc.so
0x4019e934 0x4019ea3c Yes /tmp/system_lib/libstdc++.so
0x401a1f70 0x401b1db8 Yes /tmp/system_lib/libm.so
0x400332a0 0x4004441c Yes /tmp/system_lib/libz.so
0x400b1a00 0x401172b8 Yes /tmp/system_lib/libcrypto.so
0x4005f530 0x4007798c Yes /tmp/system_lib/libssl.so
(gdb)
'System_Hacking' 카테고리의 다른 글
저장용 heap overflow 에 대한 설명 (0) | 2015.03.02 |
---|---|
x86 어셈블리 정리된것 (0) | 2015.02.26 |
[ Android 에 lime 로 메모리 덤프 할때 참조한 URL ] (0) | 2014.12.02 |
strip 된 심볼정보 찾는법 (0) | 2014.11.25 |
Android Hooking Tool (0) | 2014.10.15 |