From 7b6743f14ceb426e282900a9d5ee35b1ac820013 Mon Sep 17 00:00:00 2001
From: Your Name <you@example.com>
Date: Mon, 1 Aug 2022 08:10:45 +0100
Subject: Android fixes

---
 frida_mode/GNUmakefile           | 88 ++++++++++++++++++++++++++++++----------
 frida_mode/include/seccomp.h     |  2 +-
 frida_mode/src/main.c            | 31 ++++++++++++++
 frida_mode/src/prefetch.c        |  4 ++
 frida_mode/src/seccomp/seccomp.c |  6 ++-
 5 files changed, 108 insertions(+), 23 deletions(-)

diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile
index 256bea02..43b8932a 100644
--- a/frida_mode/GNUmakefile
+++ b/frida_mode/GNUmakefile
@@ -13,6 +13,16 @@ JS_SRC:=$(BUILD_DIR)api.c
 JS_OBJ:=$(BUILD_DIR)api.o
 SOURCES:=$(wildcard $(SRC_DIR)**/*.c) $(wildcard $(SRC_DIR)*.c)
 OBJS:=$(foreach src,$(SOURCES),$(OBJ_DIR)$(notdir $(patsubst %.c, %.o, $(src))))
+
+TARGET_CC?=$(CC)
+TARGET_CXX?=$(CXX)
+HOST_CC?=$(CC)
+HOST_CXX?=$(CXX)
+IS_ANDROID:=$(findstring android, $(shell $(TARGET_CC) --version 2>/dev/null))
+IS_x86:=$(findstring i686, $(shell $(TARGET_CC) --version 2>/dev/null))
+IS_x86_64:=$(findstring x86_64, $(shell $(TARGET_CC) --version 2>/dev/null))
+IS_ARM:=$(findstring arm, $(shell $(TARGET_CC) --version 2>/dev/null))
+IS_ARM64:=$(findstring aarch64, $(shell $(TARGET_CC) --version 2>/dev/null))
 CFLAGS+=-fPIC \
 		-D_GNU_SOURCE \
 		-D_FORTIFY_SOURCE=2 \
@@ -21,6 +31,10 @@ CFLAGS+=-fPIC \
 		-funroll-loops \
 		-ffunction-sections \
 
+ifdef IS_ANDROID
+CFLAGS+=-DANDROID 
+endif
+
 AFL_CFLAGS:=-Wno-unused-parameter \
 		   -Wno-sign-compare \
 		   -Wno-unused-function \
@@ -28,9 +42,16 @@ AFL_CFLAGS:=-Wno-unused-parameter \
 		   -Wno-int-to-pointer-cast \
 		   -Wno-pointer-sign
 
+ifdef IS_ANDROID
+LDFLAGS+= -static-libstdc++ \
+		  -DANDROID \
+		  -llog \
+		  -shared
+else 		 
 LDFLAGS+=-shared \
 		 -lpthread \
 		 -lresolv
+endif
 
 ifdef DEBUG
 CFLAGS+=-Werror \
@@ -78,11 +99,11 @@ else
 ifdef DEBUG
  AFL_CFLAGS:=$(AFL_CFLAGS) -Wno-prio-ctor-dtor
 endif
+
 LDFLAGS+=	-z noexecstack \
 			-Wl,--gc-sections \
 			-Wl,--exclude-libs,ALL \
-		    -ldl \
-		    -lrt
+		    -ldl 
 LDSCRIPT:=-Wl,--version-script=$(PWD)frida.map
 endif
 
@@ -93,22 +114,24 @@ ifeq "$(shell uname)" "Linux"
  endif
 endif
 
-ifneq "$(findstring android, $(shell $(CC) --version 2>/dev/null))" ""
+
+ifdef IS_ANDROID
  OS:=android
- ifneq "$(findstring aarch64, $(shell $(CC) --version 2>/dev/null))" ""
-   ARCH:=arm64
+ ifdef IS_x86
+  ARCH:=x86	
  endif
- ifneq "$(findstring arm, $(shell $(CC) --version 2>/dev/null))" ""
-   ARCH:=arm
+ ifdef IS_x86
+  ARCH:=x86_64
  endif
- ifneq "$(findstring x86_64, $(shell $(CC) --version 2>/dev/null))" ""
-   ARCH:=x86_64
+ ifdef IS_ARM
+   ARCH:=arm
  endif
- ifneq "$(findstring i686, $(shell $(CC) --version 2>/dev/null))" ""
-   ARCH:=x86
+ ifdef IS_ARM64
+   ARCH:=arm64
  endif
 endif
 
+
 ifeq "$(ARCH)" "armhf"
  TARGET_CC:=arm-linux-gnueabihf-gcc
  TARGET_CXX:=arm-linux-gnueabihf-g++
@@ -224,10 +247,22 @@ else ifeq "$(ARCH)" "arm64"
 
 CFLAGS+=-I $(FRIDA_DIR)build/frida_thin-$(OS)-$(ARCH)/include/frida-1.0 \
 	    -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/glib-2.0/ \
-		-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \
+		-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \	
+		-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/capstone/ \
+		-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \
+
+ifeq "$(OS)" "android"
+ CFLAGS += -static-libstdc++
+endif
+else
+CFLAGS+=-I $(FRIDA_DIR)build/frida_thin-$(OS)-$(ARCH)/include/frida-1.0 \
+	    -I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/glib-2.0/ \
+		-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \	
 		-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/capstone/ \
 		-I $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \
 
+endif
+
 TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \
 			   $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libsoup-2.4.a \
 			   $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libsqlite3.a \
@@ -245,13 +280,15 @@ TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \
 			   $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/liblzma.a \
 			   $(FRIDA_DIR)build/frida_thin-sdk-$(OS)-$(ARCH)/lib/libz.a \
 
-else
-
 CFLAGS+=-I $(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/include/frida-1.0 \
 	    -I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/glib-2.0/ \
 		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/glib-2.0/include/ \
 		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/capstone/ \
-		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ \
+		-I $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/include/json-glib-1.0/ 
+
+ifeq "$(OS)" "android"
+ CFLAGS += -static-libstdc++
+endif
 
 TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \
 			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libsoup-2.4.a \
@@ -270,11 +307,6 @@ TRACE_LDFLAGS+=$(FRIDA_DIR)build/frida-$(OS)-$(ARCH)/lib/libfrida-gum-1.0.a \
 			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/liblzma.a \
 			   $(FRIDA_DIR)build/sdk-$(OS)-$(ARCH)/lib/libz.a \
 
-endif
-
-
-
-
 
 else
 $(GUM_DEVKIT_TARBALL): | $(FRIDA_BUILD_DIR)
@@ -376,6 +408,7 @@ $(AFLPP_QEMU_DRIVER_HOOK_OBJ): $(AFLPP_QEMU_DRIVER_HOOK_SRC) | $(BUILD_DIR)
 hook: $(AFLPP_FRIDA_DRIVER_HOOK_OBJ) $(AFLPP_QEMU_DRIVER_HOOK_OBJ)
 
 ############################# ADDR #############################################
+ifneq "$(OS)" "android"
 $(ADDR_BIN): $(ADDR_SRC) | $(BUILD_DIR)
 	-$(TARGET_CC) \
 		$(CFLAGS) \
@@ -389,7 +422,20 @@ $(ADDR_BIN): $(ADDR_SRC) | $(BUILD_DIR)
 		-ldl \
 		-lrt \
 		$< -o $@
-
+else
+$(ADDR_BIN): $(ADDR_SRC) | $(BUILD_DIR)
+	-$(TARGET_CC) \
+		$(CFLAGS) \
+		-Werror \
+		-Wall \
+		-Wextra \
+		-Wpointer-arith \
+		-z noexecstack \
+		-Wl,--gc-sections \
+		-Wl,--exclude-libs,ALL \
+		-ldl \
+		$< -o $@
+endif
 addr: $(ADDR_BIN)
 
 ############################# CLEAN ############################################
diff --git a/frida_mode/include/seccomp.h b/frida_mode/include/seccomp.h
index 0cd90bc2..0886759c 100644
--- a/frida_mode/include/seccomp.h
+++ b/frida_mode/include/seccomp.h
@@ -1,7 +1,7 @@
 #ifndef _SECCOMP_H
 #define _SECCOMP_H
 
-#ifndef __APPLE__
+#if !defined(__APPLE__) && !defined(__ANDROID__)
 
   #include <stdint.h>
   #include <linux/filter.h>
diff --git a/frida_mode/src/main.c b/frida_mode/src/main.c
index 844c42b9..1bbcec28 100644
--- a/frida_mode/src/main.c
+++ b/frida_mode/src/main.c
@@ -36,6 +36,17 @@
 #ifdef __APPLE__
 extern mach_port_t mach_task_self();
 extern GumAddress  gum_darwin_find_entrypoint(mach_port_t task);
+#elif defined(__ANDROID__)
+typedef struct {
+	void (**preinit_array)(void);
+	void (**init_array)(void);
+	void (**fini_array)(void);
+} structors_array_t;
+
+extern void __libc_init(void* raw_args,
+                            void (*onexit)(void) __unused,
+                            int (*slingshot)(int, char **, char **),
+                            structors_array_t const * const structors);
 #else
 extern int  __libc_start_main(int (*main)(int, char **, char **), int argc,
                               char **ubp_av, void (*init)(void),
@@ -69,7 +80,11 @@ static void on_main_os(int argc, char **argv, char **envp) {
   GumInterceptor *interceptor = gum_interceptor_obtain();
 
   gum_interceptor_begin_transaction(interceptor);
+  #if defined(__ANDROID__)
+  gum_interceptor_revert(interceptor, __libc_init);
+  #else
   gum_interceptor_revert(interceptor, __libc_start_main);
+  #endif
   gum_interceptor_end_transaction(interceptor);
   gum_interceptor_flush(interceptor);
 
@@ -275,6 +290,22 @@ static void intercept_main(void) {
   main_fn = main;
   intercept_hook(main, on_main, NULL);
 
+}
+#elif defined(__ANDROID__)
+static void on_libc_init(void* raw_args,
+                            void (*onexit)(void) __unused,
+                            int (*slingshot)(int, char**, char**),
+                            structors_array_t const * const structors){
+  main_fn = slingshot;
+  intercept_unhook_self();
+  intercept_hook(slingshot, on_main, NULL);
+  return __libc_init(raw_args, onexit, slingshot, structors);
+
+}
+static void intercept_main(void) {
+
+  intercept_hook(__libc_init, on_libc_init, NULL);
+
 }
 
 #else
diff --git a/frida_mode/src/prefetch.c b/frida_mode/src/prefetch.c
index 5621a685..b2c516f5 100644
--- a/frida_mode/src/prefetch.c
+++ b/frida_mode/src/prefetch.c
@@ -298,12 +298,16 @@ void prefetch_init(void) {
 
   /*
    * Configure the shared memory region to be removed once the process dies.
+   * This doesn't work on Android, so we skip it. Would could end up leaking
+   * shared memory regions though.
    */
+ #ifndef __ANDROID__
   if (shmctl(prefetch_shm_id, IPC_RMID, NULL) < 0) {
 
     FFATAL("shmctl (IPC_RMID) < 0 - errno: %d\n", errno);
 
   }
+#endif
 
   /* Clear it, not sure it's necessary, just seems like good practice */
   memset(prefetch_data, '\0', sizeof(prefetch_data_t));
diff --git a/frida_mode/src/seccomp/seccomp.c b/frida_mode/src/seccomp/seccomp.c
index 984a3990..72443831 100644
--- a/frida_mode/src/seccomp/seccomp.c
+++ b/frida_mode/src/seccomp/seccomp.c
@@ -11,7 +11,9 @@ void seccomp_on_fork(void) {
 
 #ifdef __APPLE__
   FFATAL("Seccomp not supported on OSX");
-#else
+#elif defined(__ANDROID__)
+  FFATAL("Seccomp not supported on Android");
+#else 
   seccomp_callback_parent();
 #endif
 
@@ -32,6 +34,8 @@ void seccomp_init(void) {
 
 #ifdef __APPLE__
   FFATAL("Seccomp not supported on OSX");
+#elif defined(__ANDROID__)
+  FFATAL("Seccomp not supported on Android");
 #else
   seccomp_callback_initialize();
 #endif
-- 
cgit v1.2.3