mustime / adrill Goto Github PK

View Code? Open in Web Editor NEW

50.0 2.0 14.0 139 KB

An Android native libraries injection tool. supports arch arm/arm64/x86/x86_64. Support Android 4.x to 11.0.

License: Other

CMake 2.10% Shell 0.42% C++ 92.18% C 5.30%

android injection inject

adrill's Introduction

About

English | 中文

Adrill is an Android native libraries injection tool written in C++1X, supports arch arm/arm64/x86/x86_64.

You may notice there are already tons of similar inject tools, but few of them targets on all archs(not that I know of).

Furthermore, Adrill make it more easier when it comes to zygote[64] injection(see for workaround at ptrace_wrapper.cc). And there will be detail info printed when any error occured.

I've test on multiple arch platforms from Android 4.x to 11.0. Fire an issue if there's something I could help with.

Notice: running on root privilege is a must.

Build from source

First clone this repository:

git clone [email protected]:mustime/Adrill.git

Then you need to update the submodle:

cd Adrill/
git submodule update --init

Say you want to use Adrill in Android emulators, i.e., normally a x86 executable:

cmake -S . -B build -DCMAKE_SYSTEM_NAME=Android -DCMAKE_SYSTEM_VERSION=21 -DCMAKE_ANDROID_ARCH_ABI=x86 -DCMAKE_ANDROID_NDK=$ANDROID_NDK_ROOT
cmake --build build --parallel 4 --target adrill

Notice: define ${ANDROID_NDK_ROOT} in your env or change the command at will.

Usage:

adrill [--pid <number>] | [--pname <string>] --libpath <path>
   -h,--help      print this message.
      --pid       target process id. e.g., grep from 'ps' command
      --pname     target process name. used to match with content in /proc/<pid>/cmdline.
      --libpath   absolute path to inject. only supports ELF file.

Liscense

See LISCENSE file for more details

adrill's People

Contributors

Stargazers

Watchers

Forkers

bb33bb ryanbekabe hviden crackercat ckandroidproject brynhildrinthedarkness 4872866 ssageparuders nkr00711 radwany2020 focuspadding espmihacker helloworld2021cpu stevezhou6

adrill's Issues

未找到进程，但它明明已经打开，在模拟器上面

3|PCRT00:/data/local/tmp # ./adrill_x86 --pid 5744 --libpath /data/local/tmp/libjni_cmake.so
WARNING: linker: /data/local/tmp/adrill_x86: unsupported flags DT_FLAGS_1=0x8000001
[!] process 5744 not found!
[!] something went wrong, see errors listed above.

3|PCRT00:/data/local/tmp # ./adrill_x86 --pname com.thunder.ty --libpath /data/local/tmp/libjni_cmake.so
WARNING: linker: /data/local/tmp/adrill_x86: unsupported flags DT_FLAGS_1=0x8000001
[>] found pid 5744 for process 'com.thunder.ty'
[!] process 5744 not found!
[!] something went wrong, see errors listed above.

1>clang.exe: error: linker command failed with exit code 1 (use -v to see invocation)

I build it but it has error. i cannt understand this. please help me
Build started... 1>------ Build started: Project: adrill, Configuration: Debug x64 ------ 1>ANDROID_HOME=F:\\Microsoft\AndroidSDK\25 1>ANT_HOME=D:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Apps\apache-ant-1.9.3 1>JAVA_HOME=C:\Program Files\Eclipse Foundation\jdk-8.0.302.8-hotspot 1>NDK_ROOT=F:\\Microsoft\AndroidNDK64\android-ndk-r16b 1>ANDROID_HOME=F:\\Microsoft\AndroidSDK\25 1>ANT_HOME=D:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\Apps\apache-ant-1.9.3 1>JAVA_HOME=C:\Program Files\Eclipse Foundation\jdk-8.0.302.8-hotspot 1>NDK_ROOT=F:\\Microsoft\AndroidNDK64\android-ndk-r16b 1>main.cc 1>selinux.cc 1>sdk_code.cc 1>elf_dlfcn.cc 1>file_utils.cc 1>ptrace_wrapper.cc 1>call_procedure.cc 1>call_procedure-x86.cc 1>clang.exe: warning: argument unused during compilation: '-pie' [-Wunused-command-line-argument] 1>clang.exe: warning: argument unused during compilation: '-static-libstdc++' [-Wunused-command-line-argument] 1> undefined reference to 'CallProcedure::returnValue()' 1> undefined reference to 'CallProcedure::returnValue()' 1> undefined reference to 'CallProcedure::returnValue()' 1> undefined reference to 'CallProcedure::returnValue()' 1> undefined reference to 'CallProcedure::_setupCall(unsigned long, std::__ndk1::vector<long, std::__ndk1::allocator<long> > const&)' 1> undefined reference to 'CallProcedure::_checkCall()' 1> undefined reference to 'strtof_l' 1> undefined reference to 'strtod_l' 1>clang.exe: error: linker command failed with exit code 1 (use -v to see invocation) 1>D:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\MSBuild\Microsoft\VC\v160\Application Type\Android\3.0\Android.Common.targets(119,5): error MSB6006: "clang.exe" exited with code 1. 1>Done building project "adrill.vcxproj" -- FAILED. 2>------ Skipped Build: Project: ALL_BUILD, Configuration: Debug x64 ------ 2>Project not selected to build for this solution configuration ========== Build: 0 succeeded, 1 failed, 1 up-to-date, 1 skipped ==========

error

3|aosp:/data/local/tmp # ./i --pid 11529 --libpath /data/local/tmp/libudp.so
WARNING: linker: /data/local/tmp/i: unsupported flags DT_FLAGS_1=0x8000001
[!] func 'mmap'(0xc75a88b0) is not within module '/system/lib/libc.so'(0xffffffff-0x0)
[!] func 'munmap'(0xc75f75c4) is not within module '/system/lib/libc.so'(0xffffffff-0x0)
[!] func 'dlopen'(0xc771834c) is not within module '/system/lib/libdl.so'(0xffffffff-0x0)
[!] func 'dlerror'(0xc7718200) is not within module '/system/lib/libdl.so'(0xffffffff-0x0)
[!] something went wrong, see errors listed above.

CallProcedure::remoteCall failed to check call status on x64 - android 9.0 emulator

I tried to inject shared library into app on Android 9.0 (64bit) by Adrill x86-64 and Adrill x86 but it is not impossible

C:\Users\Admin>adb shell "su 0 /data/local/tmp/adrill --pname com.ketchapp.rider --libpath /data/local/tmp/libsoLib.so"
[>] found pid 5416 for process 'com.ketchapp.rider'
[-] attcahing to process 5416 ...
[-] saving registers ...
[-] calling remote mmap ...
CallProcedure::remoteCall failed to check call status
[!] failed to call remote mmap
[-] restoring registers ...
[-] detaching from process 5416 ...
[!] something went wrong, see errors listed above.

so what i need to do now?