Pages

Showing posts with label Android Vulnerability. Show all posts
Showing posts with label Android Vulnerability. Show all posts

Monday, February 4, 2013

strace in Android is Outdated

The strace utility is part of the Android Open Source Project (AOSP) code base. The project path as declared in the manifest is external/strace.


I downloaded Android 2.3 as well as the regular strace source code which is hosted on sourceforge. 


The entire strace source code on SourceForge was forked and ported over to Android's code base. (But it seems like some OS-specific components are missing which makes sense since Android doesn't use them anyway.)


A quick look at the Android code base for external/strace shows that the version is 4.5.12 while the latest on SourceForge as at the time of this writing, is 4.6. Well at first glance the version difference is not that great, but hey, the times of release between those two versions are almost 6 years apart (2005 vs 2011)!


I wanted to check whether the strace utility in the latest version of Android, which is 4.0, has been upgraded. So this time round I downloaded the Android 4.0 source code, and did a quick diff with Android 2.3 source code. The result is disappointing -- the entire external/strace directory was unmodified, which means that nobody bothered porting over the bug fixes since 2005. In fact I suspect since the start of the Android project, no one ported over the changes.

http://android-hacking.blogspot.com/2012/03/strace-in-android.html
di No comments:
Label: ,

strace umoven I/O error


While using the prebuilt strace binary found from some blog (mentioned in an earlier post), I kept having this annoying error printed to stderr:

 ptrace: umoven: I/O error

 Initially, I was not sure whether this error is harmless or not, since I was still able to get the trace output properly.

 However, on close scrutiny of the trace output, there are some lines that appear cut off, for example,

 ") = 0

 Normally each line would contain a timestamp, the syscall name and arguments (if you specify the timestamp option), but why would some lines appear incomplete as shown above?

 I suspect those lines are due to the "umoven errors", since these errors might have caused the timestamp and syscall names not to be printed out properly.

 After much searching on the internet, I found that umoven is a utility function in strace that copies memory from the traced process to the strace process. Sometimes, the function might reach the end of a memory page and wander off to a non-existing one, and hence causing the error to be printed. It was suggested that the strace code be modified in order to suppress printing this error. But I think suppressing the error might not be sufficient.

 One thing surprising I found is that Android actually comes with strace; it is in/system/xbin. Well, so much for the initial attempt to find an strace binary from somewhere else...

 http://android-hacking.blogspot.com/2012/03/compiling-strace.html
di No comments:
Label: ,
Subscribe to: Posts (Atom)