Fail to attach to specific sample
411 views
Skip to first unread message
aafor...@gmail.com
Apr 27, 2017, 8:12:56 AM4/27/17
to JEB Decompiler
I am trying to launch a debug session on a sample of Android/Ztorg (malware, sha256: 2c546ad7f102f2f345f30f556b8d8162bd365a7f1a52967fce906d46a2b0dac4).
Unfortunately, as soon as I try to debug/run, it "crashes" (many exceptions) and says the debugger VM is no longer attached.
Exactly, my steps are:
I am using JEB 2.2.11, and this is an Android emulator for Android 7.0.
Exceptions:
Thanks
Axelle.
Unfortunately, as soon as I try to debug/run, it "crashes" (many exceptions) and says the debugger VM is no longer attached.
Exactly, my steps are:
- Install the malware (adb install...)
- Wait for debugger: am start -D -S -n com.mx.cool.videoplayer/.activity.MainActivity
- Launch JEB2
- Set the breakpoints
- Attach to process... it fails to attach (see attachment)
I am using JEB 2.2.11, and this is an Android emulator for Android 7.0.
Exceptions:
Switch to it by issuing the "use 1" command
java.net.SocketException: Connection reset
at java.net.SocketInputStream.read(SocketInputStream.java:197)
at java.net.SocketInputStream.read(SocketInputStream.java:122)
at java.net.SocketInputStream.read(SocketInputStream.java:108)
at com.pnfsoftware.jebglobal.XX.run(SourceFile:39)
java.io.IOException: The receiver is dead
at com.pnfsoftware.jebglobal.QD.gb(SourceFile:597)
at com.pnfsoftware.jebglobal.QD.KS(SourceFile:515)
at com.pnfsoftware.jebglobal.QD.pH(SourceFile:7497)
at com.pnfsoftware.jebglobal.QD.NY(SourceFile:156)
at com.pnfsoftware.jebglobal.zG.attach(SourceFile:449)
at com.pnfsoftware.jeb.corei.debuggers.android.vm.HA.attach(SourceFile:2269)
at com.pnfsoftware.jeb.rcpclient.handlers.debugger.DebuggerAttachHandler$1.call(DebuggerAttachHandler.java:91)
at com.pnfsoftware.jeb.rcpclient.handlers.debugger.DebuggerAttachHandler$1.call(DebuggerAttachHandler.java:88)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)
The debugger could not connect to the target
Unit "VM" status has changed to: null
java.io.IOException: The receiver is dead
at com.pnfsoftware.jebglobal.zT.wL(SourceFile:341)
at com.pnfsoftware.jebglobal.zT.KS(SourceFile:367)
at com.pnfsoftware.jebglobal.Yy.Sg(SourceFile:237)
Axelle.
clu...@pnfsoftware.com
Apr 27, 2017, 11:43:11 AM4/27/17
to JEB Decompiler
Hello,
This kind of connection issue often happens when the emulator is in unstable state.
Please,
1) Restart your emulator/device.
2) Restart JEB
3) Try again to connect to your device.
If it does not solve your problem, please, refer to https://groups.google.com/forum/?hl=fr#!topic/jeb-decompiler/kzQ_4VFxJN4
Regards,
Cedric
This kind of connection issue often happens when the emulator is in unstable state.
Please,
1) Restart your emulator/device.
2) Restart JEB
3) Try again to connect to your device.
If it does not solve your problem, please, refer to https://groups.google.com/forum/?hl=fr#!topic/jeb-decompiler/kzQ_4VFxJN4
Regards,
Cedric
aafor...@gmail.com
Apr 28, 2017, 4:14:54 AM4/28/17
to JEB Decompiler
Hi Cedric
I go a little further when I uncheck 'Use native debugger', however, not much: I get a fatal sigabort signal and the application to be debugged crashes.
BTW, the Android emulator seems stable.
Could you try on the sample and let me know if you manage to do it?
I set breakpoints in Lcom/mx/cool/videoplayer/activity/MainActivity->onCreate() and in Le/i/o/q;->d()
-- Axelle
I go a little further when I uncheck 'Use native debugger', however, not much: I get a fatal sigabort signal and the application to be debugged crashes.
BTW, the Android emulator seems stable.
Could you try on the sample and let me know if you manage to do it?
I set breakpoints in Lcom/mx/cool/videoplayer/activity/MainActivity->onCreate() and in Le/i/o/q;->d()
04-28 08:06:44.528 1223 1195 F google-breakpad: M A86B9000 00000000 0000A000 A5904D8F200CBE1488A6B1DDFB59F4600 liblz4.so
04-28 08:06:44.529 1223 1195 F google-breakpad: M A86C6000 00000000 00003000 5BB6E698D092AA19B6FEB0DF909BD3D50 libsigchain.so
04-28 08:06:44.529 1223 1195 F google-breakpad: M A87BE000 00000000 0005D000 ADC169EF3589718F3ADB85F304D1FDC10 linker
04-28 08:06:44.529 1223 1195 F google-breakpad: -----END BREAKPAD MICRODUMP-----
04-28 08:06:44.567 1195 1195 W google-breakpad: ### ### ### ### ### ### ### ### ### ### ### ### ###
04-28 08:06:44.567 1195 1195 W google-breakpad: Chrome build fingerprint:
04-28 08:06:44.567 1195 1195 W google-breakpad: 3.0.9
04-28 08:06:44.567 1195 1195 W google-breakpad: 3000009
04-28 08:06:44.567 1195 1195 W google-breakpad: 72d6191d-3376-4c58-b651-278ff3f5cdb1
04-28 08:06:44.567 1195 1195 W google-breakpad: ### ### ### ### ### ### ### ### ### ### ### ### ###
04-28 08:06:44.570 1195 1195 F libc : Fatal signal 6 (SIGABRT), code -6 in tid 1195 (ool.videoplayer)
04-28 08:06:44.577 54 54 W : debuggerd: handling request: pid=1195 uid=10060 gid=10060 tid=1195
04-28 08:06:44.724 1224 1224 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
04-28 08:06:44.742 1224 1224 F DEBUG : Build fingerprint: 'Android/sdk_phone_armv7/generic:7.0/NYC/3245079:userdebug/test-keys'
04-28 08:06:44.742 1224 1224 F DEBUG : Revision: '0'
04-28 08:06:44.742 1224 1224 F DEBUG : ABI: 'arm'
04-28 08:06:44.743 1224 1224 F DEBUG : pid: 1195, tid: 1195, name: ool.videoplayer >>> com.mx.cool.videoplayer <<<
04-28 08:06:44.744 1224 1224 F DEBUG : signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
04-28 08:06:44.754 1224 1224 F DEBUG : Abort message: '[FATAL:gpu_info_collector_android.cc(193)] failed to create a pbuffer surface for fetching driver strings. EGL_SUCCESS (3000)
04-28 08:06:44.754 1224 1224 F DEBUG : '
04-28 08:06:44.755 1224 1224 F DEBUG : r0 00000000 r1 000004ab r2 00000006 r3 00000008
04-28 08:06:44.755 1224 1224 F DEBUG : r4 a8821584 r5 00000006 r6 a882152c r7 0000010c
04-28 08:06:44.756 1224 1224 F DEBUG : r8 a60f2008 r9 bef3cf34 sl 00000000 fp a6723900
04-28 08:06:44.756 1224 1224 F DEBUG : ip 00000000 sp bef3c9b0 lr a60ad32f pc a60afb7c cpsr 20000010
04-28 08:06:44.788 1224 1224 F DEBUG :
04-28 08:06:44.788 1224 1224 F DEBUG : backtrace:
04-28 08:06:44.789 1224 1224 F DEBUG : #00 pc 00048b7c /system/lib/libc.so (tgkill+12)
04-28 08:06:44.789 1224 1224 F DEBUG : #01 pc 0004632b /system/lib/libc.so (pthread_kill+34)
04-28 08:06:44.789 1224 1224 F DEBUG : #02 pc 0001c6d5 /system/lib/libc.so (raise+10)
04-28 08:06:44.790 1224 1224 F DEBUG : #03 pc 00018237 /system/lib/libc.so (__libc_android_abort+34)
04-28 08:06:44.790 1224 1224 F DEBUG : #04 pc 00017770 /system/lib/libc.so (abort+4)
04-28 08:06:44.790 1224 1224 F DEBUG : #05 pc 019c7ee1 /system/app/webview/webview.apk (offset 0x7ef000)
04-28 08:06:49.139 54 54 W : debuggerd: resuming target 1195
04-28 08:06:49.164 225 251 I BootReceiver: Copying /data/tombstones/tombstone_05 to DropBox (SYSTEM_TOMBSTONE)
04-28 08:06:49.172 225 1229 W ActivityManager: Force finishing activity com.mx.cool.videoplayer/.activity.MainActivity
04-28 08:06:49.354 225 255 W art : Long monitor contention with owner NativeCrashReport (1229) at void com.android.server.wm.WindowManagerService.moveTaskToTop(int)(WindowManagerService.java:4914) waiters=0 in void com.android.server.wm.WindowManagerService$H.handleMessage(android.os.Message) for 107ms
04-28 08:06:49.906 225 243 W ActivityManager: Activity pause timeout for ActivityRecord{ffea13f u0 com.mx.cool.videoplayer/.activity.MainActivity t12 f}
-- Axelle
Reply all
Reply to author
Forward
0 new messages