首页
社区
课程
招聘
[原创] NDK加载 LLVM Pass方案
发表于: 2023-5-23 21:29 12212

[原创] NDK加载 LLVM Pass方案

2023-5-23 21:29
12212

本文基于 ndk r25c (25.2.9519653)
仅测试 LinuxmacOS

点只因下载:https://dl.google.com/android/repository/android-ndk-r25c-linux.zip

坑:archlinux 需要 sudo archlinux-java set java-8-openjdk

内容:

Untitled

然后去Google的 prebuilt clang仓库找到 r450784d1 相关的分支并打开:

https://android.googlesource.com/platform/prebuilts/clang/host/linux-x86/+log/refs/heads/master/clang-r450784d

Untitled

点开最新的一个commit,进入

https://android.googlesource.com/platform/prebuilts/clang/host/linux-x86/+/4d52068718fb7940b103cc49506f77e5d22f25df/clang-r450784d1/

然后点击tgz下载这一份clang

Untitled

然后基于这一份clang直接编译llvm动态库插件就可以直接用ndk加载了

解压

这个时候cmake ..会报错

这个时候去注释掉clang/lib64/cmake/llvm/LLVMExports.cmake 下面这一段代码

Untitled

然后

Untitled

测试代码来自 https://github.com/bluesadi/Pluto-Obfuscator/tree/main/test/aes

build.sh:

编译后:

Untitled

差不多鸟~

由于Google编译macOS工具链的系统版本太低,加载so的时候会报错

解决办法:

使用下载的clang替换掉ndk里面的clang

找不到头文件是macOS的问题,修改 build.sh

后重新编译,成功混淆

Untitled

https://www.leadroyal.cn/p/1008/

在我的博客中查看:
https://xtuly.cn/article/ndk-load-llvm-pass-plugin

$ANDROID_HOME/tools/bin/sdkmanager --install "ndk;25.2.9519653"
$ANDROID_HOME/tools/bin/sdkmanager --install "ndk;25.2.9519653"
cat $ANDROID_HOME/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/AndroidVersion.txt
cat $ANDROID_HOME/ndk/25.2.9519653/toolchains/llvm/prebuilt/linux-x86_64/AndroidVersion.txt
14.0.7
based on r450784d1
for additional information on LLVM revision and cherry-picks, see clang_source_info.md
14.0.7
based on r450784d1
for additional information on LLVM revision and cherry-picks, see clang_source_info.md
 
 
 
 
 
 
 
 
 
mkdir clang
tar xzvf clang-r450784d1.tar.gz -C clang
mkdir clang
tar xzvf clang-r450784d1.tar.gz -C clang
git clone https://github.com/LeadroyaL/llvm-pass-tutorial
git clone https://github.com/LeadroyaL/llvm-pass-tutorial
set(CMAKE_C_COMPILER /home/ylarod/ndk-r25c/clang/bin/clang)
set(CMAKE_CXX_COMPILER /home/ylarod/ndk-r25c/clang/bin/clang)
set(ENV{LLVM_HOME} /home/ylarod/ndk-r25c/clang)
set(CMAKE_C_COMPILER /home/ylarod/ndk-r25c/clang/bin/clang)
set(CMAKE_CXX_COMPILER /home/ylarod/ndk-r25c/clang/bin/clang)
set(ENV{LLVM_HOME} /home/ylarod/ndk-r25c/clang)
CMake Error at /home/ylarod/ndk-r25c/clang/lib64/cmake/llvm/LLVMExports.cmake:1036 (message):
  The imported target "LLVMDemangle" references the file
 
     "/home/ylarod/ndk-r25c/clang/lib64/libLLVMDemangle.a"
 
  but this file does not exist.  Possible reasons include:
 
  * The file was deleted, renamed, or moved to another location.
 
  * An install or uninstall procedure did not complete successfully.
 
  * The installation package was faulty and contained
 
     "/home/ylarod/ndk-r25c/clang/lib64/cmake/llvm/LLVMExports.cmake"
 
  but not all the files it references.
 
Call Stack (most recent call first):
  /home/ylarod/ndk-r25c/clang/lib64/cmake/llvm/LLVMConfig.cmake:251 (include)
  CMakeLists.txt:14 (find_package)
CMake Error at /home/ylarod/ndk-r25c/clang/lib64/cmake/llvm/LLVMExports.cmake:1036 (message):
  The imported target "LLVMDemangle" references the file
 
     "/home/ylarod/ndk-r25c/clang/lib64/libLLVMDemangle.a"
 
  but this file does not exist.  Possible reasons include:
 
  * The file was deleted, renamed, or moved to another location.
 
  * An install or uninstall procedure did not complete successfully.
 
  * The installation package was faulty and contained
 
     "/home/ylarod/ndk-r25c/clang/lib64/cmake/llvm/LLVMExports.cmake"
 
  but not all the files it references.
 
Call Stack (most recent call first):

[招生]科锐逆向工程师培训(2024年11月15日实地,远程教学同时开班, 第51期)

最后于 2023-5-23 21:29 被Ylarod编辑 ,原因:
收藏
免费 4
支持
分享
最新回复 (9)
雪    币: 5330
活跃值: (5479)
能力值: ( LV9,RANK:170 )
在线值:
发帖
回帖
粉丝
2
大佬 666
2023-5-24 09:41
0
雪    币: 477
活跃值: (1412)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
3
windows不支持, 其他系统简单
2023-5-24 10:34
0
雪    币: 2486
活跃值: (3261)
能力值: ( LV4,RANK:40 )
在线值:
发帖
回帖
粉丝
4
mb_foyotena windows不支持, 其他系统简单
实在要用Windows的话可以WSL用linux版本的NDK
2023-5-24 11:16
0
雪    币: 4446
活跃值: (3950)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
5
666
2023-5-24 11:16
0
雪    币: 200
能力值: ( LV1,RANK:0 )
在线值:
发帖
回帖
粉丝
6
请问大佬 能不能用来作为rust编译器
2023-10-2 11:53
0
雪    币: 21
能力值: ( LV1,RANK:0 )
在线值:
发帖
回帖
粉丝
7
这个混淆强度怎么样
2023-11-1 15:50
0
雪    币: 200
能力值: ( LV1,RANK:0 )
在线值:
发帖
回帖
粉丝
8
Rust的字符串是字符的结构体不是C字符串。不能混淆字符串 需要另外修改Pass实现的代码. 大佬有兴趣研究下不哇 
2024-3-19 20:48
0
雪    币: 1867
活跃值: (4073)
能力值: ( LV6,RANK:90 )
在线值:
发帖
回帖
粉丝
9
看起来安全sdk开始衍化为rust语言实现了
2024-3-20 09:01
0
雪    币: 3535
活跃值: (31011)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
10
感谢分享
2024-3-20 09:22
1
游客
登录 | 注册 方可回帖
返回
//