解密shc生成的mips架构二进制文件

0   670 转为繁体

SHC 是一个将shell脚本加密成二进制文件的脚本。使用随机生成的密钥对shell脚本进行RC4加密放到一个全局变量中(编译后存在data段),然后在运行时解密。

这个解密脚本修改自UnSHc,使之能解密MIPS架构的二进制文件。原始的版本只支持x86/x64指令集,与MIPS指令集的汇编和调用方式略有不同。

目前有一个偏移量(DATASEGBASE)是硬编码的,由于MIPS的addui使用相对地址,这个值用于和相对地址相加得到变量的绝对地址。暂时还没搞懂是怎么来的,但是可以通过IDA的反汇编得到。

辛酸历程

 

Read More

使用lua-nginx-module缓存JSONP

0   834 转为繁体

最近给畅言加上了单点登录,也就是可以用网站的帐号来在畅言上发射评论。畅言会通过你设置的一个接口来获得用户名,头像等。但是我发现队友畅言会频繁请求这个接口,有时候会达到单个用户一秒钟好几次??

虽然在php层有redis,压力不会很大,但是这样频繁的请求还是会中防CC的策略,影响用户正常的浏览。所以我决定在CDN上做个缓存。

Read More

Solve Xposed module list become empty on Android 6.0 Marshmallow

0   55 转为繁体

中文版本

Recently I found module list in Xposed become empty after I upgrade my Nexus5 to 6.0.1 (M4B30Z, Dec 2016). And all the modules are not activating. So I open logcat and see the following:

Rovo89 said on a xda post that this file should be created if any module is activated. But somehow it didn’t do so on my Nexus5. So I create one myself and set correct permission (0644) and uid (you can run the Xposed Installer app and check the uid through ps |grep xposed). Then I reboot and check logcat again:

Looks like it’s still not working.

Then I realise that Android started to set SELinux to enforce from Lollipop (5.0) so this should be the problem. (We can use dmesg|grep audit to check if the problem really related to SELinux. ) I compared a random file under /data/data to the file we just created:

So all we need to do is to change this conf/modules.list to u:object_r:app_data_file:s0:c512,c768 as well

restorecon is a applet shipped with toybox, we can also use chcon to manually set SELinux context.