解密shc生成的mips架構二進制文件

0   674 轉為簡體

SHC 是一個將shell腳本加密成二進制文件的腳本。使用隨機生成的密鑰對shell腳本進行RC4加密放到一個全局變量中(編譯後存在data段),然後在運行時解密。

這個解密腳本修改自UnSHc,使之能解密MIPS架構的二進制文件。原始的版本只支持x86/x64指令集,與MIPS指令集的彙編和調用方式略有不同。

目前有一個偏移量(DATASEGBASE)是硬編碼的,由於MIPS的addui使用相對地址,這個值用於和相對地址相加得到變量的絕對地址。暫時還沒搞懂是怎麼來的,但是可以通過IDA的反彙編得到。

辛酸歷程

 

Read More

使用lua-nginx-module緩存JSONP

0   839 轉為簡體

最近給暢言加上了單點登錄,也就是可以用網站的帳號來在暢言上發射評論。暢言會通過你設置的一個接口來獲得用戶名,頭像等。但是我發現隊友暢言會頻繁請求這個接口,有時候會達到單個用戶一秒鐘好幾次??

雖然在php層有redis,壓力不會很大,但是這樣頻繁的請求還是會中防CC的策略,影響用戶正常的瀏覽。所以我決定在CDN上做個緩存。

Read More

Solve Xposed module list become empty on Android 6.0 Marshmallow

0   58 轉為簡體

中文版本

Recently I found module list in Xposed become empty after I upgrade my Nexus5 to 6.0.1 (M4B30Z, Dec 2016). And all the modules are not activating. So I open logcat and see the following:

Rovo89 said on a xda post that this file should be created if any module is activated. But somehow it didn’t do so on my Nexus5. So I create one myself and set correct permission (0644) and uid (you can run the Xposed Installer app and check the uid through ps |grep xposed). Then I reboot and check logcat again:

Looks like it’s still not working.

Then I realise that Android started to set SELinux to enforce from Lollipop (5.0) so this should be the problem. (We can use dmesg|grep audit to check if the problem really related to SELinux. ) I compared a random file under /data/data to the file we just created:

So all we need to do is to change this conf/modules.list to u:object_r:app_data_file:s0:c512,c768 as well

restorecon is a applet shipped with toybox, we can also use chcon to manually set SELinux context.