Go Back   Exetools > General > General Discussion


Thread Tools Display Modes
Prev Previous Post   Next Post Next
Old 01-19-2024, 04:28
CZC CZC is offline
Join Date: Jul 2018
Posts: 33
Rept. Given: 0
Rept. Rcvd 30 Times in 4 Posts
Thanks Given: 5
Thanks Rcvd at 141 Times in 20 Posts
CZC Reputation: 30
How to link a dynamic .so library to create a static executable?

I'm trying to reverse the license mechanism of a Rigol oscilloscope (DHO800 series) based on a cortex-a72 CPU.
It is Android based and has its main application an .apk file.
Inside this there is a huge ARM64 .so library that contains all the relevant code.
I've first disassembled it in IDA Pro and produced a 1.4GB asm file.
All symbols are present in the file so that is very helpful.

My first approach was to write a Perl script and extract only the functions of interest while also replacing some asm instructions so it compiles with GAS.
I've made some test programs calling asm functions (which to make life harder were written in C++ and I had to de/mangle their names).
I've cross-compiled it for aarch64 and then run the static executable with qemu-aarch64. This worked fine and I was able to extract some knowledge.
Unfortunately the calling tree is huge and I couldn't keep up with all the unresolved references.

My second approach was to create a ARM64 disk image with a full debian system which can run in emulation with qemu-system-aarch64.
I wanted to use the original .so file and just create a dynamically linked executable which I can then run in the emulator.
This didn't work either because a lot of the dynamic symbols were versioned and I had to use all the original scope libraries.
The main .so requires half a dozen of other .so which then require almost 50 other .so libraries. Linking failed with some cryptic "index" mismatches.

I've then tried to use patchelf which lets you add/remove needed libraries, clear-symbol-version and rename-dynamic-symbols of my library.
I've then created my own .so lib with all the unresolved functions (as hooks which then call relevant libc functions). This almost worked:
I was able to compile my test program without any errors. But when I try to run it on qemu or when I ldd the library I get:
$ ldd libscope-auklet.so
Inconsistency detected by ld.so: dl-version.c: 204: _dl_check_map_versions: Assertion `needed != NULL' failed!
I think using the dynamic linker is a lost cause so what I want to do is to
get rid of all the dynamic symbols in my library and convert them to static
(function calls). Using objdump/objcopy I could place all the missing functions as an extension in the .text section.
Can someone suggest a way to do this with as little manual work as possible?
Reply With Quote
The Following User Says Thank You to CZC For This Useful Post:
sendersu (01-20-2024)

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

All times are GMT +8. The time now is 11:10.

Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )