Readelf 获取Android So `.note.android.ident`

forevermgg2024-09-11 21:25

androidNOTE Section.note.android.ident

.note.android.ident section 是由这个 ndk/sources/crt/crtbrand.S 汇编代码文件引入的,其中放了包括 android_apindk_versionndk_build_number 三段信息。

1.readelfstring-dump功能将其dump出来:

readelf --string-dump=.note.android.ident $ANDROID_NDK_HOME/toolchains/llvm/prebuilt/darwin-x86_64/sysroot/usr/lib/aarch64-linux-android/libc++_shared.so

String dump of section '.note.android.ident':
  [     c]  Android
  [    18]  r21e
  [    58]  7075529

readelf --hex-dump=.note.android.ident $ANDROID_NDK_HOME/toolchains/llvm/prebuilt/darwin-x86_64/sysroot/usr/lib/aarch64-linux-android/libc++_shared.so

Hex dump of section '.note.android.ident':
  0x000d59fc 08000000 84000000 01000000 416e6472 ............Andr
  0x000d5a0c 6f696400 15000000 72323165 00000000 oid.....r21e....
  0x000d5a1c 00000000 00000000 00000000 00000000 ................
  0x000d5a2c 00000000 00000000 00000000 00000000 ................
  0x000d5a3c 00000000 00000000 00000000 00000000 ................
  0x000d5a4c 00000000 00000000 37303735 35323900 ........7075529.
  0x000d5a5c 00000000 00000000 00000000 00000000 ................
  0x000d5a6c 00000000 00000000 00000000 00000000 ................
  0x000d5a7c 00000000 00000000 00000000 00000000 ................
  0x000d5a8c 00000000 00000000

printf "%d\n" 0x15
21

2. objcopy.note.android.ident整个copy到一个文件中,后续再写一个简单的脚本按NOTE Section数据结构解析处理即可。

$ANDROID_NDK_HOME/ndk-which --abi arm64-v8a objcopy 
/Users/xxx/Library/Android/sdk/ndk/21.4.7075529/prebuilt/darwin-x86_64/bin/../../../toolchains/llvm/prebuilt/darwin-x86_64/bin/aarch64-linux-android-objcopy

alias objcopy=$ANDROID_NDK_HOME/toolchains/llvm/prebuilt/darwin-x86_64/bin/llvm-objcopy

objcopy --dump-section=.note.android.ident=libc++_shared.so.android.note $ANDROID_NDK_HOME/toolchains/llvm/prebuilt/darwin-x86_64/sysroot/usr/lib/aarch64-linux-android/libc++_shared.so

ls -la
total 14616
drwxr-xr-x@ 5 forevermeng  staff      160  8 16 13:54 .
drwxr-xr-x@ 4 forevermeng  staff      128  8 14 21:26 ..
-rw-r--r--  1 forevermeng  staff      152  8 16 13:54 libc++_shared.so.android.note
-rw-r--r--@ 1 forevermeng  staff  5500080  8 14 20:58 libcallbackhandler.so
-rw-r--r--@ 1 forevermeng  staff  1977680  8 14 20:58 libchromium_android_linker.so

3.xxd解析note

xxd libc++_shared.so.android.note
00000000: 0800 0000 8400 0000 0100 0000 416e 6472  ............Andr
00000010: 6f69 6400 1500 0000 7232 3165 0000 0000  oid.....r21e....
00000020: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000030: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000040: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000050: 0000 0000 0000 0000 3730 3735 3532 3900  ........7075529.
00000060: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000070: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000080: 0000 0000 0000 0000 0000 0000 0000 0000  ................
00000090: 0000 0000 0000 0000

4. ndk/parse_elfnote.py, 可以直接用来解析 .note.android.ident

https://android.googlesource.com/platform/ndk/+/refs/heads/main/ndk/

#
# Dump the contents of the .note.android.ident section, a NOTE section
# embedded into Android binaries. See here:
#  - master: ndk/sources/crt/crtbrand.S
#  - master: bionic/libc/arch-common/bionic/crtbrand.S
#  - NDK before r14: development/ndk/platforms/common/src/crtbrand.c
#
# Note sections can also be dumped with `readelf -n`.
#

https://android.googlesource.com/platform/ndk/+/refs/heads/main/parse_elfnote.py

4.1 parse_elfnote.py
#!/usr/bin/env python3
#
# Copyright (C) 2016 The Android Open Source Project
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#      http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

#
# Dump the contents of the .note.android.ident section, a NOTE section
# embedded into Android binaries. See here:
#  - master: ndk/sources/crt/crtbrand.S
#  - master: bionic/libc/arch-common/bionic/crtbrand.S
#  - NDK before r14: development/ndk/platforms/common/src/crtbrand.c
#
# Note sections can also be dumped with `readelf -n`.
#

from __future__ import division, print_function

import argparse
import logging
import shutil
import struct
import subprocess
import sys
import os
from typing import Optional
from pathlib import Path

SEC_NAME = ".note.android.ident"
NDK_RESERVED_SIZE = 64


def logger():
    """Returns the module logger."""
    return logging.getLogger(__name__)


def round_up_to_nearest(val, step):
    """Round an integer, val, to the next multiple of a positive integer,
    step."""
    return (val + (step - 1)) // step * step


class StructParser:
    def __init__(self, buf):
        self.buf = buf
        self.pos = 0

    @property
    def remaining(self):
        return len(self.buf) - self.pos

    @property
    def empty(self):
        return self.remaining == 0

    def read(self, read_len):
        buf = self.buf[self.pos: read_len + self.pos]
        self.pos += read_len
        return buf

    def read_struct(self, fmt, kind):
        fmt = struct.Struct(fmt)
        if self.remaining < fmt.size:
            sys.exit("error: {} was truncated".format(kind))
        return fmt.unpack(self.read(fmt.size))


def iterate_notes(sec_data):
    sec_data = StructParser(sec_data)
    while not sec_data.empty:
        (namesz, descsz, kind) = sec_data.read_struct("<III", "note header")
        (name, desc) = sec_data.read_struct(
            "{}s{}s".format(
                round_up_to_nearest(namesz, 4), round_up_to_nearest(descsz, 4)
            ),
            "note body",
        )
        name = name[:namesz]
        if len(name) > 0:
            if name[-1:] == b"\0":
                name = name[:-1]
            else:
                logger().warning("note name %s isn't NUL-terminated", name)
        yield name, kind, desc[:descsz]


def dump_android_ident_note(note):
    note = StructParser(note)
    (android_api,) = note.read_struct("<I", "note descriptor")
    print("ABI_ANDROID_API: {}".format(android_api))
    if note.empty:
        return
    # Binaries generated by NDK r14 and later have these extra fields. Platform
    # binaries and binaries generated by older NDKs don't.
    ndk_version, ndk_build_number = note.read_struct(
        "{sz}s{sz}s".format(sz=NDK_RESERVED_SIZE), "note descriptor"
    )
    ndk_version = ndk_version.decode("utf-8")
    ndk_build_number = ndk_build_number.decode("utf-8")
    print("ABI_NDK_VERSION: {}".format(ndk_version.rstrip("\0")))
    print("ABI_NDK_BUILD_NUMBER: {}".format(ndk_build_number.rstrip("\0")))
    if not note.empty:
        logger().warning("excess data at end of descriptor")


# Get the offset to a section from the output of readelf
def get_section_pos(readelf: Path, sec_name: str, file_path: str) -> tuple[int, int]:
    cmd = [readelf, "--sections", "-W", file_path]
    output = subprocess.check_output(cmd)
    lines = output.decode("utf-8").splitlines()
    for line in lines:
        logger().debug('Checking line for "%s": %s', sec_name, line)
        # Looking for a line like the following (all whitespace of unknown
        # width).
        #
        #   [ 8] .note.android.ident NOTE 00000000 0000ec 000098 00 A 0 0 4
        #
        # The only column that might have internal whitespace is the first one.
        # Since we don't care about it, remove the head of the string until the
        # closing bracket, then split.
        if "]" not in line:
            continue
        line = line[line.index("]") + 1:]

        sections = line.split()
        if len(sections) < 5 or sec_name != sections[0]:
            continue
        off = int(sections[3], 16)
        size = int(sections[4], 16)
        return (off, size)
    sys.exit("error: failed to find section: {}".format(sec_name))


def get_ndk_install_path() -> Optional[Path]:
    ndk = os.getenv("ANDROID_NDK_HOME")
    if ndk is not None:
        return Path(ndk)
    ndk = os.getenv("ANDROID_NDK")
    if ndk is not None:
        return Path(ndk)
    android_sdk = os.getenv("ANDROID_HOME")
    ndk_versioin = os.getenv("ANDROID_NDK_VERSION")
    if android_sdk is not None and ndk_versioin is not None:
        return Path(android_sdk) / "ndk" / ndk_versioin
    return None


def readelf_from_ndk(ndk: Path) -> Path:
    if not ndk.exists():
        raise ValueError(f"--ndk is {ndk} but that path does not exist")
    prebuilt_dir = ndk / "toolchains/llvm/prebuilt"
    bins = list(prebuilt_dir.glob("*/bin"))
    if not bins:
        raise RuntimeError(f"{prebuilt_dir} contains no */bin")
    if len(bins) != 1:
        raise RuntimeError(f"{prebuilt_dir} contains more than one */bin")
    bin_dir = bins[0]

    readelf = (bin_dir / "llvm-readelf").with_suffix(
        ".exe" if sys.platform == "win32" else ""
    )
    if not readelf.exists():
        raise RuntimeError(f"{readelf} does not exist")
    return readelf


def find_readelf(ndk: Optional[Path]) -> Path:
    if ndk is not None:
        return readelf_from_ndk(ndk)
    if (install_path := get_ndk_install_path()) is not None:
        return readelf_from_ndk(install_path)
    if (readelf := shutil.which("llvm-readelf")) is not None:
        return Path(readelf)
    if (readelf := shutil.which("readelf")) is not None:
        return Path(readelf)
    raise RuntimeError(
        "Could not find llvm-readelf or readelf in PATH and could find find any NDK"
    )


def parse_args():
    """Parses command line arguments."""
    parser = argparse.ArgumentParser()
    parser.add_argument("file_path", help="path of the ELF file with embedded ABI tags")
    parser.add_argument(
        "-v",
        "--verbose",
        dest="verbosity",
        action="count",
        default=0,
        help="Increase logging verbosity.",
    )
    parser.add_argument(
        "--ndk",
        type=Path,
        help="Path to the NDK. If given, the NDK's llvm-readelf will be used.",
    )
    return parser.parse_args()


def main():
    args = parse_args()
    if args.verbosity == 1:
        logging.basicConfig(level=logging.INFO)
    elif args.verbosity >= 2:
        logging.basicConfig(level=logging.DEBUG)
    else:
        logging.basicConfig()

    file_path = args.file_path

    readelf = find_readelf(args.ndk)

    with open(file_path, "rb") as obj_file:
        (sec_off, sec_size) = get_section_pos(readelf, SEC_NAME, file_path)

        obj_file.seek(sec_off)
        sec_data = obj_file.read(sec_size)
        if len(sec_data) != sec_size:
            sys.exit("error: could not read {} section".format(SEC_NAME))

        print("----------ABI INFO----------")
        if len(sec_data) == 0:
            logger().warning("%s section is empty", SEC_NAME)
        for name, kind, desc in iterate_notes(sec_data):
            if (name, kind) == (b"Android", 1):
                dump_android_ident_note(desc)
            else:
                logger().warning(
                    "unrecognized note (name %s, type %d)", repr(name), kind
                )
        #############################
        (sec_off, sec_size) = get_section_pos(readelf, ".note.gnu.build-id", file_path)

        obj_file.seek(sec_off)
        sec_data = obj_file.read(sec_size)

        print("----------BUILD ID----------")
        if len(sec_data) == 0:
            logger().warning(".note.gnu.build-id section is empty")
        for name, kind, desc in iterate_notes(sec_data):
            if (name, kind) == (b"GNU", 3):
                print("".join(format(x, "02x") for x in desc))
            else:
                logger().warning(
                    "unrecognized note (name %s, type %d)", repr(name), kind
                )



if __name__ == "__main__":
    main()
 

python3 parse_elfnote.py core-1.38.0/jni/arm64-v8a/libarcore_sdk_c.so
----------ABI INFO----------
ABI_ANDROID_API: 21
ABI_NDK_VERSION: r25
ABI_NDK_BUILD_NUMBER: 8775105
----------BUILD ID----------
50263bfe58995b3bef5fa5e659315d0f
4.2例子:静态连接libc++_shared.so查看 ndkversion
 python3 parse_elfnote.py output/Android/arm64-v8a/libxxx.so
----------ABI INFO----------
ABI_ANDROID_API: 21
ABI_NDK_VERSION: r25b
ABI_NDK_BUILD_NUMBER: 8937393
----------BUILD ID----------
5fbce0048d153596f17e8154bccf17155e5e8f67
相关推荐
技术无疆1 小时前
ButterKnife:Android视图绑定的简化专家
android·java·android studio·android-studio·androidx·butterknife·视图绑定
JohnsonXin2 小时前
【兼容性记录】video标签在 IOS 和 安卓中的问题
android·前端·css·ios·h5·兼容性
服装学院的IT男3 小时前
【Android 13源码分析】WindowContainer窗口层级-3-实例分析
android·数据库
Python私教4 小时前
JavaScript 基于生成器的异步编程方案相关代码分享
android·javascript·okhttp
文 丰5 小时前
【Android Studio】app:compileDebugJavaWithJavac FAILED解决办法
android·ide·android studio
寰宇软件5 小时前
Android横竖屏 mdpi hdpi xhdpi xxhdpi xxxhdpi
android
文 丰5 小时前
【Android Studio】2024.1.1最新版本AS调试老项目(老版AS项目文件、旧gradle)导入其他人的项目
android·ide·android studio
Yongqiang Cheng6 小时前
在线查看 Android 系统源代码 Android Code Search
android·在线查看·android 系统源代码·code search
CYRUS STUDIO6 小时前
LineageOS源码下载和编译(Xiaomi Mi 6X,wayne)
android·刷机·lineageos·android源码编译
竹等寒8 小时前
中间件常见漏洞
android·web安全·网络安全·中间件
热门推荐
01RAG 实践- Ollama+RagFlow 部署本地知识库02组基轨迹建模 GBTM的介绍与实现(Stata 或 R)032024年高教社杯数学建模国赛C题超详细解题思路分析04CANoe Trace窗口过滤栏消失的几种解决方法(附上最终解决方案)05苍穹外卖面试总结06【2024数模国赛赛题思路公开】国赛B题思路丨附可运行代码丨无偿自提0751-2 万字长文,深度解读端到端自动驾驶的挑战和前沿08Coze扣子平台完整体验和实践(附国内和国际版对比)09【2024高教社杯全国大学生数学建模竞赛】B题 生产过程中的决策问题——解题思路 代码 论文10【立创EDA-PCB设计基础】6.布线铺铜实战及细节详解