Android-Syscall-Logger

Overview

Android-Syscall-Logger

​ A kernel module that hook some of your system call on your Android Device by rewriting syscall table.

Prerequisite

  • pixel 1
  • android-8.1.0_r1 == OPM1.171019.011
  • Root Access
  • Set CONFIG_DEBUG_RODATA to false so you are allowable to rewrite the syscall table.

Testing Environment

  • OS: Kali Linux (I personly recommend you use Kali Linux as I do, since it look way damn good than Ubuntu)
  • Android Linux Kernel version: 3.18.70-g1292056

Advantage

  • capturing your prefer syscall on a living device, lower the posibility of being detected comparing to emulator(unicorn)

Reconfig Your kernel first

  • Change Directory to your kernel(suppose you kernel folder is located like this ~/aosp810r1/kernel/msm/), then use the following command below. Wrap them inside a script if you prefer.

  • export ARCH=arm64 &&
  • export PATH=~/aosp810r1/prebuilts/gcc/linux-x86/aarch64/aarch64-linux-android-4.9/bin:$PATH &&
  • export CROSS_COMPILE=aarch64-linux-android- &&
  • make menuconfig

  • A Gui based menu will pop up on you screen.
  • 5
  • I recommend you use the following setings as I do.
  • CONFIG_MODULES=Y
  • CONFIG_STRICT_MEMORY_RWX=N / CONFIG_DEBUG_RODATA=N
  • CONFIG_DEVMEM=Y
  • CONFIG_DEVKMEM=Y
  • CONFIG_KALLSYMS=Y
  • CONFIG_KALLSYMS_ALL=Y
  • CONFIG_HAVE_KPROBES=Y
  • CONFIG_HAVE_KRETPROBES=Y
  • CONFIG_HAVE_FUNCTION_TRACER=Y
  • CONFIG_HAVE_FUNCTION_GRAPH_TRACER=Y
  • CONFIG_TRACING=Y
  • CONFIG_FTRACE=Y

  • You might ask how to find each of these settings? Tab / , and you shall see a search bar upcoming. Copy it, paste it, and find it.
  • 8
  • 9
  • Once you finish your editing, run make command again which would create a kernel Image and then flash it to your device.
  • 10
  • Like this:
  • 11
  • Check if your kernel is modified.
  • 13

Compile & Usage

  1. Excellent, I suppose you have reconfigured your kernel already. We can finally launch our missile~
  2. First of all, let take a little adjustment on your Makefile
  3. 1
  4. Reset your sys_call_table address by reading /proc/kallsyms, if it shows 0 to you. [echo 0 > /proc/sys/kernel/kptr_restrict] should reveal their true address instead of 0.
  5. 6
  6. Run make to compile the code. Which it should create a file that ends with .ko, that's your kernel module.
  7. push kernel module to a certain directory at your phone.
  8. 2
  9. Initialize your module immediately by using [insmod xxxx.ko]
  10. 3
  11. Starting monitoring your log from kernel by using [dmesg -w | grep "myLog"]
  12. 4
  13. Enjoy your pleasure.
  14. 5

FAQ

  • where I place my project and my kernel? 14

Credits

Releases(v1.0)
A DC power monitor and data logger

Hoverboard Power Monitor I wanted to gain a better understanding of the power consumption of my hoverboard during different riding situations. For tha

Niklas Roy 22 May 1, 2021
📝 Kernel module that can be used as a replacement for logger or logwrapper

Kernel logger Kernel logger is a kernel module that can be used as a replacement for logger or logwrapper. Its log is similar to systemd's journal and

Tian Yuanhao 38 May 21, 2022
An Ultra Low Power temperature logger based on the ESP8266 MCU.

Temperature logging IoT node Overview: The real node wired on a breadboard This is an ultra low power (ULP) temperature logging IoT node based on the

Radhi SGHAIER 11 Feb 22, 2022
A simple Keystroke logger written in C++

BufferX A simple keylogger written in C++ Disclaimer: This project is made for knowledge and learning purpose. I am not responsible for any damage , i

Ibne Nahian 2 Sep 20, 2021
zeroEngine Logger Code-Base

zero-logger zeroEngine Logger - Part of zeroSDK Features basic log-levels lightweight unicode support by native wchar_t multibyte chars support platfo

Denis 1 Dec 11, 2021
Building a basic logger from scratch using the C programming language.

Logger Building a basic logger from scratch using the C programming language. Compiling and Running the program: Using the gcc compiler: gcc example.c

Nicolas Gonzalez 1 May 14, 2022
Fast binary logger for C++

Highlights Logs messages in a compact binary format Fast Hundreds of millions of logs per second Average latency of 2-7 ns for basic data types See be

Pranav 163 Aug 6, 2022
Windows token logger written in c++ with option of persistence

Windows token logger written in c++ with option of persistence

null 3 Feb 3, 2022
Some source code to demonstrate avoiding certain direct syscall detections by locating and JMPing to a legitimate syscall instruction within NTDLL.

hiding-your-syscalls What is this? This repository contains all of the source code from my blog post about avoiding direct syscall detections, which y

null 195 Aug 5, 2022
An easy to build CO2 Monitor/Meter with Android and iOS App for real time visualization and charting of air data, data logger, a variety of communication options (BLE, WIFI, MQTT, ESP-Now) and many supported sensors.

CO2-Gadget An easy to build CO2 Monitor/Meter with cell phone App for real time visualization and charting of air data, datalogger, a variety of commu

Mariete 22 Aug 5, 2022
x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration

anycall x64 Windows kernel code execution via user-mode, arbitrary syscall, vulnerable IOCTLs demonstration Read: https://www.godeye.club/2021/05/14/0

Kento Oki 137 Aug 3, 2022
Celeborn is a Userland API Unhooker that I developed for learning Windows APIs and Syscall implementations

Celeborn is a Userland API Unhooker that I developed for learning Windows APIs and Syscall implementations. It mainly detects and patches hooking instructions in NTDLL.dll file. All PRs are welcome!

Furkan Göksel 101 Jul 19, 2022
ebpf syscall recording demo project

ebpf syscall recording demo project

Sascha Grunert 9 Jun 7, 2022
hooking the execve syscall, to randomly sabotage typed bash commands.

Syscall hooks A small project of hooking the execve() syscall, to randomly sabotage typed bash commands. This project was tested on 5.11.0-38-generic.

ilevi 4 Aug 2, 2022
Dectect syscall hooking using eBPF

BPF-HookDetect Detect Kernel Rootkits hooking syscalls Overview Details To Build To Run Example Test Resources Overview Kernel Rootkits such as Diamor

pat_h/to/file 82 Jul 31, 2022
raincoat is a shellcode injector that uses direct syscall invoking.

raincoat is a shellcode injector that uses direct syscall invoking. by liz @realhaxorleet & ellyysium @ellyysium opening the code may cause brain dama

null 5 Jan 29, 2022
A DC power monitor and data logger

Hoverboard Power Monitor I wanted to gain a better understanding of the power consumption of my hoverboard during different riding situations. For tha

Niklas Roy 22 May 1, 2021
📝 Kernel module that can be used as a replacement for logger or logwrapper

Kernel logger Kernel logger is a kernel module that can be used as a replacement for logger or logwrapper. Its log is similar to systemd's journal and

Tian Yuanhao 38 May 21, 2022
Custom Arduino-based temperature and humidity data logger.

Arduino Datalogger A custom data logger based on ATmega32u4 with a custom PCB. The device features the following main components: Atmel ATmega32u4 MCU

Valentin Bersier 7 Jul 19, 2021
An Ultra Low Power temperature logger based on the ESP8266 MCU.

Temperature logging IoT node Overview: The real node wired on a breadboard This is an ultra low power (ULP) temperature logging IoT node based on the

Radhi SGHAIER 11 Feb 22, 2022
A simple Keystroke logger written in C++

BufferX A simple keylogger written in C++ Disclaimer: This project is made for knowledge and learning purpose. I am not responsible for any damage , i

Ibne Nahian 2 Sep 20, 2021
zeroEngine Logger Code-Base

zero-logger zeroEngine Logger - Part of zeroSDK Features basic log-levels lightweight unicode support by native wchar_t multibyte chars support platfo

Denis 1 Dec 11, 2021
Building a basic logger from scratch using the C programming language.

Logger Building a basic logger from scratch using the C programming language. Compiling and Running the program: Using the gcc compiler: gcc example.c

Nicolas Gonzalez 1 May 14, 2022
Fast binary logger for C++

Highlights Logs messages in a compact binary format Fast Hundreds of millions of logs per second Average latency of 2-7 ns for basic data types See be

Pranav 163 Aug 6, 2022
Non bloated asynchronous logger

Minimal Asynchronous Logger (MAL) A performant asynchronous data logger with acceptable feature-bloat. Credit To my former employer Diadrom AB. for al

null 216 May 15, 2022
Windows token logger written in c++ with option of persistence

Windows token logger written in c++ with option of persistence

null 3 Feb 3, 2022
Anotter USB temperature logger that can record up to four channels with thermocouple or NTCs connected via CDC directly or SCPI to USB.

temperature-logger Anotter USB temperature logger that can record up to four channels with thermocouple or NTCs connected via CDC directly or SCPI to

Jana Marie Hemsing 47 Apr 6, 2022
A customized LGL Android mod menu, containing ESP only for PUBG Mobile 1.3.0 for Android

PUBG Mobile ESP Mod Menu A customized LGL mod menu, containing ESP only for PUBG Mobile 1.3.0 for Android. Everything are fixed so it works with both

null 42 Mar 19, 2022