You're not building an executable, you're building a shared library. Quoting from http://pastebin.com/iTFPs3Q2
LOCAL_MODULE := hello-jni LOCAL_SRC_FILES := hello-jni.c multiple.s shellcode.s *include $(BUILD_SHARED_LIBRARY) * Shared libraries are loaded into a running process, and inherit the exec stack setting of zygote. You need to build a standalone executable and run it, and not use a shared library. -- Nick On Tue, Feb 28, 2012 at 4:44 AM, Christian <[email protected]> wrote: > Thank you for your replies. However, we have tried to recompile our > shellcode with the option > > LOCAL_DISABLE_NO_EXECUTE := true > > but the result is always the same: the stack remains non executable > (on Android 4.0.3). > We have also tried with the options > > LOCAL_CFLAGS += -Wa,--execstack > LOCAL_LDFLAGS += -Wl,-z,execstack > > and the behaviour is again the same. > Debugging our shellcode, when the execution should continue from the > shellcode itself, we get the following message (using Keil Development > Studio 5): > > ERROR(CMD440-COR182-TAD23-NAL31): > ! Stepping failed > ! Failed to step instruction at 0xBEEF0404 > ! Unable to step device gdbserver > ! Step timed out > > where 0xBEEF0404 is the start address of our shellcode. > Moreover, we have analysed with "readelf" the elf file produced by the > compilation, and the stack is marked as RW (no execute). > Our complete Android.mk is this: http://pastebin.com/iTFPs3Q2 > We successfully tested our shellcode both on Android 1.5 and Android > 2.2. > > On 27 Feb, 20:05, Nick Kralevich <[email protected]> wrote: > > In the NDK, you should be able to set "DISABLE_NO_EXECUTE" to true to > > disable noexec protections. > > > > Alternately, like Rodrigo implied, you should be able to set the > following > > CFLAG: > > > > -Wa,--execstack > > > > and the following LDFLAG > > > > -Wl,-z,execstack > > > > (untested) > > > > -- Nick > > > > On Mon, Feb 27, 2012 at 10:52 AM, Antonio < > > > > > > > > > > > > > > > > > > > > [email protected]> wrote: > > > Hi all! > > > > > We are a couple of Information Technology Engineering students and we > > > are doing a research work, for the IT Security exam, about the > > > possibility to perform buffer overflow attacks on Android devices. > > > > > We know that the actual version supports ASLR, ProPolice and NX. We > > > have already disabled ProPolice (using LOCAL_CFLAGS := -fno-stack- > > > protector in the Makefile); ASLR is not a problem because our simple > > > shellcode doesn't jump to external code pieces: it calls the needed > > > syscalls through their identifiers. The problem is that we aren't able > > > to make the process stack executable! We don't know if and how it is > > > possible. > > > > > In order to test our shellcode, we tried on an old version of Android, > > > the 1.5 (where the stack was executable) and it works fine. > > > > > Our configuration is the following: > > > * Eclipse Java EE IDE for Web Developers versione 3.7.1 Indigo (32 > > > bit) on a Windows 7 box. > > > * Android SDK revision 16. > > > * Android 4.0.3 IceCream Sandwich with API level 15. > > > * Android NDK release 7. > > > * The Android Virtual Device virtualizes a Cortex-A8 based on ARMv7. > > > * For the debugging we are working with the Eclipse plugin: Keil ARM > > > Development Studio 5 Community Edition version 5.8. > > > > > Is there someone who can help us? > > > > > Thank you in advance! > > > > > Antonio and Christian > > > > > -- > > > You received this message because you are subscribed to the Google > Groups > > > "Android Security Discussions" group. > > > To post to this group, send email to > > > [email protected]. > > > To unsubscribe from this group, send email to > > > [email protected]. > > > For more options, visit this group at > > >http://groups.google.com/group/android-security-discuss?hl=en. > > > > -- > > Nick Kralevich | Android Security | [email protected] | 650.214.4037 > > -- > You received this message because you are subscribed to the Google Groups > "Android Security Discussions" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/android-security-discuss?hl=en. > > -- Nick Kralevich | Android Security | [email protected] | 650.214.4037 -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
