hngopher.com

       [HN Gopher] Adding code to an existing ELF file
       ___________________________________________________________________
        
       Adding code to an existing ELF file
        
       Author : dropbear3
       Score  : 81 points
       Date   : 2022-05-09 13:15 UTC (9 hours ago)
        
 (HTM) web link (dropbear.sh)
 (TXT) w3m dump (dropbear.sh)
        
       | eatonphil wrote:
       | Very neat! Less hacky than I expected. It looks like it all just
       | reads in the ELF file, makes the change to the ELF data
       | structures in memory and then writes back out a new ELF file?
        
       | sim7c00 wrote:
       | looks like a neat way around the hell of patching relocations.
       | though, if you'd want to modify the binary arbitrarily and not
       | hijack sections or such things, it might be nice to look into
       | that.
        
       | randomhodler84 wrote:
       | This is a great write up dropbear, I learned a few things! Please
       | keep blogging, this is some quality content!
        
       | garaetjjte wrote:
       | When I needed to "destatify" executable, to patch statically
       | compiled library functions to shared imports I used LIEF library:
       | https://milek7.pl/.stuff/galdocs/destaticizer.py
        
       | OnlyMortal wrote:
       | Code can also be added to mach-o binaries. An old OSX copy
       | protection system did this.
        
       | nneonneo wrote:
       | I've had great success using Frida (https://frida.re/) to do
       | stuff like this recently. Frida injects a V8 runtime into the
       | target process, enabling you to use JavaScript to dynamically
       | patch/inspect/modify code and data, with all of the JavaScript
       | running inside the target process so there's minimal impact on
       | performance. They provide a nice Python API for remotely
       | controlling the process.
       | 
       | It works on rooted devices, debuggable apps, and can also be
       | added to an existing APK with minimal effort (just patch a single
       | Java class and add a native library - there are scripts to do it
       | for you).
        
         | franga2000 wrote:
         | Just a year or two ago I would've laughed at the idea of using
         | an injected JavaScript engine to do dynamic instrumentation,
         | but now I rarely go a week without using Frida for either work
         | or personal projects and enjoy every moment of it.
         | 
         | It's one of those tools that is clearly made by someone who
         | completely gets how it's going to be used. Every time you want
         | it to do something "new", it turns out there's already a short
         | paragraph in the docs that you skimmed over explaining either
         | how to do it or pointing you at an "extension" that can.
        
       ___________________________________________________________________
       (page generated 2022-05-09 23:01 UTC)