Home Explore Help
Sign In
doublesine
/
navicat-keygen
Watch 27
Star 51
Fork 53
Files Issues 24 Pull Requests 0 Wiki
Labels Milestones
New Issue

#7 Patching fails with latest Navicat 15.0.19

Closed
opened 4 years ago by vl77 · 10 comments
vl77 commented 4 years ago

While I have successfully compiled the binaries and used them with previous versions of Navicat, trying to patch the latest 15.0.19, it fails and core dumps.

./navicat-patcher /media/ext2/incoming/navicat RegPrivateKey.pem
**********************************************************
*       Navicat Patcher (Linux) by @DoubleLabyrinth      *
*                  Version: 1.0                          *
**********************************************************

Press ENTER to continue or Ctrl + C to abort.

[+] Try to open libcc.so ... Ok!

terminate called without an active exception
Aborted (core dumped)
While I have successfully compiled the binaries and used them with previous versions of Navicat, trying to patch the latest 15.0.19, it fails and core dumps. ``` ./navicat-patcher /media/ext2/incoming/navicat RegPrivateKey.pem ********************************************************** * Navicat Patcher (Linux) by @DoubleLabyrinth * * Version: 1.0 * ********************************************************** Press ENTER to continue or Ctrl + C to abort. [+] Try to open libcc.so ... Ok! terminate called without an active exception Aborted (core dumped) ```
DeltaFoX commented 4 years ago

Confirm this issue on linux...

https://i.imgur.com/c1O7XQv.jpg

regards

Confirm this issue on linux... https://i.imgur.com/c1O7XQv.jpg regards
DeltaFoX commented 4 years ago

libcc.so

https://mega.nz/file/eaJgAKpK#HxPGkXU950bUPF6wygoYm8p8n66r1mB2PtrOcfmkvVc

the problem appears to be in the part of the code at line 129 of the file: PatchSolution0.cpp on linee 129

l = snprintf(nullptr, 0,

                            asm_template, 
                            this->m_DisassemblyEngine.GetRegisterName(char_reg), 
                            this->m_DisassemblyEngine.GetRegisterName(lpsz_reg),
                            PatchMarkRva.value() + offsetof(PatchMarkType, Data)
                        );

specifically in the call of : PatchMarkRva.value()

can be confirm this?

libcc.so https://mega.nz/file/eaJgAKpK#HxPGkXU950bUPF6wygoYm8p8n66r1mB2PtrOcfmkvVc the problem appears to be in the part of the code at line 129 of the file: PatchSolution0.cpp on linee 129 l = snprintf(nullptr, 0, asm_template, this->m_DisassemblyEngine.GetRegisterName(char_reg), this->m_DisassemblyEngine.GetRegisterName(lpsz_reg), PatchMarkRva.value() + offsetof(PatchMarkType, Data) ); specifically in the call of : PatchMarkRva.value() can be confirm this?
Double Sine commented 4 years ago
Owner

I think that is because PatchMarkRva has not been given a value when code runs there. It seems the previous code

...
...
            {
                std::map<Elf64_Off, Elf64_Xword> SpaceMap{ { 0, m_Image.ElfSize() } };
                
                SearchFreeSpace(SpaceMap, m_Image);
                
                for (const auto& space : SpaceMap) {
                    bool found = false;
                    auto offset = space.first;
                    auto size = space.second;
                    
                    if (size >= sizeof(PatchMarkType)) {
                        for (size_t i = 0; i < m_Image.NumberOfElfProgramHeaders(); ++i) {
                            auto seg_hdr = m_Image.ElfProgramHeader(i);
                            if (seg_hdr->p_type == PT_LOAD && seg_hdr->p_offset + seg_hdr->p_filesz == offset) {
                                RefSegment = seg_hdr;
                                PatchMarkOffset = offset;
                                PatchMarkRva = m_Image.ConvertOffsetToRva(offset - 1) + 1;
                                found = true;
                                break;
                            }
                        }
                    }

                    if (found) {
                        break;
                    }
                }
            }
...
...

did not find free space to store our public key.

That would be a big problem. I need to figure out a new solution.

I think that is because `PatchMarkRva` has not been given a value when code runs there. It seems the previous code ```cpp ... ... { std::map<Elf64_Off, Elf64_Xword> SpaceMap{ { 0, m_Image.ElfSize() } }; SearchFreeSpace(SpaceMap, m_Image); for (const auto& space : SpaceMap) { bool found = false; auto offset = space.first; auto size = space.second; if (size >= sizeof(PatchMarkType)) { for (size_t i = 0; i < m_Image.NumberOfElfProgramHeaders(); ++i) { auto seg_hdr = m_Image.ElfProgramHeader(i); if (seg_hdr->p_type == PT_LOAD && seg_hdr->p_offset + seg_hdr->p_filesz == offset) { RefSegment = seg_hdr; PatchMarkOffset = offset; PatchMarkRva = m_Image.ConvertOffsetToRva(offset - 1) + 1; found = true; break; } } } if (found) { break; } } } ... ... ``` did not find free space to store our public key. That would be a big problem. I need to figure out a new solution.
DeltaFoX commented 4 years ago

ok thank's for the info.

low space here :

https://i.imgur.com/seZLcir.jpg

this lib might be useful :

https://lief.quarkslab.com/

for Code injection?

Regards

ok thank's for the info. low space here : https://i.imgur.com/seZLcir.jpg this lib might be useful : https://lief.quarkslab.com/ for Code injection? Regards
vl77 commented 4 years ago
Poster

Any news on this one...?

Any news on this one...?
vl77 commented 4 years ago
Poster

Hey @doublesine, have you had the chance to look into this issue?

Hey @doublesine, have you had the chance to look into this issue?
DeltaFoX commented 4 years ago

15.0.20 Online Work again..

15.0.20 Online Work again..
vl77 commented 4 years ago
Poster

Yeap, at least on Windows it works fine. I will test later on Linux.

Yeap, at least on Windows it works fine. I will test later on Linux.
DeltaFoX commented 4 years ago

Already tested linux version work fine

Already tested linux version work fine
vl77 commented 4 years ago
Poster

Ok, version 15.0.19 was a failure, 15.0.20 for Linux and 15.0.18 for Windows are ok.

Closing this.

Ok, version 15.0.19 was a failure, 15.0.20 for Linux and 15.0.18 for Windows are ok. Closing this.
vl77 closed 4 years ago
Sign in to join this conversation.
Labels
Clear labels
No Label
Milestone
Clear milestone
No Milestone
Assignee
Clear assignee
No assignee
3 Participants
Write Preview
Loading...
Cancel
Save
There is no content yet.