You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Droidimg is designed for modern Linux kernels on Android devices. Since then, it support 3.4+ kernel in arm or arm64 architecture. To quickly determine if you have a valid vmlinux image:
Try strings and grep:
strings vmlinux | grep "Linux version "
If there is no output like this linux banner string, then you don't have a valid vmlinux file. Extracting vmlinux can be complex on some devices, search XDA for guidance.
Linux version 4.9.17-g8ab68b3b (ubuntu@A7Linux) (gcc version 4.9.x 20150123 (prerelease) (GCC) ) #1 SMP PREEMPT Sat Jan 12 15:51:20 CST 2019
If the script failed to determine the architecture, most likely the architecture is unsupported.
Some boot image with UNCOMPRESSED kernel has a 20 bytes header in front of kernel text. Strip it and try again.
usage
IDA Pro
vmlinux.py -> C:\Program Files\IDA x.x\loaders\
radare2
r2 -i ./vmlinux.py ./test/pixel_vmlinux
Command Line
python ./vmlinux.py ./test/pixel_vmlinux
Use -j/--json to produce json output, which can be consumed by other components
Use -m/--miasm to enable miasm simulation engine in case some symbols are not exported (experimental). Note that only Python 2 is supported by miasm for now.
Miasm: https://github.com/cea-sec/miasm
KASLR
In some cases, kernel image with KASLR enabled will populate relocation entries upon boot and leave them as 0 in image. fix_kaslr_arm64.c and fix_kaslr_samsung.c can fix these images by re-populating relocation entries with their original addresses.
