Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

OpenSSL/BoringSSL version not found #678

Closed
whoamiecho opened this issue Dec 2, 2024 · 5 comments · Fixed by #679
Closed

OpenSSL/BoringSSL version not found #678

whoamiecho opened this issue Dec 2, 2024 · 5 comments · Fixed by #679
Labels
🐞 bug Something isn't working

Comments

@whoamiecho
Copy link

Describe the bug
OPPO coloros15 运行最新版本找不到OpenSSL/BoringSSL
存在两个地方报错:
2024-12-02T05:20:18Z ERR OpenSSL/BoringSSL version check failed error="OpenSSL/BoringSSL version not found" soPath=/apex/com.android.conscrypt/lib64/libssl.so
2024-12-02T05:20:18Z FTL module run failed. error="OpenSSL/BoringSSL version not found" isReload=false

/apex/com.android.conscrypt/lib64/libssl.so是实际存在的,自行拷贝或者指定也不行

Expected behavior

2024-12-02T05:20:18Z INF AppName="eCapture(旁观者)"
2024-12-02T05:20:18Z INF HomePage=https://ecapture.cc
2024-12-02T05:20:18Z INF Repository=https://github.com/gojue/ecapture
2024-12-02T05:20:18Z INF Author="CFC4N <[email protected]>"
2024-12-02T05:20:18Z INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-12-02T05:20:18Z INF Version=androidgki_arm64:v0.8.11:6.5.0-1025-azure
2024-12-02T05:20:18Z INF Listen=localhost:28256
2024-12-02T05:20:18Z INF eCapture running logs logger=
2024-12-02T05:20:18Z INF the file handler that receives the captured event eventCollector=
2024-12-02T05:20:18Z WRN ========== module starting. ==========
2024-12-02T05:20:18Z INF Kernel Info=6.1.75 Pid=29070
2024-12-02T05:20:18Z WRN Your environment is like a container. We won't be able to detect the BTF configuration.
If eCapture fails to run, try specifying the BTF mode. use `-b 2` to specify non-CORE mode.
2024-12-02T05:20:18Z INF listen=localhost:28256
2024-12-02T05:20:18Z INF https server starting...You can update the configuration file via the HTTP interface.
2024-12-02T05:20:18Z INF BTF bytecode mode: CORE. btfMode=0
2024-12-02T05:20:18Z INF master key keylogger has been set. eBPFProgramType=Text keylogger=
2024-12-02T05:20:18Z INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL
2024-12-02T05:20:18Z INF Module.Run()
2024-12-02T05:20:18Z ERR OpenSSL/BoringSSL version check failed error="OpenSSL/BoringSSL version not found" soPath=/apex/com.android.conscrypt/lib64/libssl.so
2024-12-02T05:20:18Z INF setupManagers eBPFProgramType=Text
2024-12-02T05:20:18Z FTL module run failed. error="OpenSSL/BoringSSL version not found" isReload=false

Screenshots
If applicable, add screenshots to help explain your problem.

Linux Server/Android (please complete the following information):

  • Device: OPPO findx 7 ultra
  • Env: androidgki_arm64:v0.8.11:6.5.0-1025-azure
  • OS: Linux localhost 6.1.75-android14-11-o-g47c8194d882f 5.10.101 not support #1 SMP PREEMPT Mon Oct 28 13:11:55 UTC 2024 aarch64 Toybox
  • Kernel Version: 6.1.75

Additional context
Add any other context about the problem here.

@cfc4n cfc4n added the 🐞 bug Something isn't working label Dec 2, 2024
cfc4n added a commit that referenced this issue Dec 2, 2024
… the dynamic library of boringssl.

Signed-off-by: CFC4N <[email protected]>
@cfc4n
Copy link
Member

cfc4n commented Dec 2, 2024

oops, It is indeed a bug, let me fix it.

@cfc4n
Copy link
Member

cfc4n commented Dec 2, 2024

please try v0.8.12

@whoamiecho
Copy link
Author

Congratulations!This bug has been successfully solved, but there is a new bug waiting for you:

1|OP565FL1:/data/local/tmp $ ./ecapture tls
2024-12-03T13:12:34Z INF AppName="eCapture(旁观者)"
2024-12-03T13:12:34Z INF HomePage=https://ecapture.cc
2024-12-03T13:12:34Z INF Repository=https://github.com/gojue/ecapture
2024-12-03T13:12:34Z INF Author="CFC4N <[email protected]>"
2024-12-03T13:12:34Z INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-12-03T13:12:34Z INF Version=androidgki_arm64:v0.8.12:6.5.0-1025-azure
2024-12-03T13:12:34Z INF Listen=localhost:28256
2024-12-03T13:12:34Z INF eCapture running logs logger=
2024-12-03T13:12:34Z INF the file handler that receives the captured event eventCollector=
2024-12-03T13:12:34Z WRN ========== module starting. ==========
2024-12-03T13:12:34Z INF Kernel Info=6.1.75 Pid=10157
2024-12-03T13:12:34Z WRN Your environment is like a container. We won't be able to detect the BTF configuration.
If eCapture fails to run, try specifying the BTF mode. use `-b 2` to specify non-CORE mode.
2024-12-03T13:12:34Z INF listen=localhost:28256
2024-12-03T13:12:34Z INF https server starting...You can update the configuration file via the HTTP interface.
2024-12-03T13:12:34Z INF BTF bytecode mode: CORE. btfMode=0
2024-12-03T13:12:34Z INF master key keylogger has been set. eBPFProgramType=Text keylogger=
2024-12-03T13:12:34Z INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL
2024-12-03T13:12:34Z INF Module.Run()
2024-12-03T13:12:34Z ERR OpenSSL/BoringSSL version not found, used default version.If you want to use the specific version, please set the sslVersion parameter with "--ssl_version='boringssl_a_13'" , "--ssl_version='boringssl_a_14'", or use "ecapture tls --help" for more help.
2024-12-03T13:12:34Z ERR bpfFile=boringssl_a_13_kern.o sslVersion=android_default
2024-12-03T13:12:34Z INF Hook masterKey function ElfType=2 Functions=["SSL_in_init"] binrayPath=/apex/com.android.conscrypt/lib64/libssl.so
2024-12-03T13:12:34Z INF target all process.
2024-12-03T13:12:34Z INF target all users.
2024-12-03T13:12:34Z INF setupManagers eBPFProgramType=Text
2024-12-03T13:12:34Z INF BPF bytecode file is matched. bpfFileName=user/bytecode/boringssl_a_13_kern_core.o
2024-12-03T13:12:34Z FTL module run failed. error="couldn't init manager xxx error:operation not permitted , couldn't adjust RLIMIT_MEMLOCK" isReload=false

@cfc4n
Copy link
Member

cfc4n commented Dec 3, 2024

sudo

@whoamiecho
Copy link
Author

ok, thinks

Asphaltt added a commit to Asphaltt/ecapture that referenced this issue Dec 5, 2024
If no capability to run bpf progs, we must check CAP_BPF asap.

Without this check, there will be many noisy logs before log "error:operation
not permitted", like gojue#678 (comment).

Signed-off-by: Leon Hwang <[email protected]>
Asphaltt added a commit to Asphaltt/ecapture that referenced this issue Dec 5, 2024
If no capability to run bpf progs, we must check CAP_BPF asap.

Without this check, there will be many noisy logs before log "error:operation
not permitted", like gojue#678 (comment).

Signed-off-by: Leon Hwang <[email protected]>
Asphaltt added a commit to Asphaltt/ecapture that referenced this issue Dec 5, 2024
If no capability to run bpf progs, we must check CAP_BPF asap.

Without this check, there will be many noisy logs before log "error:operation
not permitted", like gojue#678 (comment).

Signed-off-by: Leon Hwang <[email protected]>
cfc4n pushed a commit that referenced this issue Dec 6, 2024
* refactor: Move kernel checking to cli

In order to simplify code of main.go, let us move code of kernel
checking to cli.

Furthermore, put kernel checking at pre-run phase of cli.


* feat: Detect CAP_BPF when detect env

If no capability to run bpf progs, we must check CAP_BPF asap.

Without this check, there will be many noisy logs before log "error:operation
not permitted", like #678 (comment).


---------

Signed-off-by: Leon Hwang <[email protected]>
@cfc4n cfc4n closed this as completed Dec 6, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🐞 bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants