Android6 can't access memory

[hunterzju]

my phone is based on android6 32bit but when I run jeparse , it returns run info as follows:
(gdb) jeparse
[shadow] parsing structures from memory...
[shadow] 2017-12-04 18:26:57
Python Exception <class 'gdb.MemoryError'> Cannot access memory at address 0x12:
And I also tried with the "jeparse -c android6-32.cfg", it returns the same error. Is there something wrong with the cfg file?

[vats-]

Hi hunterzju,

First we need to make sure that gdb can read the process memory.
Try to access a memory address using a gdb command like x before using jeparse.

If the command succeeds and jeparse still fails then use jeparse -v and
send me the debug.log file that will be generated in your shadow directory.

[hunterzju]

Thank you for your reply. I tried with the command chmod a+x gdbserver on the phone, it seems that works. But there is a new problem: when I tried jeparse, it returns follow errors:
Python Exception <class 'TypeError'> unsupported operand type(s) for *: 'NoneType' and 'int': Error occurred in Python command: unsupported operand type(s) for *: 'NoneType' and 'int'
And the debug.log shows something wrong with parse_general()
debug.log

I check the source code, and find when I run jeparse without a config path:
The function is_standalone_variant() returns False and will not detect android version.
Is it that my phone does't use jemalloc? How can I confirm?

[vats-]

You can confirm that your device uses jemalloc by searching for jemalloc symbols like arena_bin_info or chunks_rtree in your device's libc:

$ adb pull /system/lib/libc.so /tmp

$ readelf -s /tmp/libc.so | grep arena_bin_info
7175: 00098934  2184 OBJECT  LOCAL  HIDDEN    25 je_arena_bin_info

$ readelf -s /tmp/libc.so | grep chunks_rtree
5743: 0005e0c9     8 FUNC    LOCAL  DEFAULT   13 chunks_rtree_node_alloc
7255: 000992bc    44 OBJECT  LOCAL  HIDDEN    25 je_chunks_rtree

Can you run the above commands and send me their output?

[hunterzju]

Thank you for your reply. I tried what you commented with nexus5x android 7.1.1 with the jemalloc -c /shadowpath/cfg/android7_64.cfg and still returns the same err:
Python Exception <class 'TypeError'> int() argument must be a string, a bytes-like object or a number, not 'NoneType': Error occurred in Python command: int() argument must be a string, a bytes-like object or a number, not 'NoneType'
I pull the libc.so file and tried with readelf the result returns as follows:
0c 2184 OBJECT LOCAL HIDDEN 26 je_arena_bin_info
49 6 FUNC LOCAL DEFAULT 14 chunks_rtree_node_alloc 7277: 00091294 44 OBJECT LOCAL HIDDEN 26 je_chunks_rtree
and the debug.log file shows something wrong with parse_general()

[awakened1712]

any luck on this? I have the same problem running shadown on my nexus 5 android 7.0

gef➤  jeparse -v -c /home/notroot/shadow/cfg/android8_32.cfg
[shadow] parsing configuration...
[shadow] parsing structures from memory...
[shadow] 2019-01-21 00:42:31
Python Exception <class 'TypeError'> int() argument must be a string, a bytes-like object or a number, not 'NoneType': 
Error occurred in Python command: int() argument must be a string, a bytes-like object or a number, not 'NoneType'

My libc is as below:

$ readelf -s /tmp/libc.so | grep arena_bin_info
  6680: 00081920  2184 OBJECT  LOCAL  HIDDEN    27 je_arena_bin_info
$ readelf -s /tmp/libc.so | grep chunks_rtree
  5240: 0004d9d9     6 FUNC    LOCAL  DEFAULT   14 chunks_rtree_node_alloc
  6719: 000822a8    44 OBJECT  LOCAL  HIDDEN    27 je_chunks_rtree