Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ver 0.8.9 can`t work on android kernel 6.1.99 , but ver 0.6.1 did work #659

Open
r0ysue opened this issue Nov 5, 2024 · 18 comments
Open
Labels
🐞 bug Something isn't working help wanted Extra attention is needed pasue Long period of no response, or waiting for a reply. todo To complete it in the future

Comments

@r0ysue
Copy link

r0ysue commented Nov 5, 2024

ver 0.8.9 can`t work on android kernel 6.1.99 , but ver 0.6.1 did work
tried -b 0/1/2 all failed

./ecapture tls -b 1 -p 11515 --hex
should capture all the traffic but nothing showed off

d66e54004aa0bd1db342047b89d37753

tried version 0.6.1 that works fine
c2340d5ec475a11162a336fda2c8721a

Linux Server/Android (please complete the following information):

  • Device: [Pixel 6]
  • Env:androidgki_aarch64:0.6.1-20230716-e1cd6c7:[CORE]
  • OS: Android 14 AP1A.240505.004
  • Arch: Linux localhost 6.1.99-android14-11-gd4dab27b9d1c-dirty 5.10.101 not support #1 SMP PREEMPT Thu Oct 3 20:50:04 UTC 2024 aarch64 Toybox
  • Kernel Version: 6.1.99
@cfc4n
Copy link
Member

cfc4n commented Nov 5, 2024

Try using --ssl_version="boringssl 1.1.1" flag.

@r0ysue
Copy link
Author

r0ysue commented Nov 6, 2024

nothing happens ...

WechatIMG106

@cfc4n cfc4n added the 🐞 bug Something isn't working label Nov 6, 2024
@xxxxxliil
Copy link
Contributor

把关于设备的页面发一下看看

@cfc4n cfc4n added the help wanted Extra attention is needed label Nov 9, 2024
@r0ysue
Copy link
Author

r0ysue commented Nov 12, 2024

FpOeGXJczTrp2ADE9OFIaI2dv_4Q
Fkp1R3Q8q06hBa1ZVOPI5ht0EyZW

@xxxxxliil
Copy link
Contributor

0.7.0 可以获取 keylog 吗

@NPC2000
Copy link

NPC2000 commented Dec 4, 2024

Try using --ssl_version="boringssl 1.1.1" flag.

佬,我之前提的问题应该也是和这个情况一样的,用0.61版本就可以抓到https报文,我内核是6.1.57

#622

@irabbit666666
Copy link

Versions 0.8.12 and 0.9 still don't work properly
ba693613247be1fc7fe5688bf377df1
2ad18a10a9b886e05140ce367a2025b

@irabbit666666
Copy link

0.6.1 can work,but i want the higher version

@NPC2000
Copy link

NPC2000 commented Dec 16, 2024

在最新版上会报错

Screenshot_2024-12-16-11-44-12-71_9e8df3d0c7c1f50248b6ee043a653d26
Screenshot_2024-12-16-11-43-33-66_baaa51257c82a8b3f281ce09e6f2493f

@cfc4n
Copy link
Member

cfc4n commented Dec 16, 2024

没有相关硬件设备,无法重现。

@cfc4n cfc4n added todo To complete it in the future pasue Long period of no response, or waiting for a reply. labels Dec 16, 2024
@cfc4n
Copy link
Member

cfc4n commented Dec 29, 2024

@dosu

Copy link

dosubot bot commented Dec 29, 2024

Hello, @cfc4n! I'm here to help you with any issues you're facing. If you need assistance with bugs, have questions, or want to become a contributor, I'm here to assist you while waiting for a human maintainer.

It seems that there are issues with eCapture version 0.8.9 on Android kernel 6.1.99, while version 0.6.1 works fine. A similar issue was discussed in a GitHub issue where users faced challenges capturing HTTPS packets on an Android device with kernel version 6.1.57. They suggested using the --ssl_version="boringssl 1.1.1" flag, which might help resolve SSL-related errors [[id=622]].

Additionally, eCapture utilizes eBPF to capture SSL/TLS traffic by hooking into specific functions in OpenSSL/BoringSSL libraries. Potential points of failure could include kernel version compatibility, library version detection, and eBPF program loading issues [1].

If the --ssl_version flag does not resolve the issue, it might be worth checking if the correct libraries are being hooked and ensuring compatibility with the specific kernel and library versions on your device.

To continue talking to Dosu, mention @dosu.


Help Dosu learn! Give it feedback: Great Response | Irrelevant Answer | Incorrect Sources | Too Verbose | Hallucination | Other

@mrprona92
Copy link

mrprona92 commented Jan 13, 2025

Maybe i meet seem problem with aosp 14. Kernel Info=6.1.68 AMD64

@cfc4n
Copy link
Member

cfc4n commented Jan 14, 2025

Maybe i meet seem problem with aosp 14. Kernel Info=6.1.68 AMD64

I don't have these mobile devices and can't reproduce. Are you using an emulator? How can I reproduce this issue?

@mrprona92
Copy link

Maybe i meet seem problem with aosp 14. Kernel Info=6.1.68 AMD64

I don't have these mobile devices and can't reproduce. Are you using an emulator? How can I reproduce this issue?

Thank for your reply. i working on aosp and it real board. in android using boringssl in folder apex/conscypt/lib64 maybe. i think log is the same
image

@cfc4n
Copy link
Member

cfc4n commented Jan 14, 2025

@mrprona92 Can you provide an SSH account for remote access?

@mrprona92
Copy link

@mrprona92 Can you provide an SSH account for remote access?

Unfortunately. I working on Project with high security and cant provide SSH account for you. On android i think can try with generic system image for emulator. Can you give a try with version aosp_arm64-exp-UQ1A.231205.015-11084887-e291b838.zip on https://developer.android.com/topic/generic-system-image/releases?

@mrprona92
Copy link

And i think have some changes from android target 14 for SSLKEYLOG

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
🐞 bug Something isn't working help wanted Extra attention is needed pasue Long period of no response, or waiting for a reply. todo To complete it in the future
Projects
None yet
Development

No branches or pull requests

6 participants