转载请注明出处:https://mp.csdn.net/postedit/86597115
Tcpdump可以将网络中传送的数据包完全截获下来提供分析。它支持针对网络层、协议、主机、网络或端口的过滤,并提供and、or、not等逻辑语句来帮助你去掉无用的信息。
在Android 7.0下,使用tcpdump抓包,出现如下错误:
error: Android 5.0 and later only support position-independent executables (-fPIE).
这是由于PIE安全机制引起的,从Android4.1引入该机制,在Android L 也就是Lollipop之前,并不会去检验可执行文件是否基于PIE编译出来的,因此不会报错,但是Android L已经开始验证,如果电泳的可执行文件不是基于PIE编译的,则无法运行。解决方法很简单,就是重新编译下,加上如下flag就行。
LOCAL_CFLAGS +=-pie -fPIE
LOCAL_LDFLAGS +=-pie -fPIE
系统环境:Ubuntu
Android NDK
源码:libpcap v1.9.0,tcpdump v4.9.2,下载地址为:libpcap-1.9.0.tar.gz和tcpdump-4.9.2.tar.gz
编译前首先检查有没有lex和yacc工具,没有的话则执行如下命令:
sudo apt-get install flex bison
wget -c http://dl.google.com.android/ndk/android-ndk64-r10b-linux-86_64.tar.bz2
将下载好的ndk包解压到指定目录(此处的/home/li是我的机器的用户名,此目录根据个人情况随意更换),命令如下:
sudo tar -C /home/li/ -xvf android-ndk64-r10b-linux-86_64.tar.bz2
sudo gedit ~/.bashrc
添加如下代码:
export NDK=/home/li/android-ndk-r10b
export PATH=${PATH}:$NDK
执行 source ~/.bashrc命令使其文件生效
检查环境变量有没有配置成功,命令如下:
ndk-build
只要没出现 command not found就证明环境变量配置成功。
首先下载源码libpcap-1.9.0.tar.gz和tcpdump-4.9.2.tar.gz
也可使用命令行下载:
wget -c http://www.tcpdump.org/release/libpcap-1.9.0.tar.gz
wget -c http://www.tcpdump.org/release/tcpdump-4.9.2.tar.gz
分别解压libpcap-1.9.0.tar.gz和tcpdump-4.9.2.tar.gz
进入libpcap-1.9.0目录,执行:./configure,然后执行make
进入tcpdump-4.9.2目录,执行:./configure,然后执行make
此时再执行./tcpdump即可在ubuntu上运行tcpdump
在一个你所熟知的目录下创建一个shell脚本,我暂时命名为build_tcpdump.sh,内容如下:
#!/bin/sh
# --------------------------------------
#
# Title: build-tcpdump
# Author: Loic Poulain, [email protected]
# Updated by: muzso (http://muzso.hu/)
#
# Purpose: download & build tcpdump for arm android platform
#
# You have to define your android NDK directory before calling this script
# example:
# $ export NDK=/home/Workspace/android-ndk-r10e
# $ sh build-tcpdump
#
# works with
# tcpdump 4.7.4
# android-ndk-r10e
#
# You'll need lex and yacc.
# On Debian/Ubuntu based systems run this:
# sudo apt-get install flex bison
# --------------------------------------
# default, edit version
tcpdump_ver=4.7.4
libpcap_ver=1.7.4
# note: libpcap v1.7.2 only required api v9, but libpcap v1.7.3+ requires api v21
# And tcpdump v4.7.4 requires libpcap v1.7.3+ too (tcpdump v4.7.3 could be compiled with libpcap v1.7.2).
# So viable combos are:
# * api=9, libpcap=1.7.2, tcpdump=4.7.3
# * api=21, libpcap=1.7.4, tcpdump=4.7.4
android_api_def=L
ndk_dir_def=android-ndk-r10b
toolname=arm-linux-androideabi-4.9/
#指定平台arm mips aarch64
platform=arm
#-------------------------------------------------------#
tcpdump_dir=tcpdump-${tcpdump_ver}
libpcap_dir=libpcap-${libpcap_ver}
if [ ${NDK} ]
then
ndk_dir=${NDK}
else
ndk_dir=${ndk_dir_def}
fi
ndk_dir=`readlink -f ${ndk_dir}`
if [ ${ANDROID_API} ]
then
android_api=${ANDROID_API}
else
android_api=${android_api_def}
fi
echo "_______________________"
echo ""
echo "NDK - ${ndk_dir}"
echo "Android API: ${android_api}"
echo "_______________________"
exit_error()
{
echo " _______"
echo "| |"
echo "| ERROR |"
echo "|_______|"
exit 1
}
{
if [ $# -ne 0 ]
then
if [ -d $1 ]
then
cd $1
else
echo directory $1 not found
exit_error
fi
else
mkdir tcpdumpbuild
cd tcpdumpbuild
fi
}
# create env
{
echo " ____________________"
echo "| |"
echo "| CREATING TOOLCHAIN |"
echo "|____________________|"
if [ -d toolchain ]
then
echo Toolchain already exist! Nothing to do.
else
echo Creating toolchain...
mkdir toolchain
bash ${ndk_dir}/build/tools/make-standalone-toolchain.sh --arch=$platform --platform=android-${android_api} --toolchain=${toolname} --install-dir=toolchain
if [ $? -ne 0 ]
then
rm -fr toolchain
exit_error
fi
fi
export CC=arm-linux-androideabi-gcc
export RANLIB=arm-linux-androideabi-ranlib
export AR=arm-linux-androideabi-ar
export LD=arm-linux-androideabi-ld
export PATH=`pwd`/toolchain/bin:$PATH
}
# download & untar libpcap + tcpdump
{
echo " _______________________________"
echo "| |"
echo "| DOWNLOADING LIBPCAP & TCPDUMP |"
echo "|_______________________________|"
tcpdump_file=${tcpdump_dir}.tar.gz
libpcap_file=${libpcap_dir}.tar.gz
tcpdump_link=http://www.tcpdump.org/release/${tcpdump_file}
libpcap_link=http://www.tcpdump.org/release/${libpcap_file}
if [ -f ${tcpdump_file} ]
then
echo ${tcpdump_file} already downloaded! Nothing to do.
else
echo Download ${tcpdump_file}...
wget ${tcpdump_link}
if [ ! -f ${tcpdump_file} ]
then
exit_error
fi
fi
if [ -f ${libpcap_file} ]
then
echo ${libpcap_file} already downloaded! Nothing to do.
else
echo Download ${libpcap_file}...
wget ${libpcap_link}
if [ ! -f ${libpcap_file} ]
then
exit_error
fi
fi
if [ -d ${tcpdump_dir} ]
then
echo ${tcpdump_dir} directory already exist! Nothing to do.
else
echo untar ${tcpdump_file}
tar -zxf ${tcpdump_file}
fi
if [ -d ${libpcap_dir} ]
then
echo ${libpcap_dir} directory already exist! Nothing to do.
else
echo untar ${libpcap_file}
tar -zxf ${libpcap_file}
fi
}
# build libpcap
{
cd ${libpcap_dir}
echo " _____________________"
echo "| |"
echo "| CONFIGURING LIBPCAP |"
echo "|_____________________|"
chmod +x configure
./configure --host=$platform-linux --with-pcap=linux ac_cv_linux_vers=2
if [ $? -ne 0 ]
then
exit_error
fi
echo " __________________"
echo "| |"
echo "| BUILDING LIBPCAP |"
echo "|__________________|"
chmod +x runlex.sh
make
if [ $? -ne 0 ]
then
exit_error
fi
cd ..
}
# build tcpdump
{
cd ${tcpdump_dir}
echo " _____________________"
echo "| |"
echo "| CONFIGURING TCPDUMP |"
echo "|_____________________|"
chmod +x configure
# Compile PIE (position independent executable) for Lollipop compatibility.
./configure --host=$platform-linux ac_cv_linux_vers=2 --with-crypto=no CFLAGS='-fPIE' LDFLAGS='-fPIE -pie'
if [ $? -ne 0 ]
then
exit_error
fi
echo " __________________"
echo "| |"
echo "| BUILDING TCPDUMP |"
echo "|__________________|"
#setprotoent endprotoen not supported on android
sed -i".bak" "s/setprotoent/\/\/setprotoent/g" print-isakmp.c
sed -i".bak" "s/endprotoent/\/\/endprotoent/g" print-isakmp.c
# NBBY is not defined => FORCE definition
make CFLAGS='-DNBBY=8' # for tcpdump < 4.2.1 (CFLAGS redefined in Makefile) => just make
if [ $? -ne 0 ]
then
exit_error
fi
cd ..
}
cp ${tcpdump_dir}/tcpdump .
chmod +x tcpdump
echo " __________________"
echo "| |"
echo "| TCPDUMP IS READY |"
echo "|__________________|"
echo `pwd`/tcpdump
在NDK的目录下执行如下命令:
export :NDK=/home/li/android-ndk64-r10b
bash build_tcpdump.sh
此时可以看到,在/home/li/android-ndk64-r10b/tcpdumpbuild/目录下有编译好的tcpdump
adb push /home/li/android-ndk64-r10b/tcpdumpbuild/tcpdump /sdcard/
切换root用户命令:su
将tcpdump移动至/data/local/目录下
mv /sdcard/tcpdump /data/local/
修改其权限:
chmod 6755 tcpdump
再执行 ./tcpdump
发现原来的错误不见了,大功告成。
参考链接:
https://www.jianshu.com/p/aca8345dc7fb
http://vjson.com/wordpress/compile-tcpdump-for-android-lollipop.html
本人技术小白一枚,主要参考以上两篇博客,但是在自己的执行过程中发现了shell脚本中的一些错误(可能是NDK版本与tcpdump版本不相符),并进行了相对应的修改。
如有错误欢迎指出,谢谢大家!