为Android平台编译tcpdump工具

转载请注明出处:https://mp.csdn.net/postedit/86597115

1.什么是tcpdump?

Tcpdump可以将网络中传送的数据包完全截获下来提供分析。它支持针对网络层、协议、主机、网络或端口的过滤,并提供and、or、not等逻辑语句来帮助你去掉无用的信息。

2.问题描述

在Android 7.0下,使用tcpdump抓包,出现如下错误:

 error: Android 5.0 and later only support position-independent executables (-fPIE).

这是由于PIE安全机制引起的,从Android4.1引入该机制,在Android L 也就是Lollipop之前,并不会去检验可执行文件是否基于PIE编译出来的,因此不会报错,但是Android L已经开始验证,如果电泳的可执行文件不是基于PIE编译的,则无法运行。解决方法很简单,就是重新编译下,加上如下flag就行。

LOCAL_CFLAGS +=-pie -fPIE

LOCAL_LDFLAGS +=-pie -fPIE

3.前期准备

系统环境:Ubuntu

Android NDK

源码:libpcap v1.9.0,tcpdump v4.9.2,下载地址为:libpcap-1.9.0.tar.gztcpdump-4.9.2.tar.gz

编译前首先检查有没有lex和yacc工具,没有的话则执行如下命令:

sudo apt-get install flex bison

3.1 NDK环境搭建

3.1.1 下载ndk,命令如下:

wget -c http://dl.google.com.android/ndk/android-ndk64-r10b-linux-86_64.tar.bz2

3.1.2 解压

将下载好的ndk包解压到指定目录(此处的/home/li是我的机器的用户名,此目录根据个人情况随意更换),命令如下:

sudo tar -C /home/li/ -xvf android-ndk64-r10b-linux-86_64.tar.bz2

3.1.3 配置环境变量

sudo gedit ~/.bashrc

添加如下代码:

export   NDK=/home/li/android-ndk-r10b 
export   PATH=${PATH}:$NDK 

执行 source ~/.bashrc命令使其文件生效

检查环境变量有没有配置成功,命令如下:

ndk-build

只要没出现 command not found就证明环境变量配置成功。

3.2编译tcpdump

3.2.1为ubunt编译tcpdunp

首先下载源码libpcap-1.9.0.tar.gztcpdump-4.9.2.tar.gz

也可使用命令行下载:

wget -c http://www.tcpdump.org/release/libpcap-1.9.0.tar.gz
wget -c http://www.tcpdump.org/release/tcpdump-4.9.2.tar.gz

分别解压libpcap-1.9.0.tar.gztcpdump-4.9.2.tar.gz

进入libpcap-1.9.0目录,执行:./configure,然后执行make

进入tcpdump-4.9.2目录,执行:./configure,然后执行make

此时再执行./tcpdump即可在ubuntu上运行tcpdump

3.2.2为Android平台编译tcpdump

在一个你所熟知的目录下创建一个shell脚本,我暂时命名为build_tcpdump.sh,内容如下:

#!/bin/sh

# --------------------------------------
#
#      Title: build-tcpdump
#     Author: Loic Poulain, loic.poulain@gmail.com
# Updated by: muzso (http://muzso.hu/)
#
#    Purpose: download & build tcpdump for arm android platform
#
# You have to define your android NDK directory before calling this script
# example:
# $ export NDK=/home/Workspace/android-ndk-r10e
# $ sh build-tcpdump
#
# works with
#   tcpdump 4.7.4
#   android-ndk-r10e
#
# You'll need lex and yacc.
# On Debian/Ubuntu based systems run this:
#   sudo apt-get install flex bison
# --------------------------------------

# default, edit version 
tcpdump_ver=4.7.4
libpcap_ver=1.7.4
# note: libpcap v1.7.2 only required api v9, but libpcap v1.7.3+ requires api v21
# And tcpdump v4.7.4 requires libpcap v1.7.3+ too (tcpdump v4.7.3 could be compiled with libpcap v1.7.2).
# So viable combos are:
#   * api=9, libpcap=1.7.2, tcpdump=4.7.3
#   * api=21, libpcap=1.7.4, tcpdump=4.7.4
android_api_def=L
ndk_dir_def=android-ndk-r10b
toolname=arm-linux-androideabi-4.9/
#指定平台arm mips aarch64
platform=arm

#-------------------------------------------------------#

tcpdump_dir=tcpdump-${tcpdump_ver}
libpcap_dir=libpcap-${libpcap_ver}

if [ ${NDK} ]
then
    ndk_dir=${NDK}
else
    ndk_dir=${ndk_dir_def}
fi

ndk_dir=`readlink -f ${ndk_dir}`

if [ ${ANDROID_API} ]
then
    android_api=${ANDROID_API}
else
    android_api=${android_api_def}
fi

echo "_______________________"
echo ""
echo "NDK - ${ndk_dir}"
echo "Android API: ${android_api}"
echo "_______________________"


exit_error()
{
    echo " _______"
    echo "|       |"
    echo "| ERROR |"
    echo "|_______|"
    exit 1
}

{
    if [ $# -ne 0 ]
    then
        if [ -d $1 ]
        then
            cd $1
        else
            echo directory $1 not found
            exit_error
        fi
    else
        mkdir tcpdumpbuild
        cd tcpdumpbuild
    fi
}



# create env
{
    echo " ____________________"
    echo "|                    |"
    echo "| CREATING TOOLCHAIN |"
    echo "|____________________|"

    if [ -d toolchain ]
    then
        echo Toolchain already exist! Nothing to do.
    else
        echo Creating toolchain...
        mkdir toolchain
        bash ${ndk_dir}/build/tools/make-standalone-toolchain.sh --arch=$platform --platform=android-${android_api} --toolchain=${toolname} --install-dir=toolchain
        
        if [ $? -ne 0 ]
        then
            rm -fr toolchain
            exit_error
        fi
    fi

    export CC=arm-linux-androideabi-gcc
    export RANLIB=arm-linux-androideabi-ranlib
    export AR=arm-linux-androideabi-ar
    export LD=arm-linux-androideabi-ld
    export PATH=`pwd`/toolchain/bin:$PATH
}

# download & untar libpcap + tcpdump
{
    echo " _______________________________"
    echo "|                               |"
    echo "| DOWNLOADING LIBPCAP & TCPDUMP |"
    echo "|_______________________________|"
    
    tcpdump_file=${tcpdump_dir}.tar.gz
    libpcap_file=${libpcap_dir}.tar.gz
    tcpdump_link=http://www.tcpdump.org/release/${tcpdump_file}
    libpcap_link=http://www.tcpdump.org/release/${libpcap_file}
    
    if [ -f ${tcpdump_file} ]
    then
        echo ${tcpdump_file} already downloaded! Nothing to do.
    else
        echo Download ${tcpdump_file}...
        wget ${tcpdump_link}
        if [ ! -f ${tcpdump_file} ]
        then
            exit_error
        fi
    fi
    
    if [ -f ${libpcap_file} ]
    then
        echo ${libpcap_file} already downloaded! Nothing to do.
    else
        echo Download ${libpcap_file}...
        wget ${libpcap_link}
        if [ ! -f ${libpcap_file} ]
        then
            exit_error
        fi
    fi
    
    if [ -d ${tcpdump_dir} ]
    then
        echo ${tcpdump_dir} directory already exist! Nothing to do.
    else
        echo untar ${tcpdump_file}
        tar -zxf ${tcpdump_file}
    fi
    
    if [ -d ${libpcap_dir} ]
    then
        echo ${libpcap_dir} directory already exist! Nothing to do.
    else
        echo untar ${libpcap_file}
        tar -zxf ${libpcap_file}
    fi
}

# build libpcap
{
    cd ${libpcap_dir}

    echo " _____________________"
    echo "|                     |"
    echo "| CONFIGURING LIBPCAP |"
    echo "|_____________________|"

    chmod +x configure
    ./configure --host=$platform-linux --with-pcap=linux ac_cv_linux_vers=2

    if [ $? -ne 0 ]
    then
        exit_error
    fi  

    echo " __________________"
    echo "|                  |"
    echo "| BUILDING LIBPCAP |"
    echo "|__________________|"

    chmod +x runlex.sh
    make

    if [ $? -ne 0 ]
    then
        exit_error
    fi

    cd ..
}

# build tcpdump
{
    cd ${tcpdump_dir}
    
    echo " _____________________"
    echo "|                     |"
    echo "| CONFIGURING TCPDUMP |"
    echo "|_____________________|"
    
    chmod +x configure
    # Compile PIE (position independent executable) for Lollipop compatibility.
    ./configure --host=$platform-linux ac_cv_linux_vers=2 --with-crypto=no CFLAGS='-fPIE' LDFLAGS='-fPIE -pie'

    if [ $? -ne 0 ]
    then
        exit_error
    fi  

    echo " __________________"
    echo "|                  |"
    echo "| BUILDING TCPDUMP |"
    echo "|__________________|"
    
    #setprotoent endprotoen not supported on android
    sed -i".bak" "s/setprotoent/\/\/setprotoent/g" print-isakmp.c
    sed -i".bak" "s/endprotoent/\/\/endprotoent/g" print-isakmp.c
    
    # NBBY is not defined => FORCE definition
    make CFLAGS='-DNBBY=8' # for tcpdump < 4.2.1 (CFLAGS redefined in Makefile) => just make
    
    if [ $? -ne 0 ]
    then
        exit_error
    fi
    
    cd ..
}

cp ${tcpdump_dir}/tcpdump .
chmod +x tcpdump

echo " __________________"
echo "|                  |"
echo "| TCPDUMP IS READY |"
echo "|__________________|"
echo `pwd`/tcpdump

在NDK的目录下执行如下命令:

export :NDK=/home/li/android-ndk64-r10b
bash build_tcpdump.sh
tcpdump编译成功后

此时可以看到,在/home/li/android-ndk64-r10b/tcpdumpbuild/目录下有编译好的tcpdump

4.Push到Android设备上

adb push /home/li/android-ndk64-r10b/tcpdumpbuild/tcpdump /sdcard/

切换root用户命令:su

将tcpdump移动至/data/local/目录下

mv /sdcard/tcpdump /data/local/

修改其权限:

chmod 6755 tcpdump

再执行 ./tcpdump

发现原来的错误不见了,大功告成。

参考链接:

https://www.jianshu.com/p/aca8345dc7fb

http://vjson.com/wordpress/compile-tcpdump-for-android-lollipop.html

本人技术小白一枚,主要参考以上两篇博客,但是在自己的执行过程中发现了shell脚本中的一些错误(可能是NDK版本与tcpdump版本不相符),并进行了相对应的修改。

如有错误欢迎指出,谢谢大家!

展开阅读全文

没有更多推荐了,返回首页