First off, I'm a newbie with this whole Android thing.
Here's what I'm trying to do:
In the past, I've used LiME to build a LKM for the acquisition of RAM on another system. This was simpler, because I would build a VM with the same kernel as the target machine I was going to capture RAM from.
Fast forward a few years, and I'm interested in capturing some Android memory. I've followed the instructions from this page to attempt to cross compile on an Ubuntu system for Android 10 in order to build the LKM for capturing memory on Android: hxxps://github.com/504ensicsLabs/LiME/tree/master/doc
What I've done:
Disclaimer: Although, I'm researching and learning as much as I can, there are too many gaps in my knowledge at the moment. My development experience is limited to using Python to automate stuff. That's about it.
I built an Ubuntu 20 VM and installed SDK, NDK and all the necessary libraries.
I've downloaded the Google msm kernel source code.
I stepped through the LiME cross compiling instructions.
I initially tried using NDK 21.1.6352462 only to realize that the command in the LiME instructions would not work because the abi files are no longer there so I downgraded my NDK to 18.1.5063045 to have some kind of baseline with the instructions.
I got all my environment parameters up, pulled the .config from the phone and tried the following command:
make ARCH=arm64 CROSS_COMPILE=$CC_PATH/arm-linux-androideabi- modules_prepare
I initially got this error: "Cannot use CONFIG_CC_STACKPROTECTOR_STRONG: -fstack-protector-strong not supported by compiler" so I edited the Makefile and commented out the line.
That got rid of that error message. I'm not concerned about stack overflows (security) for what I'm doing.
I then ran the same command again and got the following error: TypeError: unsupported operand type(s) for >>: 'builtin_function_or_method' and '_io.TextIOWrapper'. Did you mean "print(<message>, file=<output_stream>)"?
I edited the ./scripts/gcc-wrapper.py file so that the print statements followed Python 3.6+ syntax
That got rid of that error message and brought on the following error message which is where I'm stumped.
Makefile:496: *** "Clang with Android --target detected. Did you specify CLANG_TRIPLE?". Stop.
From my research, I see that google is now using Clang/LLVM to compile the Kernel as opposed to gcc. This is where I'm stumped and have some trouble grasping exactly what I should be doing to make this work.
How do I make this command: "make ARCH=arm64 CROSS_COMPILE=$CC_PATH/arm-linux-androideabi- modules_prepare" work OR how do I translate that command into something clang understands, can I still use gcc command and clang will understand and convert?
The following steps are where my challenges lie:
Next we have to prepare our kernel source for our module.
$ cd $KSRC_PATH
$ make ARCH=arm CROSS_COMPILE=$CC_PATH/arm-eabi- modules_prepare
PREPARING THE MODULE FOR COMPILATION
We need to create a Makefile to cross-compile our kernel module. A sample Makefile for cross-compiling is shipped with the LiME source. The contents of your Makefile should be similar to the following:
***Will this process be the same?
obj-m := lime.o
lime-objs := main.o tcp.o disk.o
KDIR := /path/to/kernel-source
PWD := $(shell pwd)
CCPATH := /path/to/android-ndk/toolchains/arm-linux-androideabi-4.4.3/prebuilt/linux-x86/bin/
$(MAKE) ARCH=arm CROSS_COMPILE=$(CCPATH)/arm-eabi- -C $(KDIR) M=$(PWD) modules
COMPILING THE MODULE
Thanks for listening.
P.S. My env variables