Harden DEX obfuscation against malformed module input#767
Open
Shallow-dusty wants to merge 3 commits into
Open
Harden DEX obfuscation against malformed module input#767Shallow-dusty wants to merge 3 commits into
Shallow-dusty wants to merge 3 commits into
Conversation
Shallow-dusty
force-pushed
the
fix/dex-obfuscation-crash
branch
from
7c52596 to
2ce173d
Compare
There was a problem hiding this comment.
Pull request overview
This PR hardens the daemon’s JNI DEX obfuscation pipeline by adding a Vector-side preflight validator for module-controlled DEX buffers before handing them to slicer, preventing release (-DNDEBUG) crashes on malformed inputs (Fixes #766).
Changes:
- Added
isDexSafeForSlicer()plus supporting helpers to validate DEX header/section bounds and key indexed references. - Updated
ObfuscationManager.obfuscateDex()to (a) handle invalid sizes, (b) skip slicer for malformed/no-signature inputs, and (c) return the originalSharedMemorywrapper on failures. - Refactored SharedMemory wrapping into a helper (
wrapSharedMemoryFd).
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
## Summary
Harden the daemon DEX obfuscation path against malformed module-controlled DEX input before it reaches slicer.
Root Cause
ObfuscationManager.obfuscateDexonly checked whether the mapped DEX bytes contained a target signature before passing the whole buffer todex::Reader::CreateFullIr(). Slicer's structural guards are implemented withSLICER_CHECK/SLICER_WEAK_CHECK, but those checks compile out underNDEBUG, so malformed table offsets and indexes can still be dereferenced in release-compatible builds.Changes
CreateFullIr()touches first.SharedMemorywrapper for malformed inputs, no-signature inputs, and writer-output failures so the daemon does not crash.Validation
git diff --check./gradlew.bat --no-daemon :daemon:assembleDebug./gradlew.bat --no-daemon :daemon:assembleReleaseThe release daemon build covers the
NDEBUG-style path where slicer's own checks are compiled out.Fixes #766
Device-side harness validation (PJD110, Android 16, KernelSU root, arm64 release
-DNDEBUG):bad_vector_obfuscation.dexwith SHA-256ca6598344db1eb878a3bf13cd99d0a0890acc9106e76c3b2050905911ee6a738.HARNESS_RC:139, logcatFatal signal 11 (SIGSEGV).HARNESS_RC:0withpreflight rejected malformed input; slicer skipped, and no crash log.Lorg/matrix/vector/core/: preflight accepted it,CreateFullIr()parsedIR classes: 1,HARNESS_RC:0.