While I have successfully compiled the binaries and used them with previous versions of Navicat, trying to patch the latest 15.0.19, it fails and core dumps.
./navicat-patcher /media/ext2/incoming/navicat RegPrivateKey.pem
*********************************************************** Navicat Patcher (Linux) by @DoubleLabyrinth *
* Version: 1.0 *
**********************************************************
Press ENTER to continue or Ctrl + C to abort.
[+] Try to open libcc.so ... Ok!
terminate called without an active exception
Aborted (core dumped)
While I have successfully compiled the binaries and used them with previous versions of Navicat, trying to patch the latest 15.0.19, it fails and core dumps.
```
./navicat-patcher /media/ext2/incoming/navicat RegPrivateKey.pem
**********************************************************
* Navicat Patcher (Linux) by @DoubleLabyrinth *
* Version: 1.0 *
**********************************************************
Press ENTER to continue or Ctrl + C to abort.
[+] Try to open libcc.so ... Ok!
terminate called without an active exception
Aborted (core dumped)
```
specifically in the call of : PatchMarkRva.value()
can be confirm this?
libcc.so
https://mega.nz/file/eaJgAKpK#HxPGkXU950bUPF6wygoYm8p8n66r1mB2PtrOcfmkvVc
the problem appears to be in the part of the code at line 129 of the file: PatchSolution0.cpp on linee 129
l = snprintf(nullptr, 0,
asm_template,
this->m_DisassemblyEngine.GetRegisterName(char_reg),
this->m_DisassemblyEngine.GetRegisterName(lpsz_reg),
PatchMarkRva.value() + offsetof(PatchMarkType, Data)
);
specifically in the call of : PatchMarkRva.value()
can be confirm this?
I think that is because PatchMarkRva has not been given a value when code runs there. It seems the previous code
...
...
{
std::map<Elf64_Off, Elf64_Xword> SpaceMap{ { 0, m_Image.ElfSize() } };
SearchFreeSpace(SpaceMap, m_Image);
for (constauto& space : SpaceMap) {
bool found = false;
auto offset = space.first;
auto size = space.second;
if (size >= sizeof(PatchMarkType)) {
for (size_t i = 0; i < m_Image.NumberOfElfProgramHeaders(); ++i) {
auto seg_hdr = m_Image.ElfProgramHeader(i);
if (seg_hdr->p_type == PT_LOAD && seg_hdr->p_offset + seg_hdr->p_filesz == offset) {
RefSegment = seg_hdr;
PatchMarkOffset = offset;
PatchMarkRva = m_Image.ConvertOffsetToRva(offset - 1) + 1;
found = true;
break;
}
}
}
if (found) {
break;
}
}
}
...
...
did not find free space to store our public key.
That would be a big problem. I need to figure out a new solution.
I think that is because `PatchMarkRva` has not been given a value when code runs there. It seems the previous code
```cpp
...
...
{
std::map<Elf64_Off, Elf64_Xword> SpaceMap{ { 0, m_Image.ElfSize() } };
SearchFreeSpace(SpaceMap, m_Image);
for (const auto& space : SpaceMap) {
bool found = false;
auto offset = space.first;
auto size = space.second;
if (size >= sizeof(PatchMarkType)) {
for (size_t i = 0; i < m_Image.NumberOfElfProgramHeaders(); ++i) {
auto seg_hdr = m_Image.ElfProgramHeader(i);
if (seg_hdr->p_type == PT_LOAD && seg_hdr->p_offset + seg_hdr->p_filesz == offset) {
RefSegment = seg_hdr;
PatchMarkOffset = offset;
PatchMarkRva = m_Image.ConvertOffsetToRva(offset - 1) + 1;
found = true;
break;
}
}
}
if (found) {
break;
}
}
}
...
...
```
did not find free space to store our public key.
That would be a big problem. I need to figure out a new solution.
ok thank's for the info.
low space here :
https://i.imgur.com/seZLcir.jpg
this lib might be useful :
https://lief.quarkslab.com/
for Code injection?
Regards
![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="80" height="80"><rect fill-opacity="0"/></svg>)
![](data:image/svg+xml,<svg xmlns="http://www.w3.org/2000/svg" width="290" height="290"><rect fill-opacity="0"/></svg>)
While I have successfully compiled the binaries and used them with previous versions of Navicat, trying to patch the latest 15.0.19, it fails and core dumps.
./navicat-patcher /media/ext2/incoming/navicat RegPrivateKey.pem ********************************************************** * Navicat Patcher (Linux) by @DoubleLabyrinth * * Version: 1.0 * ********************************************************** Press ENTER to continue or Ctrl + C to abort. [+] Try to open libcc.so ... Ok! terminate called without an active exception Aborted (core dumped)Confirm this issue on linux...
https://i.imgur.com/c1O7XQv.jpg
regards
libcc.so
https://mega.nz/file/eaJgAKpK#HxPGkXU950bUPF6wygoYm8p8n66r1mB2PtrOcfmkvVc
the problem appears to be in the part of the code at line 129 of the file: PatchSolution0.cpp on linee 129
l = snprintf(nullptr, 0,
asm_template, this->m_DisassemblyEngine.GetRegisterName(char_reg), this->m_DisassemblyEngine.GetRegisterName(lpsz_reg), PatchMarkRva.value() + offsetof(PatchMarkType, Data) );specifically in the call of : PatchMarkRva.value()
can be confirm this?
I think that is because
PatchMarkRvahas not been given a value when code runs there. It seems the previous code... ... { std::map<Elf64_Off, Elf64_Xword> SpaceMap{ { 0, m_Image.ElfSize() } }; SearchFreeSpace(SpaceMap, m_Image); for (const auto& space : SpaceMap) { bool found = false; auto offset = space.first; auto size = space.second; if (size >= sizeof(PatchMarkType)) { for (size_t i = 0; i < m_Image.NumberOfElfProgramHeaders(); ++i) { auto seg_hdr = m_Image.ElfProgramHeader(i); if (seg_hdr->p_type == PT_LOAD && seg_hdr->p_offset + seg_hdr->p_filesz == offset) { RefSegment = seg_hdr; PatchMarkOffset = offset; PatchMarkRva = m_Image.ConvertOffsetToRva(offset - 1) + 1; found = true; break; } } } if (found) { break; } } } ... ...did not find free space to store our public key.
That would be a big problem. I need to figure out a new solution.
ok thank's for the info.
low space here :
https://i.imgur.com/seZLcir.jpg
this lib might be useful :
https://lief.quarkslab.com/
for Code injection?
Regards
Any news on this one...?
Hey @doublesine, have you had the chance to look into this issue?
15.0.20 Online Work again..
Yeap, at least on Windows it works fine. I will test later on Linux.
Already tested linux version work fine
Ok, version 15.0.19 was a failure, 15.0.20 for Linux and 15.0.18 for Windows are ok.
Closing this.