➜ VSCode 配置两次 ssh 连接远程服务器

需求:PC 需要连接服务器 A 阅读代码,但是 PC 不能直连服务器 A,其中 PC 可以连接服务器 B ,服务器 B 可以连接服务器 A ;

目标:使用服务器 B 作为跳板机,连接 PC 和服务器 A ;

步骤:

  1. 在 PC C:\Users\test\.ssh 路径下运行 ssh-keygen 命令,生成远程连接秘钥文件,并将 id_rsa.pub 中的内容复制到服务器 B 的 ~/.ssh/authorized_keys 文件中,没有 authorized_keys 则新建一个;

  2. 在服务器 B 中同样运行 ssh-keygen 命令,在 ~/.ssh 目录下生成公私钥文件,并将 id_rsa.pub 中的内容复制到服务器 A 的 ~/.ssh/authorized_keys 文件中,没有 authorized_keys 则新建一个;将 id_rsa 文件下载到 PC 中;

  3. PC VSCode 安装 Remote SSH 插件,打开配置文件,输入如下配置:

    1
    2
    3
    4
    5
    6
    7
    8
    9
    10
    11
    12
    # Read more about SSH config files: https://linux.die.net/man/5/ssh_config
    Host ServerB
        HostName x.x.x.x # 服务器B的ip
        User test # ssh远程登录服务器B的用户名
        IdentityFile C:\Users\test\.ssh\id_rsa # PC远程连接服务器B的私钥文件路径
        ForwardAgent yes # 指定是否将与身份验证代理(如果有)的连接转发到远程计算机

    Host ServerA
        HostName x.x.x.x # 服务器A的ip
        ProxyJump ServerB # 先登录ServerB,使用服务器B作为跳板
        User test1 # 服务器B远程登录服务器A的用户名
        IdentityFile C:\Users\test\.ssh\id_rsa-ServerA # 服务器B远程连接服务器A的私钥文件路径(id_rsa下载到PC的本地路径)

配置完成之后 PC 即可远程连接服务器 A ,阅读和开发代码。

➜ linux主机查看监听的端口和对应的服务进程

1
netstat -tunp

➜ frida hook

frida报错:

1
Failed to spawn: need Gadget to attach on jailed Android; its default location is: /home/autosec/.cache/frida/gadget-android-arm64.so

解决办法:https://github.com/sensepost/objection/pull/579

pip分别安装对应版本的frida和frida-tools,建议创建一个python虚拟环境,然后再安装:

1
2
pip install frida==16.0.2
pip install frida-tools==12.0.1

下载16.0.2版本(和frida版本对应)的frida server到设备上,然后给frida server加上执行权限,启动server。

frida运行hook脚本:

1
frida -U -f com.lixiang.car.paintingmaster -l ./okhttp.js

当连接USB的设备有多个时,可以通过-D选项指定设备ID:

1
frida -D 2f05abf3a1f -f com.lixiang.car.paintingmaster -l ./okhttp.js

➜ 网络爬虫

在编写爬虫爬取网络信息时,可以使用selenium和playwright这些自动化测试框架拉取一个无痕浏览器来加载网页,然后使用xpath解析网页信息。

➜ adb root 报错:adbd cannot run as root in production builds

解决方法:https://github.com/topjohnwu/Magisk/issues/425#issuecomment-1646594803

设置 ro.debuggable 属性为 1 即可。

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
PS D:\> adb shell props

Loading... Please wait.


MagiskHide Props Config v6.1.2
by Didgeridoohan @ XDA Developers

=====================================
 Updating fingerprints list
=====================================


Checking list version.
Fingerprints list up-to-date.

Checking for module update.
No update available.

MagiskHide Props Config v6.1.2
by Didgeridoohan @ XDA Developers

=====================================
 Select an option below.
=====================================

1 - Edit device fingerprint
2 - Force BASIC key attestation
3 - Device simulation (disabled)
4 - Edit MagiskHide props (active)
5 - Add/edit custom props
6 - Delete prop values
7 - Script settings
8 - Collect logs
u - Perform module update check
r - Reset all options/settings
b - Reboot device
e - Exit

See the module readme or the
support thread @ XDA for details.

Enter your desired option: 5

MagiskHide Props Config v6.1.2
by Didgeridoohan @ XDA Developers

=====================================
 Custom props
 Select an option below:
=====================================

Set or edit custom prop values for your device.

Currently no custom props set.
Please add one by selecting
"New custom prop" below.

n - New custom prop
b - Go back to main menu
e - Exit

See the module readme or the
support thread @ XDA for details.

Enter your desired option: n

MagiskHide Props Config v6.1.2
by Didgeridoohan @ XDA Developers

=====================================
 New custom prop
=====================================

Enter the prop to set. Example:
ro.sf.lcd_density

b - Go back
e - Exit

Enter your desired option: ro.debuggable

MagiskHide Props Config v6.1.2
by Didgeridoohan @ XDA Developers

=====================================
 ro.debuggable
=====================================

ro.debuggable is
one of the sensitive props that can be
set by the MagiskHide props option.

Are you sure you want to proceed?

y - Yes
n - No
e - Exit

Enter your desired option: y

MagiskHide Props Config v6.1.2
by Didgeridoohan @ XDA Developers

=====================================
 ro.debuggable
=====================================

Enter the value you want to set
ro.debuggable to,
or select from the options below.

The currently set value is:
0
Please enter the new value.

b - Go back
e - Exit

Enter your desired option: 1

MagiskHide Props Config v6.1.2
by Didgeridoohan @ XDA Developers

=====================================
 ro.debuggable
=====================================

This will set ro.debuggable to:

1

Pick an option below to change
what boot stage the prop will
be set in, or set/reset a delay:

1 - Default (current)
2 - post-fs-data
3 - late_start service
4 - Both boot stages
d - Delay

Do you want to continue?

Enter y(es), n(o), e(xit)
or an option from above: 4

MagiskHide Props Config v6.1.2
by Didgeridoohan @ XDA Developers

=====================================
 ro.debuggable
=====================================

This will set ro.debuggable to:

1

Pick an option below to change
what boot stage the prop will
be set in, or set/reset a delay:

1 - Default
2 - post-fs-data
3 - late_start service
4 - Both boot stages (current)
d - Delay

Do you want to continue?

Enter y(es), n(o), e(xit)
or an option from above: y

Working. Please wait...

Working. Please wait...

Working. Please wait...

Working. Please wait...

MagiskHide Props Config v6.1.2
by Didgeridoohan @ XDA Developers

=====================================
 Reboot - ro.debuggable
=====================================

Reboot for changes to take effect.

Do you want to reboot now (y/n)?

Enter y(es), n(o) or e(xit): y

Rebooting...
PS D:\> adb devices
List of devices attached
8C7X1KERM       device

PS D:\> adb root
restarting adbd as root
PS D:\>

➜ adb remount 报错:Not running as root. Try “adb root” first.

问题:adb root 正常,adb remount报错。

解决方法:https://medium.com/@tornadohenky1/adb-root-works-but-adb-remount-not-works-troubleshot-google-pixel-2-75a649fd9c15

adb remount 命令等价于 adb shell mount -o rw,remount,rw /system,用于将 /system 目录置于可写入的模式,默认情况下 /system 是只读模式。

/system 未挂载,需要先将 /system 绑定挂载,然后再修改读写权限:

1
2
3
4
5
6
7
8
blueline:/ # mount --bind /system /system
blueline:/ # mount | grep system
···
/dev/root on /system type ext4 (ro,seclabel,relatime,block_validity,delalloc,barrier,user_xattr,errors=remount-ro)
blueline:/ # mount -o rw,remount,rw /system
blueline:/ # ls -l /
···
drwxr-xr-x  13 root   root      4096 2009-01-01 16:00 system

➜ 安装AFL++ make distrib命令编译unicorn报错

cmake版本较低,导致编译报错,解决办法是重新安装高版本cmake:

1
2
3
4
5
6
7
8
9
sudo apt remove --purge --auto-remove cmake
sudo apt update
sudo apt install build-essential libtool autoconf unzip wget libssl-dev
wget https://cmake.org/files/v3.27/cmake-3.27.9.tar.gz
tar -xzvf cmake-3.27.9.tar.gz
cd cmake-3.27.9
./bootstrap
make
sudo make install

参考:

https://github.com/AFLplusplus/AFLplusplus/blob/stable/docs/INSTALL.md

https://github.com/AFLplusplus/AFLplusplus/issues/1763

https://askubuntu.com/questions/355565/how-do-i-install-the-latest-version-of-cmake-from-the-command-line

➜ gdb调试技巧

gdb在调试时设置变量的值:

1
set var varname=1

➜ C++虚表逆向

https://blog.iret.xyz/posts/cpp-vfunc-reversing-1/
https://blog.iret.xyz/posts/cpp-vfunc-reversing-2/

➜ 查看当前目录下文件夹/文件大小

1
2
du -h -d=1 ./*
ls -alh

➜ adb查询content provider

1
2
3
adb shell content query --uri content://com.mwr.example.sieve.DBContentProvider/Passwords
adb shell content query --uri content://com.mwr.example.sieve.DBContentProvider/Passwords/ --projection "'"
adb shell content query --uri content://com.mwr.example.sieve.DBContentProvider/Passwords/ --projection "'"

➜ 查找当前目录及其子目录下所有的.jar文件,并将这些文件复制到all-lib/目录中

1
find . -name "*.jar" -exec cp {} all-lib/ \;

➜ Android adb 查看已经安装的应用

1
2
3
4
5
6
7
8
9
10
adb shell pm list packages  # 查看当前连接设备或者虚拟机的所有包
adb shell pm list packages -d  # 只输出禁用的包
adb shell pm list packages -e  # 只输出启用的包
adb shell pm list packages -s  # 只输出系统的包
adb shell pm list packages -i  # 只输出包和安装信息(安装来源)
adb shell pm list packages -u  # 只输出包和未安装包信息(安装来源)
adb shell pm list packages -i  # 只输出包和安装信息(安装来源)
adb shell pm list packages -f  # 输出包和包相关联的文件
adb shell pm list packages -3  # 输出所有第三方包
adb shell pm list packages -[option] "sina"  # 按照要求搜索包

➜ Mac M1安装mysqlclient库失败

1
2
3
brew install mysql-client pkg-config
export PKG_CONFIG_PATH="/opt/homebrew/opt/mysql-client/lib/pkgconfig"
python3 -m pip install mysqlclient

➜ python安装requirements.txt中的依赖

1
python3 -m pip install -r requirements.txt

➜ Android手机刷机救砖

先将手机切换成fastboot模式,然后再使用fastboot刷机

1
2
adb reboot bootloader  进入fastboot模式
fastboot devices  查看设备连接状态

➜ Android System read only

https://android.stackexchange.com/questions/186630/android-o-failed-to-mount-system-dev-block-dm-0-is-read-only

For debug build, user have to disable-verity at first. nly on debug build, user can disable-verity.

1
2
3
4
5
6
7
adb root
adb disable-verity
adb reboot
adb root
adb remount
adb shell
mount -o rw,remount /system

In order to know build type of your android, in adb shell enter the following command:

1
cat /system/build.prop | grep build.type

➜ Download Secured Artifactory Artifact With WGET and Token

https://coding-stream-of-consciousness.com/2019/06/23/download-secured-artifactory-artifact-with-wget-and-token/

1
wget --header='X-JFrog-Art-Api: your-very-long-token-from-artifactory' https://company.com/artifactory/local-pypi-repo/some_repo/some_project/artifact_name-3.1.0-py3-none-any.whl