Hi Rob,

Just an approach: http://forum.xda-developers.com/galaxy-s2/orig-development/howto-compile-modules-stock-kernels-t1123643

This XDA forum thread from June 2011 is about a Samsung Galaxy S2 and differences between the device's kernel and the downloadable kernel in terms of settings in defconfig. Don't know about similar information about the S3 but maybe Samsung will provide this.

When I was involved in Android/LiME/Volatility a year ago I didn't really succeed beyond AVD and Nexus. (https://www1.cs.fau.de/filepool/gruhn/thesis_waechter.pdf)


Good luck,
Philipp

________________________________________________________________
From:    Rob Hunter 
Sent:    Samstag, Dezember 19, 2015 1:14PM 
To:      Vol-users
Subject: [Vol-users] Insmod lime.lo on stock Samsung Galaxy S3 results in Exec format error 

Hello list,

This is my first post to this list. My name is Rob, I'm located in the Netherlands and am looking for some help in dumping the memory of an Android phone so I can inspect it in Volatility. A bit of background as to where I'm currently at with Volatility.

I've successfully compiled LiME against a standard linux kernel running on Intel, created a profile with dwarfdump etc., dumped the memory and can use the plugins successfully.

I've also installed Cyanogenmod 12.1 on a GalaxyS2 and can run LiMe on it and dump the RAM. I have a problem with the profile not loading in Volatility but that's for another post :-)  I can run strings on the dump and recover meaningful information though.

Cutting to the chase...
My target phone is a stock Samsung Galaxy S3. I've looked at the device settings and have downloaded the matching kernel source code from Samsungs opensource website, taking care to make sure the build versions string matches. The phone has developer settings and usb debugging enabled. I have also rooted the phone and the SuperSU binary is installed and configured to grant root always without prompting.

I've tried using toolchain versions 4.9 and 4.8 but the Samsung source code will not compile without modifications to the makefile relating to warnings being interpreted as errors. I'm therefore using version 4.7.

I've compiled the kernel modules which generated a module.symvers:

***
0x82d9772c    bcmsdh_remove    drivers/net/wireless/bcmdhd/dhd    EXPORT_SYMBOL
0x9cad0f4b    bcmsdh_probe    drivers/net/wireless/bcmdhd/dhd    EXPORT_SYMBOL
***

I then compiled LiME with this make file...

***
obj-m := lime.o
lime-objs := tcp.o disk.o main.o

KDIR :=~/ANDROID/S3Kernel/Kernel
PWD := $(shell pwd)
CROSS_COMPILE := /home/dfir/ANDROID/android-ndk-r10e/toolchains/arm-linux-androideabi-4.7/bin/arm-linux-androideabi-


ARCH := arm

.PHONY: modules modules_install clean distclen help

default:
    $(MAKE) ARCH=arm SUBARCH=arm -C $(KDIR) M=$(PWD) CROSS_COMPILE=$(CROSS_COMPILE) EXTRA_CFLAGS=-fno-pic modules
    mv lime.ko limeS3.ko
***

...and this generates the following output


***
dfir@ThinkPad-T420:~/ANDROID/S3Kernel/LiME/src$ make
make ARCH=arm SUBARCH=arm -C ~/ANDROID/S3Kernel/Kernel M=/home/dfir/ANDROID/S3Kernel/LiME/src CROSS_COMPILE=/home/dfir/ANDROID/android-ndk-r10e/toolchains/arm-linux-androideabi-4.7/bin/arm-linux-androideabi- EXTRA_CFLAGS=-fno-pic modules
make[1]: Entering directory `/home/dfir/ANDROID/S3Kernel/Kernel'
  CC [M]  /home/dfir/ANDROID/S3Kernel/LiME/src/tcp.o
  CC [M]  /home/dfir/ANDROID/S3Kernel/LiME/src/disk.o
  CC [M]  /home/dfir/ANDROID/S3Kernel/LiME/src/main.o
  LD [M]  /home/dfir/ANDROID/S3Kernel/LiME/src/lime.o
  Building modules, stage 2.
  MODPOST 1 modules
  CC      /home/dfir/ANDROID/S3Kernel/LiME/src/lime.mod.o
  LD [M]  /home/dfir/ANDROID/S3Kernel/LiME/src/lime.ko
make[1]: Leaving directory `/home/dfir/ANDROID/S3Kernel/Kernel'
mv lime.ko limeS3.ko
***

After successfully compilation there is also a module.symvers file located in LiME directory but it is empty. I wonder if this is indicative of my problem?

I then move limeS3.ko to my phone and connect to it with adb
adb forward tcp:4444 tcp:4444
adb shell
su

this gets me to a root prompt on the device and I can move freely around the file system.
I then move to the location where limeS3.ko is installed and enter the command

root@m0:/storage/extSdCard # insmod ./limeS3.ko "path=tcp:4444 format=lime"   

which gives the following error.
insmod: init_module './limeS3.ko' failed (Exec format error)

I've searched for this error and ensured the kernel version is correct.
Can anyone tell me what I'm doing wrong so I can get the driver loaded?

I realize that this was a long first post. Thank-you for taking the time to read this far. I hope someone can point me in the right direction.

regards,
Rob
 



_______________________________________________
Vol-users mailing list
Vol-users@volatilityfoundation.org
http://lists.volatilityfoundation.org/mailman/listinfo/vol-users