garrettskj / ac_patcher Goto Github PK

View Code? Open in Web Editor NEW

35.0 35.0 10.0 32 KB

AnyConnect Patcher for Freedom

License: GNU General Public License v3.0

Shell 16.86% Python 75.24% Dockerfile 7.90%

ac_patcher's People

Stargazers

Watchers

Forkers

mcharo slmingol dnk momoson wbaby efrikin zejdlikt

ac_patcher's Issues

Not working on 4.10.03104

Does patch 4.10.03104, but the VPN doesn't start after patching.

Failed to patch 4.8.03052 in OSX

Patching Completed Successfully,
But, It Failed to start process vpnagentd

radare2 5.1.1 0 @ darwin-x86-64 git.
commit: HEAD build: 2021-02-16__00:59:55

Found method @ 0x1000c0c66
Looks like it's called from: 0x1000605bd
Patching Completed Successfully

The VPN Service is not available. Exiting.

Mar  3 23:50:32  com.apple.xpc.launchd[1] (com.apple.ReportCrash.Root[1864]): Binary is improperly signed.
Mar  3 23:50:32  ReportCrash[1866]: objc[1866]: Class CrashReport is implemented in both /System/Library/PrivateFrameworks/CrashReporterSupport.framework/Versions/A/CrashReporterSupport and /System/Library/CoreServices/ReportCrash. One of the two will be used. Which one is undefined.

Some error on 5.0.05040 (macos version)

Hi all,

I just tried to run this script in hope it will fix all my pain. But wonder not happen :(

In the result a new file was built, but size of the file is bigger than I expect (about 4 GB. 😮 )

❯ ls -lah vpn*
.rwxr-xr-x rgainanov wheel 4.0G an hour ago    vpnagentd
.rwxr-xr-x root      wheel 2.7M 13 minutes ago   vpnagentd.orig
❯ ./vpnagentd.orig --version
Cisco Systems VPN Agent (version 5.0.05040 )
Copyright (C) 1998-2010 All Rights Reserved.

There is a log of my attempt:

# ./anyconnect_patch.py
WARNING: bin_strings buffer is too big (0xfffffffffff04710). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xfffffffffff023b2). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xffffffffffee74a8). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
Opening and analyzing, 15 seconds...
Value from 0x00000000 to 0x002bc3c0
aav: 0x00000000-0x002bc3c0 in 0x0-0x2bc3c0
aav: 0x00000000-0x002bc3c0 in 0x100007f8c-0x1001093b8
aav: 0x00000000-0x002bc3c0 in 0x10010c000-0x10010e839
aav: 0x00000000-0x002bc3c0 in 0x10010e840-0x10010ed00
Value from 0x100007f8c to 0x1001093b8
aav: 0x100007f8c-0x1001093b8 in 0x0-0x2bc3c0
aav: 0x100007f8c-0x1001093b8 in 0x100007f8c-0x1001093b8
aav: 0x100007f8c-0x1001093b8 in 0x10010c000-0x10010e839
aav: 0x100007f8c-0x1001093b8 in 0x10010e840-0x10010ed00
Value from 0x10010c000 to 0x10010e839
aav: 0x10010c000-0x10010e839 in 0x0-0x2bc3c0
aav: 0x10010c000-0x10010e839 in 0x100007f8c-0x1001093b8
aav: 0x10010c000-0x10010e839 in 0x10010c000-0x10010e839
aav: 0x10010c000-0x10010e839 in 0x10010e840-0x10010ed00
Value from 0x10010e840 to 0x10010ed00
aav: 0x10010e840-0x10010ed00 in 0x0-0x2bc3c0
aav: 0x10010e840-0x10010ed00 in 0x100007f8c-0x1001093b8
aav: 0x10010e840-0x10010ed00 in 0x10010c000-0x10010e839
aav: 0x10010e840-0x10010ed00 in 0x10010e840-0x10010ed00
 WARNING : block size exceeding max block size at 0x0016f5e4
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00135d6c
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00132dd0
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0013acb0
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0013c628
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028f938
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028dda4
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00290144
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028fe18
[+] Try changing it with e anal.bb.maxsize
Found method StartInterface @ 0x1000d6610
WARNING: bin_strings buffer is too big (0xfffffffffff04710). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xfffffffffff023b2). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xffffffffffee74a8). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
Value from 0x00000000 to 0x002bc3c0
aav: 0x00000000-0x002bc3c0 in 0x0-0x2bc3c0
aav: 0x00000000-0x002bc3c0 in 0x100007f8c-0x1001093b8
aav: 0x00000000-0x002bc3c0 in 0x10010c000-0x10010e839
aav: 0x00000000-0x002bc3c0 in 0x10010e840-0x10010ed00
Value from 0x100007f8c to 0x1001093b8
aav: 0x100007f8c-0x1001093b8 in 0x0-0x2bc3c0
aav: 0x100007f8c-0x1001093b8 in 0x100007f8c-0x1001093b8
aav: 0x100007f8c-0x1001093b8 in 0x10010c000-0x10010e839
aav: 0x100007f8c-0x1001093b8 in 0x10010e840-0x10010ed00
Value from 0x10010c000 to 0x10010e839
aav: 0x10010c000-0x10010e839 in 0x0-0x2bc3c0
aav: 0x10010c000-0x10010e839 in 0x100007f8c-0x1001093b8
aav: 0x10010c000-0x10010e839 in 0x10010c000-0x10010e839
aav: 0x10010c000-0x10010e839 in 0x10010e840-0x10010ed00
Value from 0x10010e840 to 0x10010ed00
aav: 0x10010e840-0x10010ed00 in 0x0-0x2bc3c0
aav: 0x10010e840-0x10010ed00 in 0x100007f8c-0x1001093b8
aav: 0x10010e840-0x10010ed00 in 0x10010c000-0x10010e839
aav: 0x10010e840-0x10010ed00 in 0x10010e840-0x10010ed00
 WARNING : block size exceeding max block size at 0x0016f5e4
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00135d6c
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00132dd0
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0013acb0
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0013c628
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028f938
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028dda4
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00290144
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028fe18
[+] Try changing it with e anal.bb.maxsize
Opening and finding the method now, 15 seconds...
Looks like it's called from: ['0x100070f54']
WARNING: bin_strings buffer is too big (0xfffffffffff04710). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xfffffffffff023b2). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
WARNING: bin_strings buffer is too big (0xffffffffffee74a8). Use -zzz or set bin.maxstrbuf (RABIN2_MAXSTRBUF) in r2 (rabin2)
Value from 0x00000000 to 0x002bc3c0
aav: 0x00000000-0x002bc3c0 in 0x0-0x2bc3c0
aav: 0x00000000-0x002bc3c0 in 0x100007f8c-0x1001093b8
aav: 0x00000000-0x002bc3c0 in 0x10010c000-0x10010e839
aav: 0x00000000-0x002bc3c0 in 0x10010e840-0x10010ed00
Value from 0x100007f8c to 0x1001093b8
aav: 0x100007f8c-0x1001093b8 in 0x0-0x2bc3c0
aav: 0x100007f8c-0x1001093b8 in 0x100007f8c-0x1001093b8
aav: 0x100007f8c-0x1001093b8 in 0x10010c000-0x10010e839
aav: 0x100007f8c-0x1001093b8 in 0x10010e840-0x10010ed00
Value from 0x10010c000 to 0x10010e839
aav: 0x10010c000-0x10010e839 in 0x0-0x2bc3c0
aav: 0x10010c000-0x10010e839 in 0x100007f8c-0x1001093b8
aav: 0x10010c000-0x10010e839 in 0x10010c000-0x10010e839
aav: 0x10010c000-0x10010e839 in 0x10010e840-0x10010ed00
Value from 0x10010e840 to 0x10010ed00
aav: 0x10010e840-0x10010ed00 in 0x0-0x2bc3c0
aav: 0x10010e840-0x10010ed00 in 0x100007f8c-0x1001093b8
aav: 0x10010e840-0x10010ed00 in 0x10010c000-0x10010e839
aav: 0x10010e840-0x10010ed00 in 0x10010e840-0x10010ed00
 WARNING : block size exceeding max block size at 0x0016f5e4
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00135d6c
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00132dd0
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0013acb0
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0013c628
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028f938
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028dda4
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x00290144
[+] Try changing it with e anal.bb.maxsize
 WARNING : block size exceeding max block size at 0x0028fe18
[+] Try changing it with e anal.bb.maxsize
Patching Completed Successfully
Now patching FileSignature verification
Opening and analyzing, 15 seconds...
Value from 0x00000000 to 0x100070f59
Skipping huge range
Skipping huge range
Found method VerifyFileSignatureCollective::IsValid @
Value from 0x00000000 to 0x100070f59
Skipping huge range
Skipping huge range
Opening and finding the method now, 15 seconds...
Looks like it's called from: ['']
Patching Failed, maybe already done?

I run it in Docker with this compose-file:

version: "2.4"
services:
  anyhack:
    build:
      context: .
      dockerfile: Dockerfile
    command: sleep 6000
    volumes:
      - ${PWD}:/srv

Not working with 4.10.04071

The patching completed successfully, but VPN doesn't starting.

enhancement of dependency installation

hello @garrettskj

I propose to improve for dependency installation for ac_patcher

I spent a lot of time for installation dependencies to my workstation and this was very difficult.

I think, we can use container to install dependencies

PR #11

MacOS support?

Thank you for the code made public. Is there any option to make this MacOS compatible?

Patching old 3.1 version of anyconnect

Hi Garrett,

nice patch and good job, would be nice to work cause with confinement it's hard to use my docker containers.

My company uses 3.1 version anyconnect and i tried your patch
Unfortunately it's not working
First i tried with old version of radare2 (2.3) on ubuntu
Second i update radare2 to 4.6

In both cases the vpnagentd has errors
Run File: ../../vpn/Agent/MainThread.cpp Line: 341 Invoked Function: CHostConfigMgr::StartInterfaceMonitoring Return Code: 130974320

What version of radare2 do u used ?

Eric

Outputs
with 2.3

sudo python3 anyconnect_patch.sh
WARNING : block size exceeding max block size at 0x000187ac
[+] Try changing it with e anal.bb.maxsize
Found method @ 0x000212d0
WARNING : block size exceeding max block size at 0x000187ac
[+] Try changing it with e anal.bb.maxsize
Looks like it's called from: 0x76465
WARNING : block size exceeding max block size at 0x000187ac
[+] Try changing it with e anal.bb.maxsize
Patching Completed Successfully

with 4.6

sudo python3 anyconnect_patch.sh
Warning: run r2 with -e io.cache=true to fix relocations in disassembly
Invalid address from 0x000272fb
Invalid address from 0x00048e23
Invalid address from 0x00048715
Invalid address from 0x000554b7
Invalid address from 0x000800fe
Invalid address from 0x00088a49
Found method @ 0x000212d0
Warning: run r2 with -e io.cache=true to fix relocations in disassembly
Invalid address from 0x000272fb
Invalid address from 0x00048e23
Invalid address from 0x00048715
Invalid address from 0x000554b7
Invalid address from 0x000800fe
Invalid address from 0x00088a49
Looks like it's called from: 0x76465
Warning: run r2 with -e io.cache=true to fix relocations in disassembly
Invalid address from 0x000272fb
Invalid address from 0x00048e23
Invalid address from 0x00048715
Invalid address from 0x000554b7
Invalid address from 0x000800fe
Invalid address from 0x00088a49
Patching Completed Successfully
Job for vpnagentd.service failed because the control process exited with error code.
See "systemctl status vpnagentd.service" and "journalctl -xe" for details.

Not working with 4.10.05085

The patching completed successfully, but AnyConnect UI Completely freezes

The VPN client failed to establish a connection

First of all, thank you for this genius solution. I've found that it only intermittently connects. Sometimes when I try, it works, and other times, I get the error that it failed to establish a connection, after clicking the "Accept" on the banner notification. I believe the auth is working, but it dies after that very last step. I've also had intermittent issues when it successfully connects, where vpnagentd keeps overwriting /etc/resolv.conf even when I: chattr +i /etc/resolv.conf.

It's entirely possible this is something on the VPN server side, but I wanted to see if you had any ideas.

Using version 4.9.01095

EDIT: Added debug output.
vpn.txt

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.

Jobs

Jooble