OpenSSL/BoringSSL version not found

[whoamiecho]

Describe the bug
OPPO coloros15 运行最新版本找不到OpenSSL/BoringSSL
存在两个地方报错：
2024-12-02T05:20:18Z ERR OpenSSL/BoringSSL version check failed error="OpenSSL/BoringSSL version not found" soPath=/apex/com.android.conscrypt/lib64/libssl.so
2024-12-02T05:20:18Z FTL module run failed. error="OpenSSL/BoringSSL version not found" isReload=false

/apex/com.android.conscrypt/lib64/libssl.so是实际存在的，自行拷贝或者指定也不行

Expected behavior

2024-12-02T05:20:18Z INF AppName="eCapture(旁观者)"
2024-12-02T05:20:18Z INF HomePage=https://ecapture.cc
2024-12-02T05:20:18Z INF Repository=https://github.com/gojue/ecapture
2024-12-02T05:20:18Z INF Author="CFC4N <[email protected]>"
2024-12-02T05:20:18Z INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-12-02T05:20:18Z INF Version=androidgki_arm64:v0.8.11:6.5.0-1025-azure
2024-12-02T05:20:18Z INF Listen=localhost:28256
2024-12-02T05:20:18Z INF eCapture running logs logger=
2024-12-02T05:20:18Z INF the file handler that receives the captured event eventCollector=
2024-12-02T05:20:18Z WRN ========== module starting. ==========
2024-12-02T05:20:18Z INF Kernel Info=6.1.75 Pid=29070
2024-12-02T05:20:18Z WRN Your environment is like a container. We won't be able to detect the BTF configuration.
If eCapture fails to run, try specifying the BTF mode. use `-b 2` to specify non-CORE mode.
2024-12-02T05:20:18Z INF listen=localhost:28256
2024-12-02T05:20:18Z INF https server starting...You can update the configuration file via the HTTP interface.
2024-12-02T05:20:18Z INF BTF bytecode mode: CORE. btfMode=0
2024-12-02T05:20:18Z INF master key keylogger has been set. eBPFProgramType=Text keylogger=
2024-12-02T05:20:18Z INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL
2024-12-02T05:20:18Z INF Module.Run()
2024-12-02T05:20:18Z ERR OpenSSL/BoringSSL version check failed error="OpenSSL/BoringSSL version not found" soPath=/apex/com.android.conscrypt/lib64/libssl.so
2024-12-02T05:20:18Z INF setupManagers eBPFProgramType=Text
2024-12-02T05:20:18Z FTL module run failed. error="OpenSSL/BoringSSL version not found" isReload=false

Screenshots
If applicable, add screenshots to help explain your problem.

Linux Server/Android (please complete the following information):

• Device: OPPO findx 7 ultra
• Env: androidgki_arm64:v0.8.11:6.5.0-1025-azure
• OS: Linux localhost 6.1.75-android14-11-o-g47c8194d882f 5.10.101 not support #1 SMP PREEMPT Mon Oct 28 13:11:55 UTC 2024 aarch64 Toybox
• Kernel Version: 6.1.75

Additional context
Add any other context about the problem here.

[cfc4n]

oops, It is indeed a bug, let me fix it.

[cfc4n]

please try v0.8.12

[whoamiecho]

Congratulations!This bug has been successfully solved, but there is a new bug waiting for you:

1|OP565FL1:/data/local/tmp $ ./ecapture tls
2024-12-03T13:12:34Z INF AppName="eCapture(旁观者)"
2024-12-03T13:12:34Z INF HomePage=https://ecapture.cc
2024-12-03T13:12:34Z INF Repository=https://github.com/gojue/ecapture
2024-12-03T13:12:34Z INF Author="CFC4N <[email protected]>"
2024-12-03T13:12:34Z INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2024-12-03T13:12:34Z INF Version=androidgki_arm64:v0.8.12:6.5.0-1025-azure
2024-12-03T13:12:34Z INF Listen=localhost:28256
2024-12-03T13:12:34Z INF eCapture running logs logger=
2024-12-03T13:12:34Z INF the file handler that receives the captured event eventCollector=
2024-12-03T13:12:34Z WRN ========== module starting. ==========
2024-12-03T13:12:34Z INF Kernel Info=6.1.75 Pid=10157
2024-12-03T13:12:34Z WRN Your environment is like a container. We won't be able to detect the BTF configuration.
If eCapture fails to run, try specifying the BTF mode. use `-b 2` to specify non-CORE mode.
2024-12-03T13:12:34Z INF listen=localhost:28256
2024-12-03T13:12:34Z INF https server starting...You can update the configuration file via the HTTP interface.
2024-12-03T13:12:34Z INF BTF bytecode mode: CORE. btfMode=0
2024-12-03T13:12:34Z INF master key keylogger has been set. eBPFProgramType=Text keylogger=
2024-12-03T13:12:34Z INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL
2024-12-03T13:12:34Z INF Module.Run()
2024-12-03T13:12:34Z ERR OpenSSL/BoringSSL version not found, used default version.If you want to use the specific version, please set the sslVersion parameter with "--ssl_version='boringssl_a_13'" , "--ssl_version='boringssl_a_14'", or use "ecapture tls --help" for more help.
2024-12-03T13:12:34Z ERR bpfFile=boringssl_a_13_kern.o sslVersion=android_default
2024-12-03T13:12:34Z INF Hook masterKey function ElfType=2 Functions=["SSL_in_init"] binrayPath=/apex/com.android.conscrypt/lib64/libssl.so
2024-12-03T13:12:34Z INF target all process.
2024-12-03T13:12:34Z INF target all users.
2024-12-03T13:12:34Z INF setupManagers eBPFProgramType=Text
2024-12-03T13:12:34Z INF BPF bytecode file is matched. bpfFileName=user/bytecode/boringssl_a_13_kern_core.o
2024-12-03T13:12:34Z FTL module run failed. error="couldn't init manager xxx error:operation not permitted , couldn't adjust RLIMIT_MEMLOCK" isReload=false

[cfc4n]

sudo

[whoamiecho]

ok, thinks

[heidan123]

root@myt-os-pro:~/agent# ecapture tls --libssl=/usr/lib/aarch64-linux-gnu/libssl.so.3
2025-01-02T17:34:18+08:00 INF AppName="eCapture(旁观者)"
2025-01-02T17:34:18+08:00 INF HomePage=https://ecapture.cc
2025-01-02T17:34:18+08:00 INF Repository=https://github.com/gojue/ecapture
2025-01-02T17:34:18+08:00 INF Author="CFC4N <[email protected]>"
2025-01-02T17:34:18+08:00 INF Description="Capturing SSL/TLS plaintext without a CA certificate using eBPF. Supported on Linux/Android kernels for amd64/arm64."
2025-01-02T17:34:18+08:00 INF Version=linux_arm64:v0.9.2:6.5.0-1025-azure
2025-01-02T17:34:18+08:00 INF Listen=localhost:28256
2025-01-02T17:34:18+08:00 INF eCapture running logs logger=
2025-01-02T17:34:18+08:00 INF the file handler that receives the captured event eventCollector=
2025-01-02T17:34:18+08:00 INF Kernel Info=5.10.198 Pid=536
2025-01-02T17:34:18+08:00 WRN Your environment is like a container. We won't be able to detect the BTF configuration.
If eCapture fails to run, try specifying the BTF mode. use `-b 2` to specify non-CORE mode.
2025-01-02T17:34:18+08:00 INF listen=localhost:28256
2025-01-02T17:34:18+08:00 INF https server starting...You can upgrade the configuration file via the HTTP interface.
2025-01-02T17:34:18+08:00 INF BTF bytecode mode: non-CORE. btfMode=0
2025-01-02T17:34:18+08:00 INF master key keylogger has been set. eBPFProgramType=Text keylogger=
2025-01-02T17:34:18+08:00 INF module initialization. isReload=false moduleName=EBPFProbeOPENSSL
2025-01-02T17:34:18+08:00 INF Module.Run()
2025-01-02T17:34:18+08:00 WRN OpenSSL/BoringSSL version not found. error="OpenSSL/BoringSSL version not found" soPath=/usr/lib/aarch64-linux-gnu/libssl.so.3
2025-01-02T17:34:18+08:00 WRN Try to detect libcrypto.so.3. If you have doubts, See https://github.com/gojue/ecapture/discussions/675 for more information.
2025-01-02T17:34:18+08:00 INF Try to detect imported libcrypto.so  imported=libcrypto.so.3 soPath=/usr/lib/aarch64-linux-gnu/libcrypto.so.3
2025-01-02T17:34:18+08:00 INF origin versionKey="openssl 3.0.13" versionKeyLower="openssl 3.0.13"
2025-01-02T17:34:18+08:00 INF OpenSSL/BoringSSL version found Android=false library version="openssl 3.0.13"
2025-01-02T17:34:18+08:00 INF Hook masterKey function ElfType=2 Functions=["SSL_get_wbio","SSL_in_before","SSL_do_handshake"] binrayPath=/usr/lib/aarch64-linux-gnu/libssl.so.3
2025-01-02T17:34:18+08:00 INF target all process.
2025-01-02T17:34:18+08:00 INF target all users.
2025-01-02T17:34:18+08:00 INF setupManagers eBPFProgramType=Text
2025-01-02T17:34:18+08:00 INF BPF bytecode file is matched. bpfFileName=user/bytecode/openssl_3_0_0_kern_noncore.o
2025-01-02T17:34:18+08:00 FTL module run failed. error="couldn't init manager xxx error:operation not permitted , couldn't adjust RLIMIT_MEMLOCK" isReload=false

在arm架构下的docker里，也出现了这个错误，最新的版本9.2 ，如何解决？ @dosu