8000 Frida broken on Android 12 (emulators only?), and the error told me to file a bug report. · Issue #1917 · frida/frida · GitHub
[go: up one dir, main page]
More Web Proxy on the site http://driver.im/
Skip to content

Frida broken on Android 12 (emulators only?), and the error told me to file a bug report. #1917

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
BLuFeNiX opened this issue Nov 23, 2021 · 7 comments
Open

Frida broken on Android 12 (emulators only?), and the error told me to file a bug report. #1917

BLuFeNiX opened this issue Nov 23, 2021 · 7 comments

Comments

@BLuFeNiX
Copy link
BLuFeNiX commented Nov 23, 2021
edited
Loading

Hi, when trying to run frida on an Android 12 (API 31) emulator, I get the following output:

$ adb shell 'su 0 /data/local/tmp/frida-server'
{"type":"error","description":"TypeError: r is not a function","stack":"TypeError: r is not a function\n    at CallbackContext.lt (frida/node_modules/frida-java-bridge/lib/android.js:547:1)\n    at NativeFunction.<anonymous> (<anonymous>)\n    at dt (frida/node_modules/frida-java-bridge/lib/android.js:542:1)\n    at frida/node_modules/frida-java-bridge/lib/class-model.js:112:1\n    at Function.build (frida/node_modules/frida-java-bridge/lib/class-model.js:7:1)\n    at I._make (frida/node_modules/frida-java-bridge/lib/class-factory.js:115:1)\n    at I.use (frida/node_modules/frida-java-bridge/lib/class-factory.js:63:1)\n    at frida/node_modules/frida-java-bridge/index.js:212:1\n    at c.perform (frida/node_modules/frida-java-bridge/lib/vm.js:11:1)\n    at g._performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:211:1)","fileName":"frida/node_modules/frida-java-bridge/lib/android.js","lineNumber":547,"columnNumber":1}
{"type":"error","description":"Error: Unable to perform state transition; please file a bug","stack":"Error: Unable to perform state transition; please file a bug\n    at dt (frida/node_modules/frida-java-bridge/lib/android.js:542:1)\n    at frida/node_modules/frida-java-bridge/lib/class-model.js:112:1\n    at Function.build (frida/node_modules/frida-java-bridge/lib/class-model.js:7:1)\n    at I._make (frida/node_modules/frida-java-bridge/lib/class-factory.js:115:1)\n    at I.use (frida/node_modules/frida-java-bridge/lib/class-factory.js:63:1)\n    at frida/node_modules/frida-java-bridge/index.js:212:1\n    at c.perform (frida/node_modules/frida-java-bridge/lib/vm.js:11:1)\n    at g._performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:211:1)\n    at g.perform (frida/node_modules/frida-java-bridge/index.js:192:1)\n    at /internal-agent.js:490:6","fileName":"frida/node_modules/frida-java-bridge/lib/android.js","lineNumber":542,"columnNumber":1}

Here's that output after formatting, for convenience:

{
  "type": "error",
  "description": "TypeError: r is not a function",
  "stack": "TypeError: r is not a function\n    at CallbackContext.lt (frida/node_modules/frida-java-bridge/lib/android.js:547:1)\n    at NativeFunction.<anonymous> (<anonymous>)\n    at dt (frida/node_modules/frida-java-bridge/lib/android.js:542:1)\n    at frida/node_modules/frida-java-bridge/lib/class-model.js:112:1\n    at Function.build (frida/node_modules/frida-java-bridge/lib/class-model.js:7:1)\n    at I._make (frida/node_modules/frida-java-bridge/lib/class-factory.js:115:1)\n    at I.use (frida/node_modules/frida-java-bridge/lib/class-factory.js:63:1)\n    at frida/node_modules/frida-java-bridge/index.js:212:1\n    at c.perform (frida/node_modules/frida-java-bridge/lib/vm.js:11:1)\n    at g._performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:211:1)",
  "fileName": "frida/node_modules/frida-java-bridge/lib/android.js",
  "lineNumber": 547,
  "columnNumber": 1
}

{
  "type": "error",
  "description": "Error: Unable to perform state transition; please file a bug",
  "stack": "Error: Unable to perform state transition; please file a bug\n    at dt (frida/node_modules/frida-java-bridge/lib/android.js:542:1)\n    at frida/node_modules/frida-java-bridge/lib/class-model.js:112:1\n    at Function.build (frida/node_modules/frida-java-bridge/lib/class-model.js:7:1)\n    at I._make (frida/node_modules/frida-java-bridge/lib/class-factory.js:115:1)\n    at I.use (frida/node_modules/frida-java-bridge/lib/class-factory.js:63:1)\n    at frida/node_modules/frida-java-bridge/index.js:212:1\n    at c.perform (frida/node_modules/frida-java-bridge/lib/vm.js:11:1)\n    at g._performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:211:1)\n    at g.perform (frida/node_modules/frida-java-bridge/index.js:192:1)\n    at /internal-agent.js:490:6",
  "fileName": "frida/node_modules/frida-java-bridge/lib/android.js",
  "lineNumber": 542,
  "columnNumber": 1
}

This is all on the latest version (15.1.12), running on x86_64. The emulator in question was freshly installed (multiple times), wiped, cold booted, etc. The avdmanager string used to create the AVD is system-images;android-31;default;x86_64.

I have also updated my pip packages, as seen here:

$ pip freeze | grep frida
frida==15.1.12
frida-tools==10.4.1

And here are some additional tests (with frida-server still running after printing the original error):

$ frida-ps -U
Failed to enumerate processes: cannot read property 'getRunningAppProcesses' of undefined

$ adb shell ps -A | grep frida
root         18320   447 10903992 102840 0                  0 S frida-server
$ adb shell ps -A | grep system_server
system         556   360 22941640 369312 0                  0 S system_server

$ frida -U -n system_server
     ____
    / _  |   Frida 15.1.12 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/

Failed to spawn: cannot read property 'getRunningAppProcesses' of undefined

Even though I could not attach to system_server by name, I can attach by PID (although it takes several seconds).

$ frida -U -p 556
     ____
    / _  |   Frida 15.1.12 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
                                                                                
[Android Emulator 5554::PID::556]-> Java.available
true
[Android Emulator 5554::PID::556]->                                                          
[Android Emulator 5554::PID::556]->                                                          

Thank you for using Frida!

I get similar issues when running via the python bindings, which is what led me to this. Please let me know if I can help test anything else.
@BLuFeNiX BLuFeNiX changed the title Frida broken on Android 12 (and the error told me to file a bug report) Frida broken on Android 12 emulators (and the error told me to file a bug report) Nov 24, 2021
@BLuFeNiX
Copy link
Author

Update: I do not get this behavior on a physical Android 12 device, so this may affect either only emulators or only x64.

@BLuFeNiX BLuFeNiX changed the title Frida broken on Android 12 emulators (and the error told me to file a bug report) Frida broken on Android 12 (emulators only?), and the error told me to file a bug report. Nov 24, 2021
@fuomag9
Copy link
fuomag9 commented Dec 19, 2021

same issue on an android 12 emulator

@vfsfitvnm
Copy link

It looks like art::gc::Heap::GetInstances is missing on Android 12.
We probably should find a way to call VisitObjects...

@cryptax
Copy link
cryptax commented Jan 7, 2022

Oops. Hadn't seen this issue when I posted mine. Isn't the issue with the new multi arch support of Android 11+?
See #1977: note that my prompt is emulator64_x86_64_arm64 and that I am trying to use frida-server-15.1.14-android-x86_64: is this a potential architecture mismatch between x86_64_arm64 and x86_64?

@cryptax cryptax mentioned this issue Jan 7, 2022
Closed
@root-intruder
Copy link

+1 having the same issue

@root-intruder root-intruder mentioned this issue Jan 11, 2022
Open
@daMatz
Copy link
daMatz commented Jan 19, 2022

I have the same issue with an Android 12 x86_64 AVD emulator with the latest frida-server-15.1.14-android-x86_64 server:

$adb shell "/data/local/tmp/frida-server &"
{"type":"error","description":"TypeError: r is not a function","stack":"TypeError: r is not a function\n    at CallbackContext.lt (frida/node_modules/frida-java-bridge/lib/android.js:548:1)\n    at NativeFunction.<anonymous> (<anonymous>)\n    at dt (frida/node_modules/frida-java-bridge/lib/android.js:543:1)\n    at frida/node_modules/frida-java-bridge/lib/class-model.js:112:1\n    at Function.build (frida/node_modules/frida-java-bridge/lib/class-model.js:7:1)\n    at I._make (frida/node_modules/frida-java-bridge/lib/class-factory.js:115:1)\n    at I.use (frida/node_modules/frida-java-bridge/lib/class-factory.js:63:1)\n    at frida/node_modules/frida-java-bridge/index.js:212:1\n    at c.perform (frida/node_modules/frida-java-bridge/lib/vm.js:11:1)\n    at y._performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:211:1)","fileName":"frida/node_modules/frida-java-bridge/lib/android.js","lineNumber":548,"columnNumber":1}
{"type":"error","description":"Error: Unable to perform state transition; please file a bug","stack":"Error: Unable to perform state transition; please file a bug\n    at dt (frida/node_modules/frida-java-bridge/lib/android.js:543:1)\n    at frida/node_modules/frida-java-bridge/lib/class-model.js:112:1\n    at Function.build (frida/node_modules/frida-java-bridge/lib/class-model.js:7:1)\n    at I._make (frida/node_modules/frida-java-bridge/lib/class-factory.js:115:1)\n    at I.use (frida/node_modules/frida-java-bridge/lib/class-factory.js:63:1)\n    at frida/node_modules/frida-java-bridge/index.js:212:1\n    at c.perform (frida/node_modules/frida-java-bridge/lib/vm.js:11:1)\n    at y._performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:211:1)\n    at y.perform (frida/node_modules/frida-java-bridge/index.js:192:1)\n    at /internal-agent.js:490:6","fileName":"frida/node_modules/frida-java-bridge/lib/android.js","lineNumber":543,"columnNumber":1}

@vfsfitvnm vfsfitvnm mentioned this issue Feb 15, 2022
Closed
@severecold
Copy link

It looks like art::gc::Heap::GetInstances is missing on Android 12. We probably should find a way to call VisitObjects...

this AOSP CL ? How should we fix it ?
https://android-review.googlesource.com/c/platform/art/+/1442959

@ltxg ltxg mentioned this issue May 21, 2022
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@fuomag9 @severecold @cryptax @BLuFeNiX @daMatz @vfsfitvnm @root-intruder
0