Issue with screenrecord at the end of pirogue-intercept

[THouriezPEReN]

Hello,

I encounter an error while trying to run the updated version of pirogue-intercept-tls which comes with screenrecording integrated.

I am using:

• Pixel 4a with android 11
• Pirogue OS upgraded just yesterday

At the end of the interception, pulling the created mp4 file fails.

pi@raspberrypi:~ $ sudo pirogue-intercept-single -U -f example.package -o ./output
16:45:41 WARNING  [pirogue_cli.frida.capture_manager] Could not load configuration - skipping.                                                                                                                     
16:45:42 INFO     [pirogue_cli.android.device] ⚡ Connecting to the USB device...                                                                                                                                  
         INFO     [pirogue_cli.android.device] ⚡ Connected...   
(...)
         ERROR    [pirogue_cli.android.screen] Command 'adb pull /data/local/tmp/screen.mp4 ./output/screen.mp4' returned non-zero exit status 1.
(...)

The screenrecord works fine inside an adb shell. I think the error comes from pulling the result file which has limited rights.

1|sunfish:/data/local/tmp # ls -al | egrep screen                                                                                                                                                                 
-rw------- 1 root  root   2946078 2023-09-26 09:03 screen.mp4

Is there any way we can disable the recording as an option ?

Thank you in advance.

[U039b]

Hi!

Thank you for filling this issue. For the moment, there is no option available to disable the recording of the screen. This will be implemented in the upcoming versions. In the meantime, can you try running pirogue-intercept-single without sudo and tell me if pulling the recording works properly?

[THouriezPEReN]

Thank you for you fast response,

Trying to run it without sudo leaves me with the following error:

pi@raspberrypi:~ $ pirogue-intercept-single -U -f example.package -o ./output
Traceback (most recent call last):
  File "/usr/bin/pirogue-intercept-single", line 33, in <module>
    sys.exit(load_entry_point('pirogue-cli==1.0.16', 'console_scripts', 'pirogue-intercept-single')())
  File "/usr/bin/pirogue-intercept-single", line 25, in importlib_load_entry_point
    return next(matches).load()
  File "/usr/lib/python3.9/importlib/metadata.py", line 77, in load
    module = import_module(match.group('module'))
  File "/usr/lib/python3.9/importlib/__init__.py", line 127, in import_module
    return _bootstrap._gcd_import(name[level:], package, level)
  File "<frozen importlib._bootstrap>", line 1030, in _gcd_import
  File "<frozen importlib._bootstrap>", line 1007, in _find_and_load
  File "<frozen importlib._bootstrap>", line 986, in _find_and_load_unlocked
  File "<frozen importlib._bootstrap>", line 680, in _load_unlocked
  File "<frozen importlib._bootstrap_external>", line 790, in exec_module
  File "<frozen importlib._bootstrap>", line 228, in _call_with_frames_removed
  File "/usr/lib/python3/dist-packages/pirogue_cli/network/intercept_single.py", line 8, in <module>
    from pirogue_cli.frida.instrument_single import FridaApplication
  File "/usr/lib/python3/dist-packages/pirogue_cli/frida/instrument_single.py", line 5, in <module>
    from frida_tools.application import ConsoleApplication
  File "/usr/lib/python3/dist-packages/frida_tools/application.py", line 23, in <module>
    import frida
  File "/home/pi/.local/lib/python3.9/site-packages/frida/__init__.py", line 17, in <module>
    from . import core
  File "/home/pi/.local/lib/python3.9/site-packages/frida/core.py", line 39, in <module>
    from typing_extensions import NotRequired
ImportError: cannot import name 'NotRequired' from 'typing_extensions' (/usr/lib/python3/dist-packages/typing_extensions.py)

The fact that it crashes does not surprise me since pirogue-intercept-single runs tcpdump in the back. How could i launch it without superuser rights ? I think i'm missing something.

[U039b]

If the command cannot start tcpdump it will tell you how to fix it. The issue you are facing right now has nothing to do with rights or permissions, it is probably due to an out-dated version of Python or an out-dated version of typing_extensions. You can try fixing it by upgrading either Python or just the typing_extensions package.

[THouriezPEReN]

Indeed, i was using typing_extensions with version 3.7.4.3 , updating it gives me clear explanation on how to tcpdump without sudo.

I now have this:

pi@raspberrypi: $ pirogue-intercept-single -U -f package.example -o ./output
12:24:22 WARNING  [pirogue_cli.frida.capture_manager] Could not load configuration - skipping.                                                                                                                     
12:24:23 INFO     [pirogue_cli.android.device] ⚡ Connecting to the USB device...                                                                                                                                  
         INFO     [pirogue_cli.android.device] ⚡ Connected...                                                                                                                                                     
         INFO     [pirogue_cli.frida.capture_manager] Saving device properties                                                                                                                                     
12:24:24 INFO     [pirogue_cli.android.device] ⚡ Frida server is already running...                                                                                                                               
         INFO     [pirogue_cli.network.packet_capture] ⚡ Starting network interception...                                                                                                                         
12:24:25 INFO     [pirogue_cli.android.screen] ⚡ Starting screen recording...                                                                                                                                     
Failed to spawn: unable to communicate with remote frida-server; please ensure that major versions match and that the remote Frida has the feature you are trying to use
Stopping
Saving captured data
         INFO     [pirogue_cli.frida.capture_manager] Saving data captured by Frida                                                                                                                                
         INFO     [pirogue_cli.android.screen] ⚡ Stopping screen recording...                                                                                                                                     
12:24:26 INFO     [pirogue_cli.android.screen] ⚡ Retrieving the screencast from the device...                                                                                                                     
         ERROR    [pirogue_cli.android.screen] Command 'adb pull /data/local/tmp/screen.mp4 ./output/screen.mp4' returned non-zero exit status 1.  

I will try to look into the frida-server error first.

[THouriezPEReN]

I have frida version 16.1.4 installed.
Erasing the frida-server on the phone causes a re-download of version 15.1.7 which runs when i use sudo but does not when i try it manually or run pirogue-intercept-tls without sudo.

Changing video rights with chmod a+r screen.mp4 before the end of pirogue-intercept-tls seems to solve solve the error though.

[U039b]

You probably have 2 versions of Frida installed on your system. Do you have installed one by hand? Can you please check the output of sudo dpkg -l | grep frida?

[THouriezPEReN]

It might be the case

pi@raspberrypi:~ $ sudo dpkg -l | grep frida
ii  frida                                15.1.17~pirogue2                 arm64        dynamic instrumentation toolkit for reverse-engineering
pi@raspberrypi:~ $ frida --version
16.1.4

[THouriezPEReN]

Indeed i think one of my colleagues must have installed the latest version, i will check with them ASAP so we can focus on the screenrecord part of this issue.

[THouriezPEReN]

Hello,
Coming back after a long time on this, did not take time to investigate further last time, i'm sorry.

This time using a clean pirogue install with a phone on android 11.
I am still able to reproduce the error on adb pulling screen.mp4, using pirogue-intercept-single both with and without sudo.

Adding this line here seems enough:
self.device.adb_shell(f'chmod 604 {self.device_path}')

If you are okay with the patch, i can start a PR.

[U039b]

Hi!
Welcome back :) It looks good to me. Feel free to push the patch.

[U039b]

I just published the release of the PiRogue CLI package version 1.1.1.
It's already available on the PPA: https://github.com/PiRogueToolSuite/debian-12/blob/main/pirogue/pirogue-cli_1.1.1_all.deb

To update your PiRogue, run the following commands:

sudo apt update
sudo apt install pirogue-cli  # or sudo apt dist-upgrade

Can you please confirm this version of the package fixes the issue?

[THouriezPEReN]

Hello, thanks for the update.
I do not have the android 11 phone available to me today.

Is Android 13 supposed to be supported now ? I have frida-server launch issues on this one but this phone is also in a different OS /conf setup and it could come from this.

I'll try to test ASAP on the android 11 i used to make the tests earlier this week.

[THouriezPEReN]

It was indeed a problem with the phone.

I can confirm, the recording worked even on an android 13 phone.

Issue can be closed.

Thanks !

[U039b]

Thank you.