Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

unable to connect to remote frida-server #582

Open
ghost opened this issue Aug 2, 2018 · 13 comments

Comments

@ghost
Copy link

commented Aug 2, 2018

macOS:10.13.5
python3.7
frida: 12.0.8
frida-tools: 1.1.0
ios: iPhone7plus 11.3.1
frida-server: 12.0.8

iPhone7p:~ root# lsof -i :27042
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
frida-ser 419 root 5u IPv4 0xf4c60ab784ee7fd7 0t0 TCP localhost:27042 (LISTEN)

iPhone7p:~ root# ps -e | grep frida
419 ?? 0:00.01 /usr/sbin/frida-server
2257 ttys000 0:00.00 grep frida
iPhone7p:~ root#

macOS:
oooo:~ oooo$ iproxy 27042 27042
waiting for connection
accepted connection, fd = 4
waiting for connection
Number of available devices == 0
No connected device found, terminating.

oooo:~ oooo$ frida-ps -H 192.168.1.4
Failed to enumerate processes: unable to connect to remote frida-server
oooo:~ oooo$ frida-ps -R
Failed to enumerate processes: unable to connect to remote frida-server: Error receiving data: Connection reset by peer
oooo:~ oooo$

@cvt126

This comment has been minimized.

Copy link

commented Aug 17, 2018

you can do this:

adb forward tcp:27042 tcp:27042
adb forward tcp:27043 tcp:27043

@ghost

This comment has been minimized.

Copy link
Author

commented Aug 28, 2018

@cvt126 ios

@TheKalin

This comment has been minimized.

Copy link

commented Aug 28, 2018

@ooszero Make sure that your iPhone is paired/trusted to the macos.

@in7egral

This comment has been minimized.

Copy link

commented Aug 28, 2018

server side:

/usr/bin/frida-server -l 192.168.1.4

client side:

frida-ps -H 192.168.1.4

Just tried with latest frida 12.1.0 and everything works fine.

@ghost

This comment has been minimized.

Copy link
Author

commented Aug 28, 2018

@in7egral

My frida-server is installed on /usr/sbin by default, and it starts automatically.
Then I killed the process and he restarted it. Then I moved him to /usr/bin/.
Then I'll /usr/bin/frida-server -l 192.168.1.4 again.

iPhone7p:~ root# /usr/bin/frida-server -l 192.168.1.4
2018-08-28 22:01:08.706 frida-server[2628:94693] Frida: Unable to check in with launchd: are we running standalone?

frida-ps -H 192.168.1.4
Connection success

@in7egral

This comment has been minimized.

Copy link

commented Aug 28, 2018

You can check launchd plist that starts frida and change command line /usr/bin/frida-server with specifying IP. If you don't care about security (but change password from alpine to something strong!) you can just leave /usr/bin/frida-server -l 0.0.0.0.

Step by step guide.

  1. Locate file re.frida.server.plist (it's not bplist, just simple xml)

  2. Edit it:

From:

<key>Program</key>
	<string>/usr/sbin/frida-server</string>
	<key>ProgramArguments</key>
	<array>
		<string>/usr/sbin/frida-server</string>
	</array>

To:

<key>Program</key>
	<string>/usr/sbin/frida-server</string>
	<key>ProgramArguments</key>
	<array>
		<string>/usr/sbin/frida-server -l 192.168.1.4</string>
	</array>
  1. Reboot device and activate your jb
@ghost

This comment has been minimized.

Copy link
Author

commented Aug 28, 2018

@in7egral

<key>Program</key>
<string>/usr/sbin/frida-server</string>
<key>ProgramArguments</key>
<array>
	<string>/usr/sbin/frida-server -l 0.0.0.0</string>
</array>

or

<key>Program</key>
<string>/usr/sbin/frida-server</string>
<key>ProgramArguments</key>
<array>
	<string>/usr/sbin/frida-server -l 192.168.1.4</string>
</array>

Reboot device and activate jb
ssh root@192.168.1.4
ps -e | grep frida-server

408 ??         0:00.08 /usr/sbin/frida-server -l 192.168.1.4

connection failed

It is necessary to manually call /usr/sbin/frida-server -l 0.0.0.0 once.

connection success

@in7egral

This comment has been minimized.

Copy link

commented Aug 28, 2018

Have no idea why this happens (it maybe be due to services startup sequence). But at least you can run it manually and this works.

P.S. It doesn't matter where frida-server is located - /usr/sbin or /usr/bin. But avoid to use '/var/' or '/tmp/' and all sub catalogs (due to sandbox policies).

@ghost

This comment has been minimized.

Copy link
Author

commented Aug 28, 2018

@in7egral


COMMAND   PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
frida-ser 901 root    5u  IPv4 0x792515c1a9a3a581      0t0  TCP localhost:27042 (LISTEN)
frida-ser 909 root    6u  IPv4 0x792515c1aa799c31      0t0  TCP 192.168.1.4:27042 (LISTEN)

PID:901 launchd
PID:909 run it manually

@baptx

This comment has been minimized.

Copy link

commented Nov 25, 2018

I also had this issue and used the workaround by adding -l 0.0.0.0 when starting frida-server. Does someone know why it does not work without this parameter? A fix would be nice.

@xiaomiwang

This comment has been minimized.

Copy link

commented Jan 7, 2019

@in7egral @baptx @ooszero
I think we can solve this issue via the next way.

  1. use launchctl unload -w /Library/LaunchDaemons/re.frida.server.plist command to stop the process.

  2. Then modity file "/Library/LaunchDaemons/re.frida.server.plist" from
    <key>Program</key>
    <string>/usr/sbin/frida-server</string>
    <key>ProgramArguments</key>
    <array>
    <string>/usr/sbin/frida-server</string>
    </array>

to

<key>Program</key>
<string>/usr/sbin/frida-server</string>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/frida-server</string>
<string>-l</string>
<string>0.0.0.0</string>
</array>.

3.use launchctl load -w /Library/LaunchDaemons/re.frida.server.plist command to start the process.

@zheng66666

This comment has been minimized.

Copy link

commented May 16, 2019

hello world

@dragonxtek

This comment has been minimized.

Copy link

commented Jun 27, 2019

Are you using any proxy in Android?
I had the same issue because i was using iptables on Android to redirect all traffict to burp suite. To exclude Frida traffic (ports 27042 and 27043) you must add the following rules to iptables (in the same order):
iptables -t nat -A OUTPUT -p tcp --dport 27042 -j REDIRECT --to-ports 27042
iptables -t nat -A OUTPUT -p tcp --dport 27043 -j REDIRECT --to-ports 27043
iptables -t nat -A OUTPUT -p tcp -j DNAT --to-destination IP_BURP:PORT_BURP

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
7 participants
You can’t perform that action at this time.