-
Notifications
You must be signed in to change notification settings - Fork 1.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Frida 12.5.2 GOT JAVA ERROR #877
Comments
Same case for me, with Frida 12.6.4. Environment:
How to reproduce:
Note that |
@cryptax Which version of Android is that running? |
Ok. Could you check logcat for audit error messages ending in |
Unfortunately, there's nothing in both cases. Let me know if I can test anything else. |
The issue is still there on
Indeed, there is |
@ksg97031 you probably had an issue with rooting. This is not my case. @oleavr, the bug is still there.
and when I launch frida-server:
I used to have This is with Frida Server 12.6.6 ARM64 on Android 8.0.0, on a Samsung Galaxy S7 Edge |
Same on Frida Server 12.6.10 ARM64. |
@cryptax This is a ROM-specific issue, so unfortunately I can't fix it without access to a matching device. My only test devices are Pixel 3, Nexus 5X, and Samsung Galaxy S5 Edge. Frida works great on all of them. |
Would encourage you to dig into frida-java to figure out why this fails on your particular device. Use this playground recipe to add temporary logging to frida-java: |
@oleavr Could you provide me a debug version of the frida-server, for example with all traces enabled, so that I can run it on mine and provide you with a nice trace? |
@cryptax There isn't any logging/tracing to enable, so the only way to investigate this is to use the playground approach, which allows you to use a local copy of frida-java where you can add logging to better understand what's failing. This issue is probably isolated to |
Am I meant to run frida-java on Android instead of frida-server? |
Similar issue on another Samsung device. Can you try to run frida-server from another path? I assume the answer will be the same issue. |
I tried from |
Running zeroflte (Samsung Galaxy S6) and ran in-to similar challenges. $ curl -LO https://github.com/frida/frida/releases/download/12.7.5/frida-server-12.7.5-android-arm64.xz
$ unxz frida-server-12.7.5-android-arm64.xz
$ adb push frida-server-12.7.5-android-arm64 /data/local/tmp/frida-server
frida-server-12.7.5-android-arm64: 1 file pushed. 18.0 MB/s (38414672 bytes in 2.039s)
zeroflte:/ $ cd /data/local/tmp
zeroflte:/data/local/tmp $ chmod 755 frida-server
zeroflte:/data/local/tmp $ su
zeroflte:/data/local/tmp # chown root:root frida-server
zeroflte:/data/local/tmp # ./frida-server -v
Unable to preload: Unable to access zygote while preparing for app launch; try disabling Magisk Hide in case it is active The following hints on a SELinux denial: zeroflte:/data/local/tmp # grep -r frida /data
/data/misc/audit/audit.old:type=1400 audit(1569395181.179:383): avc: denied { read_policy } for pid=15892 comm="frida" scontext=u:r:shell:s0 tcontext=u:object_r:kernel:s0 tclass=security permissive=0 SEPF_SECMOBILE_7.0_0010 Within SELinux securable objects have a context inherited from parent directory. Here I try to mimic the context of the file /system/bin/cmd. zeroflte:/data/local/tmp # ls -Z /system/bin/cmd
u:object_r:system_file:s0 /system/bin/cmd
zeroflte:/data/local/tmp # chcon -Rv u:object_r:system_file:s0 ./frida-server ./re.frida.server
chcon 'frida-server' to u:object_r:system_file:s0
chcon 're.frida.server' to u:object_r:system_file:s0
chcon 're.frida.server/frida-helper-32' to u:object_r:system_file:s0
chcon 're.frida.server/pipe-ed5e76cdfd00e4333a3d2ad79e17c887' to u:object_r:system_file:s0
chcon 're.frida.server/frida-agent-32.so' to u:object_r:system_file:s0
chcon 're.frida.server/frida-agent-64.so' to u:object_r:system_file:s0
chcon 're.frida.server/linjector-2' to u:object_r:system_file:s0
chcon 're.frida.server/pipe-0e6fd4c2195e009c3dfc962bbb08992e' to u:object_r:system_file:s0
chcon 're.frida.server/linjector-1' to u:object_r:system_file:s0
chcon 're.frida.server/pipe-98d64d8f71c44666916a3c7d56f956e7' to u:object_r:system_file:s0
chcon 're.frida.server/linjector-4' to u:object_r:system_file:s0
chcon 're.frida.server/pipe-ec4956713b853fe5fc5c73bf25cd063a' to u:object_r:system_file:s0
chcon 're.frida.server/linjector-6' to u:object_r:system_file:s0
chcon 're.frida.server/pipe-4575be4dfde8690d7ef82bbf5d414c54' to u:object_r:system_file:s0
chcon 're.frida.server/linjector-3' to u:object_r:system_file:s0
chcon 're.frida.server/pipe-75659ac350740f28576aa97342f5ed5a' to u:object_r:system_file:s0
chcon 're.frida.server/linjector-21' to u:object_r:system_file:s0 This did not work. zeroflte:/data/local/tmp # ./frida-server -v
Unable to preload: Unable to access zygote while preparing for app launch; try disabling Magisk Hide in case it is active I then simply remounted /system rw and copied frida-server to /system/bin: zeroflte:/data/local/tmp # mount -o rw,remount /system
zeroflte:/data/local/tmp # cp ./frida-server /system/bin
zeroflte:/data/local/tmp # ls -Z /system/bin/frida-server
u:object_r:system_file:s0 /system/bin/frida-server I then ran /system/bin/frida-server to verify it works, rebooted phone and now I can launch apps and attach to things. If this does not work you may be able to use 'magiskpolicy' to change the live policies. |
I'm running into this as well, it's a known issue with some Samsung kernels. https://stackoverflow.com/questions/36674727/permission-denied-on-exec-from-a-binary-running-as-root You can see the error in
On kernels 3.17 and newer, we can use memfd_create (like I did in frida/frida-core#273), but that still doesn't help for all the devices running 3.10. |
Workaround: mount -o bind /data/local/tmp/frida-server /system/bin/pppd
# Then run /system/bin/pppd instead of /data/local/tmp/frida-server |
I have met the same question with almost identical log in huawei P30:
Any idea>,< |
s8 android 9 same issue
how to use the 'magiskpolicy' ? |
I also have this issue on a rooted Samsung S8, Android 8.0, frida-server-12.8.6-android-arm64. No workarounds above worked :( |
@kripthor Can you share the output from |
@Manouchehri I see nothing relevant or remotely related in dmesg. 127|dreamlte:/data/local/tmp # ./frida-server-12.8.9-android-arm64 I can still attach to processes from the client side. I just can't spawn a process. This WORKS: This DOESN'T WORK: Device is rooted but there is no Magisk Hide. On a side note, I cannot do "setenforce 0": This might be probably related with what you mentioned about some Samsung kernels. The question remains, by solving the SELinux issue, does the frida one gets solved. Or they should be addressed separately? Although I can still attach to process, achieving early instrumentation is impossible with the ability to spawn. :( |
@kripthor dmesg still likely has the error message, could you share it anyway? Also, could you try #877 (comment)? |
Solved some issues on samsung devices |
This worked for me:
|
same issue
I have done
not work frida-server --version. --> 12.8.20 android device: HUAWEI P30 ELE-AL00 Android 10 uname -a id |
@waruqi Could you post the output of |
Although frida-server will still prompt the |
And I cannot trace java methods.
|
I have run Unable to save SELinux policy to the kernel: Out of memory
{"type":"error","description":"Error: Java API not available","stack":"Error: Java API not available\n at f._checkAvailable (frida/node_modules/frida-java-bridge/index.js:274:1)\n at f.perform (frida/node_modules/frida-java-bridge/index.js:190:1)\n at /internal-agent.js:270:6","fileName":"frida/node_modules/frida-java-bridge/index.js","lineNumber":274,"columnNumber":1} |
By the way, I still have this issue.
With a Java Bridge and Playground, I compiled a long time ago a custom frida server. With that server, I am able to perform So, 2 questions:
Thanks! |
03-16 10:18:21.955 13276 13276 F libc : Fatal signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0x28 in tid 13276 (frida-server), pid 13276 (frida-server) |
Frida [latest]. |
If doing it from Python / in an automated way, make sure pid is not 0 or some other invalid value, as it returns exactly the same error... |
I searched for "Java API not available" and got here, and by reading the code, on my own platform, I solved the problem. |
{"type":"error","description":"Error: Java API not available","stack":"Error: Java API not available\n at assertJavaApiIsAvailable (frida/node_modules/frida-java/index.js:85:1)\n at Runtime.perform (frida/node_modules/frida-java/index.js:277:1)\n at /internal-agent.js:241:6","fileName":"frida/node_modules/frida-java/index.js","lineNumber":85,"columnNumber":1}
#
https://i.imgur.com/zegJ1Up.png
The text was updated successfully, but these errors were encountered: