Cannot start frida server: Unknown device though it is enrolled

[cryptax]

On Dexcalibur, in the hook panel, I see that my Frida server is stopped and that I should click to start it. However, when I click, it fails to stop it and produces a log error "Unknow device. Device not connected not enrolled ?". Of course, the device is enrolled :)

Frida server is indeed not started on the emulator (can't find it with ps). The device is enrolled : Dexcalibur even uploaded frida_server in /data/local/tmp.

This is the error I get:

Error: [FRIDA HELPER] Unknow device. Device not connected not enrolled ?
    at Function.startServer (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/src/FridaHelper.js:199:19)
    at /home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/src/WebServer.js:918:52
    at Layer.handle [as handle_request] (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/express/lib/router/layer.js:95:5)
    at next (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/express/lib/router/route.js:137:13)
    at Route.dispatch (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/express/lib/router/route.js:112:3)
    at Layer.handle [as handle_request] (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/express/lib/router/layer.js:95:5)
    at /home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/express/lib/router/index.js:281:22
    at Function.process_params (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/express/lib/router/index.js:335:12)
    at next (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/express/lib/router/index.js:275:10)
    at jsonParser (/home/axelle/.nvm/versions/node/v12.20.0/lib/node_modules/dexcalibur/node_modules/body-parser/lib/types/json.js:101:7)

This is the Frida server I have on the emulator. I have the same version on my host.

1|generic_x86_64:/data/local/tmp $ ./frida_server --version                                                                                      
14.1.3

Interesting: If I launch frida_server manually, dexcalibur's web interface still claims it has not started.

generic_x86_64:/data/local/tmp # ./frida_server                                                                                                  

There is only one emulator:

$ adb devices
List of devices attached
emulator-5554   device

Desktop (please complete the following information):

• OS: Linux Mint 20
• Node JS version: 12.20.0
• Dexcalibur version (see 'package.json' or output) : 0.7.3

If you think this issue is related to your device, please fill following information:

• Android version: 8.0 x86 emulator
• Rooted

[FrenchYeti]

Can you go to "Settings > Target device" and click on "Bridge" field ?

Unknow device error happens when a default device is not define for the project. The panel Settings > Target deviceallow you to change default device by selecting an enrolled device into the list.

When the device is connected. Into bridge list, you can select how to communicate with your device. By default, the bridge is the bridge used during enrollment, most of time is 'adb+usb', but if you have configured ADB over TCP, you should see 'adb+tcp' too.

I will investigate your issue

[cryptax]

Where is that Bridge field?

[FrenchYeti]

When you have a project opened. Browse nav bar to "Settings > Target Devices"

[cryptax]

Ah ok. In the bridge field, I have up and down:

[FrenchYeti]

And have you device into "Target device " list ? It seems there is not default device associated to this project.

[cryptax]

Ok that solves the issue. I didn't know you had to do that.

1. I selected the target device
2. Selected the bridge

and then now I can click on the button that says to start the Frida server, and it's happy.

Except ... it is not running :(

generic_x86_64:/data/local/tmp # ls -al
total 134824
drwxrwx--x 3 shell shell     4096 2020-12-11 14:14 .
drwxr-x--x 3 root  root      4096 2020-05-11 12:34 ..
drwxrwxrwx 4 root  root      4096 2020-10-23 14:28 .studio
-rwxrwxrwx 1 root  root         0 2020-05-11 15:31 dump
-rwxrw-rw- 1 root  root  52884744 2020-05-11 15:02 frida-server-12.8.20-android-x86_64
-rwxrw-rw- 1 shell shell 28324076 2020-12-10 11:12 frida-server-14.1.3-android-x86
-rwxrwxrwx 1 shell shell 56829624 2020-12-10 11:24 frida_server
generic_x86_64:/data/local/tmp # ps -A | grep frida

So, if I click on "run spawn" for example, it complains: Error: Unable to connect to remote frida-server: closed]. But maybe you can consider that as a different issue.

I launch it manually. Then I get [Error: Unable to communicate with remote frida-server; please ensure that major versions match and that the remote Frida has the feature you are trying to use]. Looks like Dexcalibur is not expecting this version (14.1.3)...

But ... when I launch another frida server I have there, version 12.8.20, it works :) at last...

[cryptax]

Unpacked my malware, at "no cost" :) [well, besides learning Dexcalibur]

[FrenchYeti]

That why i anwser always : please wait the v1.0 XD I fully rewrote it in TypeScript and fixed lot of things. Sorry ... i will investigate now

[FrenchYeti]

I remembered the reason is a known issue with frida-node. Because while a long time max major version of frida supported by frida-node was 12.x. At this moment, frida major version was 13.x.

It's not still a problem, so i can remove version limit from packages.json

[FrenchYeti]

Fixed by 0dfad1113d83d25c054525e41910c2379aae9a20 and 9bbab6812d7c234798b52bba922f435cb2a5d5e7