search

FrenchYeti / dexcalibur

[Official] Android reverse engineering tool focused on dynamic instrumentation automation leveraging Frida. It disassembles dex, analyzes it statically, generates hooks, discovers reflected methods, stores intercepted data and does new things from it. Its aim is to be an all-in-one Android reverse engineering platform.
Apache License 2.0
1.06k stars 126 forks source link

Installation on MacOS M1 Monterey #67

Open ChrisMcMStone opened 3 years ago

ChrisMcMStone commented 3 years ago

Hi @FrenchYeti,

Thank you for your work on this great tool. I'm looking forward to trying it out. Could you please help me install it?

I'm trying to install it with Node v12, however I am getting the below error and struggling to resolve. I believe it might be related the the architecture of the M1 chipset on my Macbook. Could you share any insight?


npm WARN deprecated crypto@1.0.1: This package is no longer supported. It's now a built-in Node module. If you've depended on crypto, you should switch to the one that's built-in.
/Users/cmstone/.nvm/versions/node/v12.22.7/bin/dexcalibur -> /Users/cmstone/.nvm/versions/node/v12.22.7/lib/node_modules/dexcalibur/dexcalibur

> frida@15.1.8 install /Users/cmstone/.nvm/versions/node/v12.22.7/lib/node_modules/dexcalibur/node_modules/frida
> prebuild-install || node-gyp rebuild

prebuild-install WARN install dlopen(/Users/cmstone/.nvm/versions/node/v12.22.7/lib/node_modules/dexcalibur/node_modules/frida/build/Release/frida_binding.node, 0x0001): tried: '/Users/cmstone/.nvm/versions/node/v12.22.7/lib/node_modules/dexcalibur/node_modules/frida/build/Release/frida_binding.node' (mach-o file, but is an incompatible architecture (have 'x86_64', need 'arm64e')), '/usr/local/lib/frida_binding.node' (no such file), '/usr/lib/frida_binding.node' (no such file)
gyp: binding.gyp not found (cwd: /Users/cmstone/.nvm/versions/node/v12.22.7/lib/node_modules/dexcalibur/node_modules/frida) while trying to load binding.gyp
gyp ERR! configure error
gyp ERR! stack Error: `gyp` failed with exit code: 1
gyp ERR! stack     at ChildProcess.onCpExit (/Users/cmstone/.nvm/versions/node/v12.22.7/lib/node_modules/npm/node_modules/node-gyp/lib/configure.js:351:16)
gyp ERR! stack     at ChildProcess.emit (events.js:314:20)
gyp ERR! stack     at Process.ChildProcess._handle.onexit (internal/child_process.js:276:12)
gyp ERR! System Darwin 21.1.0
gyp ERR! command "/Users/cmstone/.nvm/versions/node/v12.22.7/bin/node" "/Users/cmstone/.nvm/versions/node/v12.22.7/lib/node_modules/npm/node_modules/node-gyp/bin/node-gyp.js" "rebuild"
gyp ERR! cwd /Users/cmstone/.nvm/versions/node/v12.22.7/lib/node_modules/dexcalibur/node_modules/frida
gyp ERR! node -v v12.22.7
gyp ERR! node-gyp -v v5.1.0
gyp ERR! not ok
npm ERR! code ELIFECYCLE
npm ERR! errno 1
npm ERR! frida@15.1.8 install: `prebuild-install || node-gyp rebuild`
npm ERR! Exit status 1
npm ERR!
npm ERR! Failed at the frida@15.1.8 install script.
npm ERR! This is probably not a problem with npm. There is likely additional logging output above.

npm ERR! A complete log of this run can be found in:
npm ERR!     /Users/cmstone/.npm/_logs/2021-10-27T15_58_12_825Z-debug.log```
FrenchYeti commented 3 years ago

Hey,

That sound like an issue with Frida node module. NPM downloads frida-node module for a wrong architecture (x86_64 instead of arm64).

My workaround for M1 is the following (it works for me on M1 BigSur):

Clone dexcalibur repository

$ git clone https://github.com/FrenchYeti/dexcalibur.git
$ cd dexcalibur

npm install will fail to install frida, but it will install others packages and create /node_modules/ folder. We download frida-binding into tmp folder, extract and copy into node_modules/frida

$ npm install
$ mkdir tmp && cd tmp
$ curl -L https://github.com/frida/frida/releases/download/15.1.8/frida-v15.1.8-node-v72-darwin-arm64.tar.gz --output frida.tar.gz
$ tar xvf frida.tar.gz
$ cp build/Release/frida_binding.node ../node_modules/frida/build/Release/frida_binding.node

Finally, as required on M1, you should probably re-sign binding file ad-hoc. If you never did it, you must create an auto_signed certificate into your keychain for "Code signing" purpose.

See : https://support.apple.com/guide/keychain-access/create-self-signed-certificates-kyca8916/mac I assume name of your previously created certificate is "MY_CERTIFICATE", then

$ codesign --force -s "MY_CERTIFICATE" ../node_modules/frida/build/Release/frida_binding.node
$ cd .. && ./dexcalibur

Let me know if you continue to encounter issues

For anyone using a different NodeJS version, the valid MODULE version (here 72 for node v12.22.7) can be found into this listing : https://nodejs.org/en/download/releases/

ChrisMcMStone commented 3 years ago

Hello @FrenchYeti,

Thanks very much for your quick response!

I tried out your workaround, however I'm still having problems. For completeness, before copying the frida_binding.node and signing it, I had to first make the the directory with: mkdir -p ../node_modules/frida/build/Release.

I then tried to run dexcalibur directly with ./dexcalibur and the secondarily with node dexcalibur.js. See the errors that I recieved below:

 ~/Software/dexcalibur $ ./dexcalibur
internal/modules/cjs/loader.js:818
  throw err;
  ^

Error: Cannot find module '/Users/cmstone/.nvm/versions/node/v12.22.7/lib/node_modules/dexcalibur/dexcalibur.js'
    at Function.Module._resolveFilename (internal/modules/cjs/loader.js:815:15)
    at Function.Module._load (internal/modules/cjs/loader.js:667:27)
    at Function.executeUserEntryPoint [as runMain] (internal/modules/run_main.js:60:12)
    at internal/main/run_main_module.js:17:47 {
  code: 'MODULE_NOT_FOUND',
  requireStack: []
}
 ✘ ~/Software/dexcalibur $ node dexcalibur.js

/Users/cmstone/Software/dexcalibur/node_modules/node-gyp-build/index.js:59
  throw new Error('No native build was found for ' + target + '\n    loaded from: ' + dir + '\n')
  ^

Error: No native build was found for platform=darwin arch=arm64 runtime=node abi=72 uv=1 armv=8 libc=glibc node=12.22.7
    loaded from: /Users/cmstone/Software/dexcalibur/node_modules/lzma-native

    at Function.load.path (/Users/cmstone/Software/dexcalibur/node_modules/node-gyp-build/index.js:59:9)
    at load (/Users/cmstone/Software/dexcalibur/node_modules/node-gyp-build/index.js:21:30)
    at /Users/cmstone/Software/dexcalibur/node_modules/lzma-native/index.js:9:39
    at Object.<anonymous> (/Users/cmstone/Software/dexcalibur/node_modules/lzma-native/index.js:595:3)
    at Module._compile (internal/modules/cjs/loader.js:999:30)
    at Object.Module._extensions..js (internal/modules/cjs/loader.js:1027:10)
    at Module.load (internal/modules/cjs/loader.js:863:32)
    at Function.Module._load (internal/modules/cjs/loader.js:708:14)
    at Module.require (internal/modules/cjs/loader.js:887:19)
    at require (internal/modules/cjs/helpers.js:74:18)
 ✘ ~/Software/dexcalibur $

Thanks again for your help.

FrenchYeti commented 2 years ago

did you solved your issue ?