Open tweidinger opened 4 years ago
alxbl
commented
4 years ago Hi, @tweidinger, did you make sure that the app is already running on the phone when you launch the frida script? frida-mono-api can't attach to processes early because the mono image is not mapped yet, and there's (currently) no good support to wait until a library is mapped to run code.
If that doesn't work, then I'd list the mapped modules and see if mono is indeed present... Maybe the image name is different.
tweidinger
commented
4 years ago Hey @alxbl thanks for the quick answer. Yes I did make sure that it is running on the phone before launching the script.
I will check the mapped modules and look for similar named modules. Can you still replicate the example from the readme?
tweidinger
commented
4 years ago I did check and could not find a running mono module.
Process.enumerateModulesSync()
Is there a step I am missing? Loaded Modules in case they are relevant:
[
{
"base": "0x58276000",
"name": "app_process32",
"path": "/system/bin/app_process32",
"size": 28672
},
{
"base": "0xe8894000",
"name": "libandroid_runtime.so",
"path": "/system/lib/libandroid_runtime.so",
"size": 2015232
},
{
"base": "0xea365000",
"name": "libbinder.so",
"path": "/system/lib/libbinder.so",
"size": 598016
},
{
"base": "0xe990c000",
"name": "libcutils.so",
"path": "/system/lib/libcutils.so",
"size": 73728
},
{
"base": "0xec40e000",
"name": "libhwbinder.so",
"path": "/system/lib/libhwbinder.so",
"size": 176128
},
{
"base": "0xe8be7000",
"name": "liblog.so",
"path": "/system/lib/liblog.so",
"size": 102400
},
{
"base": "0xebdb0000",
"name": "libnativeloader.so",
"path": "/system/lib/libnativeloader.so",
"size": 36864
},
{
"base": "0xea859000",
"name": "libutils.so",
"path": "/system/lib/libutils.so",
"size": 122880
},
{
"base": "0xe8ac0000",
"name": "libwilhelm.so",
"path": "/system/lib/libwilhelm.so",
"size": 262144
},
{
"base": "0xe8680000",
"name": "libc++.so",
"path": "/system/lib/libc++.so",
"size": 901120
},
{
"base": "0xe9247000",
"name": "libc.so",
"path": "/system/lib/libc.so",
"size": 1015808
},
{
"base": "0xeb144000",
"name": "libm.so",
"path": "/system/lib/libm.so",
"size": 237568
},
{
"base": "0xe9b77000",
"name": "libdl.so",
"path": "/system/lib/libdl.so",
"size": 16384
},
{
"base": "0xe886d000",
"name": "libbpf.so",
"path": "/system/lib/libbpf.so",
"size": 53248
},
{
"base": "0xec511000",
"name": "libnetdutils.so",
"path": "/system/lib/libnetdutils.so",
"size": 45056
},
{
"base": "0xe99e7000",
"name": "libmemtrack.so",
"path": "/system/lib/libmemtrack.so",
"size": 16384
},
{
"base": "0xe8411000",
"name": "libandroidfw.so",
"path": "/system/lib/libandroidfw.so",
"size": 368640
},
{
"base": "0xeb1eb000",
"name": "libappfuse.so",
"path": "/system/lib/libappfuse.so",
"size": 53248
},
{
"base": "0xe9ba3000",
"name": "libbase.so",
"path": "/system/lib/libbase.so",
"size": 77824
},
{
"base": "0xe94c9000",
"name": "libcrypto.so",
"path": "/system/lib/libcrypto.so",
"size": 1196032
},
{
"base": "0xeb9e4000",
"name": "libnativehelper.so",
"path": "/system/lib/libnativehelper.so",
"size": 32768
},
{
"base": "0xe8c50000",
"name": "libdebuggerd_client.so",
"path": "/system/lib/libdebuggerd_client.so",
"size": 24576
},
{
"base": "0xe9bce000",
"name": "libui.so",
"path": "/system/lib/libui.so",
"size": 163840
},
{
"base": "0xea6a3000",
"name": "libgraphicsenv.so",
"path": "/system/lib/libgraphicsenv.so",
"size": 16384
},
{
"base": "0xea21c000",
"name": "libgui.so",
"path": "/system/lib/libgui.so",
"size": 638976
},
{
"base": "0xeba27000",
"name": "libsensor.so",
"path": "/system/lib/libsensor.so",
"size": 94208
},
{
"base": "0xe8644000",
"name": "libinput.so",
"path": "/system/lib/libinput.so",
"size": 196608
},
{
"base": "0xec580000",
"name": "libcamera_client.so",
"path": "/system/lib/libcamera_client.so",
"size": 331776
},
{
"base": "0xe8b01000",
"name": "libcamera_metadata.so",
"path": "/system/lib/libcamera_metadata.so",
"size": 40960
},
{
"base": "0xe9f83000",
"name": "libsqlite.so",
"path": "/system/lib/libsqlite.so",
"size": 1253376
},
{
"base": "0xea5d0000",
"name": "libEGL.so",
"path": "/system/lib/libEGL.so",
"size": 176128
},
{
"base": "0xe836b000",
"name": "libGLESv1_CM.so",
"path": "/system/lib/libGLESv1_CM.so",
"size": 45056
},
{
"base": "0xec38d000",
"name": "libGLESv2.so",
"path": "/system/lib/libGLESv2.so",
"size": 102400
},
{
"base": "0xe8385000",
"name": "libvulkan.so",
"path": "/system/lib/libvulkan.so",
"size": 180224
},
{
"base": "0xe99a3000",
"name": "libziparchive.so",
"path": "/system/lib/libziparchive.so",
"size": 53248
},
{
"base": "0xe9d32000",
"name": "libETC1.so",
"path": "/system/lib/libETC1.so",
"size": 20480
},
{
"base": "0xe8cb7000",
"name": "libhardware.so",
"path": "/system/lib/libhardware.so",
"size": 16384
},
{
"base": "0xe8cea000",
"name": "libhardware_legacy.so",
"path": "/system/lib/libhardware_legacy.so",
"size": 16384
},
{
"base": "0xe9098000",
"name": "libselinux.so",
"path": "/system/lib/libselinux.so",
"size": 98304
},
{
"base": "0xeb803000",
"name": "libicuuc.so",
"path": "/system/lib/libicuuc.so",
"size": 1748992
},
{
"base": "0xebcc9000",
"name": "libmedia.so",
"path": "/system/lib/libmedia.so",
"size": 700416
},
{
"base": "0xe9e20000",
"name": "libmediametrics.so",
"path": "/system/lib/libmediametrics.so",
"size": 69632
},
{
"base": "0xe8b41000",
"name": "libaudioclient.so",
"path": "/system/lib/libaudioclient.so",
"size": 491520
},
{
"base": "0xebc09000",
"name": "libjpeg.so",
"path": "/system/lib/libjpeg.so",
"size": 565248
},
{
"base": "0xe8802000",
"name": "libusbhost.so",
"path": "/system/lib/libusbhost.so",
"size": 24576
},
{
"base": "0xe8787000",
"name": "libharfbuzz_ng.so",
"path": "/system/lib/libharfbuzz_ng.so",
"size": 401408
},
{
"base": "0xe9a1c000",
"name": "libz.so",
"path": "/system/lib/libz.so",
"size": 106496
},
{
"base": "0xebe4b000",
"name": "libpdfium.so",
"path": "/system/lib/libpdfium.so",
"size": 5439488
},
{
"base": "0xeb7c7000",
"name": "libimg_utils.so",
"path": "/system/lib/libimg_utils.so",
"size": 86016
},
{
"base": "0xe9af2000",
"name": "libnetd_client.so",
"path": "/system/lib/libnetd_client.so",
"size": 20480
},
{
"base": "0xe9c0e000",
"name": "libsoundtrigger.so",
"path": "/system/lib/libsoundtrigger.so",
"size": 65536
},
{
"base": "0xeb197000",
"name": "libminikin.so",
"path": "/system/lib/libminikin.so",
"size": 159744
},
{
"base": "0xea540000",
"name": "libprocessgroup.so",
"path": "/system/lib/libprocessgroup.so",
"size": 32768
},
{
"base": "0xebb6c000",
"name": "libnativebridge.so",
"path": "/system/lib/libnativebridge.so",
"size": 20480
},
{
"base": "0xec604000",
"name": "libmemunreachable.so",
"path": "/system/lib/libmemunreachable.so",
"size": 176128
},
{
"base": "0xe83c9000",
"name": "libhidlbase.so",
"path": "/system/lib/libhidlbase.so",
"size": 159744
},
{
"base": "0xe9c8b000",
"name": "libhidltransport.so",
"path": "/system/lib/libhidltransport.so",
"size": 475136
},
{
"base": "0xea706000",
"name": "libvintf.so",
"path": "/system/lib/libvintf.so",
"size": 585728
},
{
"base": "0xec4c4000",
"name": "libnativewindow.so",
"path": "/system/lib/libnativewindow.so",
"size": 24576
},
{
"base": "0xea887000",
"name": "libhwui.so",
"path": "/system/lib/libhwui.so",
"size": 8916992
},
{
"base": "0xe90e7000",
"name": "libstatslog.so",
"path": "/system/lib/libstatslog.so",
"size": 86016
},
{
"base": "0xe9408000",
"name": "libutilscallstack.so",
"path": "/system/lib/libutilscallstack.so",
"size": 32768
},
{
"base": "0xec57d000",
"name": "libvndksupport.so",
"path": "/system/lib/libvndksupport.so",
"size": 12288
},
{
"base": "0xe9d6b000",
"name": "libmedia_omx.so",
"path": "/system/lib/libmedia_omx.so",
"size": 331776
},
{
"base": "0xec3c5000",
"name": "libmediaextractor.so",
"path": "/system/lib/libmediaextractor.so",
"size": 69632
},
{
"base": "0xe9ec8000",
"name": "libaudiomanager.so",
"path": "/system/lib/libaudiomanager.so",
"size": 20480
},
{
"base": "0xe8e40000",
"name": "libstagefright.so",
"path": "/system/lib/libstagefright.so",
"size": 2093056
},
{
"base": "0xeb242000",
"name": "libstagefright_foundation.so",
"path": "/system/lib/libstagefright_foundation.so",
"size": 253952
},
{
"base": "0xe9603000",
"name": "libstagefright_http_support.so",
"path": "/system/lib/libstagefright_http_support.so",
"size": 20480
},
{
"base": "0xebbaa000",
"name": "android.hardware.memtrack@1.0.so",
"path": "/system/lib/android.hardware.memtrack@1.0.so",
"size": 90112
},
{
"base": "0xe8dd1000",
"name": "android.hardware.graphics.allocator@2.0.so",
"path": "/system/lib/android.hardware.graphics.allocator@2.0.so",
"size": 98304
},
{
"base": "0xec689000",
"name": "android.hardware.graphics.common@1.1.so",
"path": "/system/lib/android.hardware.graphics.common@1.1.so",
"size": 12288
},
{
"base": "0xe9e99000",
"name": "android.hardware.graphics.mapper@2.0.so",
"path": "/system/lib/android.hardware.graphics.mapper@2.0.so",
"size": 114688
},
{
"base": "0xea306000",
"name": "android.hardware.graphics.mapper@2.1.so",
"path": "/system/lib/android.hardware.graphics.mapper@2.1.so",
"size": 122880
},
{
"base": "0xe9b0b000",
"name": "android.hardware.configstore@1.0.so",
"path": "/system/lib/android.hardware.configstore@1.0.so",
"size": 167936
},
{
"base": "0xea6c9000",
"name": "android.hardware.configstore-utils.so",
"path": "/system/lib/android.hardware.configstore-utils.so",
"size": 16384
},
{
"base": "0xea62e000",
"name": "libsync.so",
"path": "/system/lib/libsync.so",
"size": 16384
},
{
"base": "0xe8d12000",
"name": "libbufferhubqueue.so",
"path": "/system/lib/libbufferhubqueue.so",
"size": 131072
},
{
"base": "0xeba4d000",
"name": "libpdx_default_transport.so",
"path": "/system/lib/libpdx_default_transport.so",
"size": 430080
},
{
"base": "0xea522000",
"name": "android.hidl.token@1.0-utils.so",
"path": "/system/lib/android.hidl.token@1.0-utils.so",
"size": 20480
},
{
"base": "0xebdf3000",
"name": "android.hardware.graphics.bufferqueue@1.0.so",
"path": "/system/lib/android.hardware.graphics.bufferqueue@1.0.so",
"size": 290816
},
{
"base": "0xe9648000",
"name": "libicui18n.so",
"path": "/system/lib/libicui18n.so",
"size": 2633728
},
{
"base": "0xec493000",
"name": "libbacktrace.so",
"path": "/system/lib/libbacktrace.so",
"size": 114688
},
{
"base": "0xe9dc2000",
"name": "android.hardware.graphics.common@1.0.so",
"path": "/system/lib/android.hardware.graphics.common@1.0.so",
"size": 12288
},
{
"base": "0xec649000",
"name": "libpcre2.so",
"path": "/system/lib/libpcre2.so",
"size": 147456
},
{
"base": "0xea5ba000",
"name": "libpackagelistparser.so",
"path": "/system/lib/libpackagelistparser.so",
"size": 20480
},
{
"base": "0xeb2c2000",
"name": "libclang_rt.ubsan_standalone-i686-android.so",
"path": "/system/lib/libclang_rt.ubsan_standalone-i686-android.so",
"size": 5165056
},
{
"base": "0xe9f01000",
"name": "libsonivox.so",
"path": "/system/lib/libsonivox.so",
"size": 385024
},
{
"base": "0xe9349000",
"name": "libexpat.so",
"path": "/system/lib/libexpat.so",
"size": 172032
},
{
"base": "0xe8a95000",
"name": "libaudioutils.so",
"path": "/system/lib/libaudioutils.so",
"size": 86016
},
{
"base": "0xe8611000",
"name": "libmedia_helper.so",
"path": "/system/lib/libmedia_helper.so",
"size": 98304
},
{
"base": "0xe854d000",
"name": "libft2.so",
"path": "/system/lib/libft2.so",
"size": 647168
},
{
"base": "0xe849b000",
"name": "libhidl-gen-utils.so",
"path": "/system/lib/libhidl-gen-utils.so",
"size": 536576
},
{
"base": "0xe948c000",
"name": "libtinyxml2.so",
"path": "/system/lib/libtinyxml2.so",
"size": 94208
},
{
"base": "0xea105000",
"name": "libdng_sdk.so",
"path": "/system/lib/libdng_sdk.so",
"size": 909312
},
{
"base": "0xea2cf000",
"name": "libheif.so",
"path": "/system/lib/libheif.so",
"size": 36864
},
{
"base": "0xea7d6000",
"name": "libpiex.so",
"path": "/system/lib/libpiex.so",
"size": 110592
},
{
"base": "0xe9048000",
"name": "libpng.so",
"path": "/system/lib/libpng.so",
"size": 229376
},
{
"base": "0xe9a48000",
"name": "libprotobuf-cpp-lite.so",
"path": "/system/lib/libprotobuf-cpp-lite.so",
"size": 266240
},
{
"base": "0xe8e00000",
"name": "libRScpp.so",
"path": "/system/lib/libRScpp.so",
"size": 262144
},
{
"base": "0xe910a000",
"name": "android.hardware.media.omx@1.0.so",
"path": "/system/lib/android.hardware.media.omx@1.0.so",
"size": 573440
},
{
"base": "0xe9e46000",
"name": "libdrmframework.so",
"path": "/system/lib/libdrmframework.so",
"size": 143360
},
{
"base": "0xea485000",
"name": "libion.so",
"path": "/system/lib/libion.so",
"size": 16384
},
{
"base": "0xea0c8000",
"name": "libmediautils.so",
"path": "/system/lib/libmediautils.so",
"size": 57344
},
{
"base": "0xe8dad000",
"name": "libstagefright_codecbase.so",
"path": "/system/lib/libstagefright_codecbase.so",
"size": 28672
},
{
"base": "0xec466000",
"name": "libstagefright_omx_utils.so",
"path": "/system/lib/libstagefright_omx_utils.so",
"size": 28672
},
{
"base": "0xe8d54000",
"name": "libstagefright_xmlparser.so",
"path": "/system/lib/libstagefright_xmlparser.so",
"size": 57344
},
{
"base": "0xe8c27000",
"name": "libhidlallocatorutils.so",
"path": "/system/lib/libhidlallocatorutils.so",
"size": 12288
},
{
"base": "0xea4c8000",
"name": "libhidlmemory.so",
"path": "/system/lib/libhidlmemory.so",
"size": 28672
},
{
"base": "0xeb290000",
"name": "android.hidl.allocator@1.0.so",
"path": "/system/lib/android.hidl.allocator@1.0.so",
"size": 98304
},
{
"base": "0xebbe0000",
"name": "android.hardware.cas.native@1.0.so",
"path": "/system/lib/android.hardware.cas.native@1.0.so",
"size": 106496
},
{
"base": "0xebb1d000",
"name": "android.hardware.configstore@1.1.so",
"path": "/system/lib/android.hardware.configstore@1.1.so",
"size": 135168
},
{
"base": "0xe944b000",
"name": "android.hidl.token@1.0.so",
"path": "/system/lib/android.hidl.token@1.0.so",
"size": 102400
},
{
"base": "0xe9972000",
"name": "android.hardware.media@1.0.so",
"path": "/system/lib/android.hardware.media@1.0.so",
"size": 12288
},
{
"base": "0xea653000",
"name": "libunwind.so",
"path": "/system/lib/libunwind.so",
"size": 180224
},
{
"base": "0xe91c3000",
"name": "libunwindstack.so",
"path": "/system/lib/libunwindstack.so",
"size": 356352
},
{
"base": "0xea401000",
"name": "libdexfile.so",
"path": "/system/lib/libdexfile.so",
"size": 258048
},
{
"base": "0xea455000",
"name": "libstdc++.so",
"path": "/system/lib/libstdc++.so",
"size": 20480
},
{
"base": "0xeb228000",
"name": "libspeexresampler.so",
"path": "/system/lib/libspeexresampler.so",
"size": 24576
},
{
"base": "0xe9c40000",
"name": "android.hidl.memory@1.0.so",
"path": "/system/lib/android.hidl.memory@1.0.so",
"size": 159744
},
{
"base": "0xebae9000",
"name": "android.hidl.memory.token@1.0.so",
"path": "/system/lib/android.hidl.memory.token@1.0.so",
"size": 90112
},
{
"base": "0xe938f000",
"name": "android.hardware.cas@1.0.so",
"path": "/system/lib/android.hardware.cas@1.0.so",
"size": 315392
},
{
"base": "0xea811000",
"name": "liblzma.so",
"path": "/system/lib/liblzma.so",
"size": 188416
},
{
"base": "0xe7ad1000",
"name": "libart.so",
"path": "/system/lib/libart.so",
"size": 6971392
},
{
"base": "0xe7a24000",
"name": "liblz4.so",
"path": "/system/lib/liblz4.so",
"size": 94208
},
{
"base": "0xe7a9e000",
"name": "libmetricslogger.so",
"path": "/system/lib/libmetricslogger.so",
"size": 16384
},
{
"base": "0xeca82000",
"name": "libtombstoned_client.so",
"path": "/system/lib/libtombstoned_client.so",
"size": 24576
},
{
"base": "0xe7a5e000",
"name": "libsigchain.so",
"path": "/system/lib/libsigchain.so",
"size": 12288
},
{
"base": "0x71acd000",
"name": "boot.oat",
"path": "/system/framework/x86/boot.oat",
"size": 9396224
},
{
"base": "0x723c3000",
"name": "boot-core-libart.oat",
"path": "/system/framework/x86/boot-core-libart.oat",
"size": 5013504
},
{
"base": "0x7288b000",
"name": "boot-conscrypt.oat",
"path": "/system/framework/x86/boot-conscrypt.oat",
"size": 688128
},
{
"base": "0x72933000",
"name": "boot-okhttp.oat",
"path": "/system/framework/x86/boot-okhttp.oat",
"size": 786432
},
{
"base": "0x729f3000",
"name": "boot-bouncycastle.oat",
"path": "/system/framework/x86/boot-bouncycastle.oat",
"size": 1675264
},
{
"base": "0x72b8c000",
"name": "boot-apache-xml.oat",
"path": "/system/framework/x86/boot-apache-xml.oat",
"size": 1359872
},
{
"base": "0x72cd8000",
"name": "boot-ext.oat",
"path": "/system/framework/x86/boot-ext.oat",
"size": 1142784
},
{
"base": "0x72def000",
"name": "boot-framework.oat",
"path": "/system/framework/x86/boot-framework.oat",
"size": 35528704
},
{
"base": "0x74fd1000",
"name": "boot-telephony-common.oat",
"path": "/system/framework/x86/boot-telephony-common.oat",
"size": 4947968
},
{
"base": "0x75489000",
"name": "boot-voip-common.oat",
"path": "/system/framework/x86/boot-voip-common.oat",
"size": 180224
},
{
"base": "0x754b5000",
"name": "boot-ims-common.oat",
"path": "/system/framework/x86/boot-ims-common.oat",
"size": 241664
},
{
"base": "0x754f0000",
"name": "boot-android.hidl.base-V1.0-java.oat",
"path": "/system/framework/x86/boot-android.hidl.base-V1.0-java.oat",
"size": 53248
},
{
"base": "0x754fd000",
"name": "boot-android.hidl.manager-V1.0-java.oat",
"path": "/system/framework/x86/boot-android.hidl.manager-V1.0-java.oat",
"size": 73728
},
{
"base": "0x7550f000",
"name": "boot-framework-oahl-backward-compatibility.oat",
"path": "/system/framework/x86/boot-framework-oahl-backward-compatibility.oat",
"size": 28672
},
{
"base": "0x75516000",
"name": "boot-android.test.base.oat",
"path": "/system/framework/x86/boot-android.test.base.oat",
"size": 57344
},
{
"base": "0xe505c000",
"name": "libadbconnection.so",
"path": "/system/lib/libadbconnection.so",
"size": 53248
},
{
"base": "0xe495a000",
"name": "libhoudini.so",
"path": "/system/lib/libhoudini.so",
"size": 7151616
},
{
"base": "0xe4918000",
"name": "libandroid.so",
"path": "/system/lib/libandroid.so",
"size": 122880
},
{
"base": "0xe48c3000",
"name": "libaaudio.so",
"path": "/system/lib/libaaudio.so",
"size": 204800
},
{
"base": "0xe4751000",
"name": "libcamera2ndk.so",
"path": "/system/lib/libcamera2ndk.so",
"size": 139264
},
{
"base": "0xe470b000",
"name": "libmediandk.so",
"path": "/system/lib/libmediandk.so",
"size": 126976
},
{
"base": "0xe4846000",
"name": "libmedia_jni.so",
"path": "/system/lib/libmedia_jni.so",
"size": 438272
},
{
"base": "0xe4785000",
"name": "libmediadrm.so",
"path": "/system/lib/libmediadrm.so",
"size": 217088
},
{
"base": "0xe46df000",
"name": "libmidi.so",
"path": "/system/lib/libmidi.so",
"size": 81920
},
{
"base": "0xe4691000",
"name": "libmtp.so",
"path": "/system/lib/libmtp.so",
"size": 188416
},
{
"base": "0xe4802000",
"name": "libexif.so",
"path": "/system/lib/libexif.so",
"size": 217088
},
{
"base": "0xe47d3000",
"name": "libmediadrmmetrics_lite.so",
"path": "/system/lib/libmediadrmmetrics_lite.so",
"size": 155648
},
{
"base": "0xe4580000",
"name": "android.hardware.drm@1.0.so",
"path": "/system/lib/android.hardware.drm@1.0.so",
"size": 524288
},
{
"base": "0xe461f000",
"name": "android.hardware.drm@1.1.so",
"path": "/system/lib/android.hardware.drm@1.1.so",
"size": 339968
},
{
"base": "0xe4563000",
"name": "libasyncio.so",
"path": "/system/lib/libasyncio.so",
"size": 12288
},
{
"base": "0xe4520000",
"name": "libGLESv3.so",
"path": "/system/lib/libGLESv3.so",
"size": 102400
},
{
"base": "0xe44f5000",
"name": "libjnigraphics.so",
"path": "/system/lib/libjnigraphics.so",
"size": 12288
},
{
"base": "0xe4191000",
"name": "libneuralnetworks.so",
"path": "/system/lib/libneuralnetworks.so",
"size": 2547712
},
{
"base": "0xe414a000",
"name": "libtextclassifier_hash.so",
"path": "/system/lib/libtextclassifier_hash.so",
"size": 28672
},
{
"base": "0xe4442000",
"name": "android.hardware.neuralnetworks@1.0.so",
"path": "/system/lib/android.hardware.neuralnetworks@1.0.so",
"size": 270336
},
{
"base": "0xe4410000",
"name": "android.hardware.neuralnetworks@1.1.so",
"path": "/system/lib/android.hardware.neuralnetworks@1.1.so",
"size": 126976
},
{
"base": "0xe4108000",
"name": "libOpenMAXAL.so",
"path": "/system/lib/libOpenMAXAL.so",
"size": 16384
},
{
"base": "0xe40cd000",
"name": "libOpenSLES.so",
"path": "/system/lib/libOpenSLES.so",
"size": 16384
},
{
"base": "0xe4013000",
"name": "libRS.so",
"path": "/system/lib/libRS.so",
"size": 81920
},
{
"base": "0xe4041000",
"name": "android.hardware.renderscript@1.0.so",
"path": "/system/lib/android.hardware.renderscript@1.0.so",
"size": 520192
},
{
"base": "0xe3ffb000",
"name": "libwebviewchromium_plat_support.so",
"path": "/system/lib/libwebviewchromium_plat_support.so",
"size": 20480
},
{
"base": "0xe3f7a000",
"name": "libjavacore.so",
"path": "/system/lib/libjavacore.so",
"size": 286720
},
{
"base": "0xe2785000",
"name": "libopenjdk.so",
"path": "/system/lib/libopenjdk.so",
"size": 225280
},
{
"base": "0xe2808000",
"name": "libssl.so",
"path": "/system/lib/libssl.so",
"size": 339968
},
{
"base": "0xe27e5000",
"name": "libopenjdkjvm.so",
"path": "/system/lib/libopenjdkjvm.so",
"size": 40960
},
{
"base": "0xe2503000",
"name": "libart-compiler.so",
"path": "/system/lib/libart-compiler.so",
"size": 2486272
},
{
"base": "0xdf8f0000",
"name": "libsoundpool.so",
"path": "/system/lib/libsoundpool.so",
"size": 53248
},
{
"base": "0xdf880000",
"name": "libjavacrypto.so",
"path": "/system/lib/libjavacrypto.so",
"size": 262144
},
{
"base": "0xdf78c000",
"name": "android.hardware.graphics.mapper@2.0-impl.so",
"path": "/system/vendor/lib/hw/android.hardware.graphics.mapper@2.0-impl.so",
"size": 32768
},
{
"base": "0xdf744000",
"name": "libcompiler_rt.so",
"path": "/system/lib/libcompiler_rt.so",
"size": 217088
},
{
"base": "0xdf6a8000",
"name": "libwebviewchromium_loader.so",
"path": "/system/lib/libwebviewchromium_loader.so",
"size": 16384
},
{
"base": "0xd2241000",
"name": "base.odex",
"path": "/data/app/com.test.sample-xYPrvLJbYgg8WvTMvLFzew==/oat/x86/base.odex",
"size": 4153344
},
{
"base": "0xe000000",
"name": "libtcb.so",
"path": "/system/lib/arm/nb/libtcb.so",
"size": 675840
},
{
"base": "0xccb00000",
"name": "libEGL_emulation.so",
"path": "/system/vendor/lib/egl/libEGL_emulation.so",
"size": 188416
},
{
"base": "0xccb52000",
"name": "libOpenglSystemCommon.so",
"path": "/system/vendor/lib/libOpenglSystemCommon.so",
"size": 40960
},
{
"base": "0xcc4e0000",
"name": "lib_renderControl_enc.so",
"path": "/system/vendor/lib/lib_renderControl_enc.so",
"size": 53248
},
{
"base": "0xcc148000",
"name": "libGLESv2_enc.so",
"path": "/system/vendor/lib/libGLESv2_enc.so",
"size": 491520
},
{
"base": "0xcc0d9000",
"name": "libGLESv1_enc.so",
"path": "/system/vendor/lib/libGLESv1_enc.so",
"size": 307200
},
{
"base": "0xcc093000",
"name": "libGLESv1_CM_emulation.so",
"path": "/system/vendor/lib/egl/libGLESv1_CM_emulation.so",
"size": 86016
},
{
"base": "0xcc049000",
"name": "libGLESv2_emulation.so",
"path": "/system/vendor/lib/egl/libGLESv2_emulation.so",
"size": 114688
},
{
"base": "0xcb5dc000",
"name": "gralloc.vbox86.so",
"path": "/system/vendor/lib/hw/gralloc.vbox86.so",
"size": 53248
},
{
"base": "0xc80dc000",
"name": "frida-agent-32.so",
"path": "/data/local/tmp/re.frida.server/frida-agent-32.so",
"size": 21835776
},
{
"base": "0xecd74000",
"name": "linux-vdso.so.1",
"path": "linux-vdso.so.1",
"size": 4096
},
{
"base": "0xecd75000",
"name": "linker",
"path": "/system/bin/linker",
"size": 1306624
}
]Hmm, there are indeed no mono libraries at all in there. If you retargeted the solution for Pixel 3, is it possible that AOT compilation is now a default? Or maybe the behavior inside an emulator is different? Isn't the android emulator build compiling the code to x86 instead of ARM? (for performance reasons)
tweidinger
commented
4 years ago Regarding the AOT I am not sure if this is affecting here, but I used the precompiled apk from this repo. I will build it from source and see if there is a difference. Checked the script with multiple xamarin apks and there was no runtime present. I am suspecting possible issues because of x86/arm translation and will try to replicate on a physical device to exclude this issue - still I would be interested in running the unpin inside emulated devices.
alxbl
commented
4 years ago Yeah, I totally understand. We didn't test emulated devices, so this would be something new to investigate and implement. There's little hope of the pinning script working though if the Mono runtime isn't being used at all :( If you end up finding something, do let me know.
If there is anything I can do to help, let me know as well.
perverth
commented
4 years ago El problema es la compilación de su aplicativo revisa que tenga soporte para x86 en xamarin, de esa forma podrás usarlo en un emulador
obilodeau
commented
4 years ago Here's a google translate of the previous comment for the record. It looks like important information regarding this issue.
The problem is the compilation of your application check that it has support for x86 in xamarin, that way you can use it in an emulator
ghost
commented
4 years ago Can't find Mono runtime!
achmstein
commented
4 years ago Can't find Mono runtime! with Genymotion
obilodeau
commented
4 years ago @gunnrcrakr, @achmstein: as previously stated by @alxbl, if you run in an emulator the code is AOT compiled instead of JIT'ed using the mono runtime. This solution doesn't work on AOT compiled code.
Bumping the issue will not help. Only someone willing to develop a solution would help.
alxbl
commented
4 years ago To add to what @obilodeau said, it's not actually clear so far whether this is due to AOT, or due to the x86 cross-compilation that most emulators use to improve performance. Both are technically possible, but I am indeed inclined to believe AOT is the cause.
Since Xamarin appears to be phasing out the .NET HTTP Client in favour of the platform's built-in client, Universal pinning bypasses for the Java HttpClient might work on newer Mono applications.
The only case remaining is AOT which uses the .NET HTTPClient, which will require to find the native method through RE and patching that using a custom Frida script.
ghost
commented
4 years ago Can you tell me what exactly platform can use this script?
And what is AOT?
PerverthsO
commented
4 years ago it is necessary to compile for x86 to work on emulators.
ghost
commented
4 years ago it is necessary to compile for x86 to work on emulators.
Compile what ?
PerverthsO
commented
4 years ago the application developed in xamarin must be compiled in x86 the dlls
alxbl
commented
4 years ago AOT is Ahead-of-Time compilation, where the .NET code is fully (or partially) compiled to native code before the application is packaged. Once this happens there is no trace of .NET or Mono assemblies left in the package, which means the functions cannot be hooked unless their native counterparts can be found.
We haven't implemented that as it was an area of future work. What works right now should be any application that loads the Mono runtime at launch (meaning that the .NET bytecode still exists and hasn't been precompiled into native code)
What was initially reported in this issue is that the emulators seem to AOT compile, or otherwise compile in a way that makes the mono runtime unavailable.
If possible, I'd recommend trying on a rooted android phone with a release build of the application you want to test.
PerverthsO
commented
4 years ago Excuse me if I do not understand my English is not good, it is required to build the app for x86 architecture, I leave the link https://docs.microsoft.com/en-us/xamarin/android/deploy-test/building-apps/abi-specific-apks
Anon-Exploiter
commented
8 months ago This should work without any issues:
Wait for the application to be loaded completely before running the frida script. That should resolve the issue:
frida -U -f com.example.applicationAfter the application spawns with frida attached, pass the following to load the SSL unpinning file:
[Android Emulator 5554::com.example.application ]-> %load xamarin-unpin.jsAlternatively, modify the .js file to add a timeout of 1-2 seconds before loading it. I've tested the script in Android Studio Emulator as well, works fine with the way described above.
Hi, I just wanted to replicate/try your repo. I did run all described steps.
I was expecting the same output as in the example but got:
I am not sure how to fix this or where to investigate the cause. More context: Host system: Arch 5.4.x Guest system: Emulated Pixel 3a (API 24) Frida 12.8.20 frida-ps is working and the server shows no error when pushed.