search

PiRogueToolSuite / pirogue-cli

CLI interface to control the PiRogue
https://pts-project.org/
GNU General Public License v3.0
6 stars 2 forks source link

frida-java-bridge error #16

Open muuuh opened 6 months ago

muuuh commented 6 months ago

Hello,

just to let you know. I get the following error concerning Java API only partially available _ZNK3art6Thread13DecodeJObjectEP8_jobject:

pi@pirogue:~$ sudo pirogue-intercept-gated -o recording1
12:02:04 WARNING  [pirogue_cli.frida.capture_manager] Could not load configuration - skipping.                      
12:02:06 INFO     [pirogue_cli.android.device] ⚡ Connecting to the USB device...                                   
         INFO     [pirogue_cli.android.device] ⚡ Connected...                                                      
         INFO     [pirogue_cli.frida.capture_manager] Saving device properties                                      
12:02:07 INFO     [pirogue_cli.android.device] ⚡ Starting Frida server...                                          
         INFO     [pirogue_cli.network.packet_capture] ⚡ Starting network interception...                          
12:02:08 INFO     [pirogue_cli.android.screen] ⚡ Starting screen recording...                                      
Enabled spawn gating
Pending: []
Waiting for data
on_spawned: Spawn(pid=19618, identifier="redacted")
Instrumenting: Spawn(pid=19618, identifier="redacted")
_log_ssl_keys called with NULL pointers, ignoring.
_log_ssl_keys called with NULL pointers, ignoring.
12:02:15 ERROR    [pirogue_cli.network.intercept_gated] Error: Java API only partially available; please file a bug.
                  Missing: _ZNK3art6Thread13DecodeJObjectEP8_jobject                                                
                      at ze (frida/node_modules/frida-java-bridge/lib/android.js:181)                               
                      at Oe (frida/node_modules/frida-java-bridge/lib/android.js:16)                                
                      at _tryInitialize (frida/node_modules/frida-java-bridge/index.js:29)                          
                      at _ (frida/node_modules/frida-java-bridge/index.js:21)                                       
                      at <anonymous> (frida/node_modules/frida-java-bridge/index.js:332)                            
                      at call (native)                                                                              
                      at o (/_java.js)                                                                              
                      at <anonymous> (/_java.js)                                                                    
                      at <anonymous> (frida/runtime/java.js:1)                                                      
                      at call (native)                                                                              
                      at o (/_java.js)                                                                              
                      at r (/_java.js)                                                                              
                      at <eval> (frida/runtime/java.js:3)                                                           
                      at _loadJava (native)                                                                         
                      at get (frida/runtime/core.js:130)                                                            
                      at log_aes_info (/script1.js:595)                                                             
                      at apply (native)                                                                             
                      at <anonymous> (frida/runtime/message-dispatcher.js:13)                                       
                      at c (frida/runtime/message-dispatcher.js:23)                                                 
Stopping
Saving captured data
         INFO     [pirogue_cli.frida.capture_manager] Saving data captured by Frida                                 
         INFO     [pirogue_cli.android.screen] ⚡ Stopping screen recording...                                      
12:02:16 INFO     [pirogue_cli.android.screen] ⚡ Retrieving the screencast from the device...                      
         INFO     [pirogue_cli.android.device] ⚡ Stopping Frida server...                                          
         INFO     [pirogue_cli.network.packet_capture] ⚡ Stopping network interception...                          
12:02:17 INFO     [pirogue_cli.network.intercept_gated] You can analyze the results with the following commands in  
                  the output folder:                                                                                
         INFO     [pirogue_cli.network.intercept_gated]   * Generate a PCAPNG file: editcap --inject-secrets        
                  tls,sslkeylog.txt traffic.pcap decrypted.pcapng                                                   
         INFO     [pirogue_cli.network.intercept_gated]   * Export decrypted traffic to JSON: tshark -2 -T ek       
                  --enable-protocol communityid -Ndmn -r decrypted.pcapng > traffic.json                            
         INFO     [pirogue_cli.network.intercept_gated]   * View the decrypted traffic: pirogue-view-tls -i         
                  traffic.json                                                                                      
         INFO     [pirogue_cli.network.intercept_gated] ⚠️ depending on the configuration of your system you would   
                  have to run the commands with sudo.

I think it might be an issue with the installed frida-server 16.0.19.

System Info TQ3A.230805.001.S1 ``` pi@pirogue:~$ update-alternatives --config java There is 1 choice for the alternative java (providing /usr/bin/java). Selection Path Priority Status ------------------------------------------------------------ * 0 /usr/lib/jvm/java-17-openjdk-arm64/bin/java 1711 auto mode 1 /usr/lib/jvm/java-17-openjdk-arm64/bin/java 1711 manual mode ``` ``` pi@pirogue:~$ dpkg -l | grep openjdk ii openjdk-17-jre:arm64 17.0.11+9-1~deb12u1 arm64 OpenJDK Java runtime, using Hotspot JIT ii openjdk-17-jre-headless:arm64 17.0.11+9-1~deb12u1 arm64 OpenJDK Java runtime, using Hotspot JIT (headless) ``` ``` pi@pirogue:~$ sudo dpkg -l | grep frida ii frida 16.0.19~pirogue1 arm64 dynamic instrumentation toolkit for reverse-engineering ```

Maybe it's just an upstream issue.

I thought about building a patched frida-server (as mentioned here), but don't know what to build. https://github.com/PiRogueToolSuite/pirogue-cli/blob/debian-12/pirogue_cli/android/device.py seems to download from https://github.com/frida/frida/releases/tag/16.0.19.

I also don't understand if it's already included in frida-server 16.0.19. https://github.com/frida/frida-java-bridge/blame/main/lib/android.js#L317

Best,

Update: Ah, it seems to be similar to https://github.com/PiRogueToolSuite/pirogue-os/issues/20

U039b commented 6 months ago

Hi @muuuh! Thank you for reporting this issue. Indeed, it's probably due to the old version of Frida we package. Yes, we package Frida + all the necessary stuff around it for Debian https://github.com/PiRogueToolSuite/deb-frida/tree/debian/bookworm

@CyrilBrulebois has a better understanding than me when it comes to package a new version of Frida :grimacing:

muuuh commented 6 months ago

Thank you for your information!

U039b commented 5 months ago

Hi @muuuh! A quick update, we have released a new version (16.2.y) of Frida. It can be installed by upgrading your PiRogue:

sudo apt update
sudo apt dist-upgrade

I hope this new version fixes the issue you encountered.