Closed nevermoe closed 7 years ago
oleavr
commented
7 years ago Hi,
You can always use the V8 runtime – it's available on Android, and you can build Frida yourself for iOS to enable it (by setting FRIDA_DIET=no in config.mk), or help us improve the Duktape runtime to support it (now that would be awesome!). Note that the current arm64 Stalker won't run on iOS >= 9, as only older jailbreaks patch the kernel to allow RWX pages.
Cheers!
nevermoe
commented
7 years ago Thank you, got it!
I am more than willing to contribute to this great project if I had enough low layer knowledge. However, I'll try my best to read your code first.
nevermoe
commented
7 years ago Sorry, I have a new problem now. I used the enable_jit() function to enable v8 on Android 6.0 with ARM64. However, I still can't get Stalker to work. Nothing is outputted from the onReceive or onCallSummary function. Here is my code:
def on_message(message, data):
print message
def get_script():
hook = """
'use strict';
send("Script Initialized");
const WAITING = 0;
const STALKING = 1;
const DONE = 1;
var state = WAITING;
//Interceptor.attach(Module.findExportByName("libc++.1.dylib", "send"), {
Interceptor.attach(Module.findExportByName("libc.so", "send"), {
onEnter: function (args) {
send("enter");
if (state == STALKING) {
state == DONE;
Stalker.unfollow();
}
},
onLeave: function (retval) {
send("leave");
if (state == WAITING) {
send("begin stalking");
state = STALKING;
Stalker.follow(Process.getCurrentThreadId(), {
events: {
call: true, // CALL instructions: yes please
ret: false, // RET instructions: no thanks
exec: false // all instructions: no thanks
},
onReceive: function (events) {
send("onReceive");
},
onCallSummary: function (summary) {
send("onSummary");
}
});
}
}
});
"""
return hook
if __name__ == "__main__":
try:
inject_script = get_script()
session = frida.get_usb_device().attach(process)
#session = frida.attach('firefox')
session.enable_jit()
script = session.create_script(inject_script)
script.on('message', on_message)
script.load()
sys.stdin.read()
except KeyboardInterrupt as e:
sys.exit(0)I can see onEnter and onLeave is called and "begin stalking" is logged. However, "onReceive" and "onSummary" is not printed.
Hi, I am trying to use Stalker on iOS and Android but frida throw this error: "Stalker API not yet available in the Duktape runtime".
I did some search and found that frida 9 is using Duktape as default. Can I by any change use Stalker in frida 9? e.g. Can I switch to use v8 engine to enable Stalker?
I also tried some old versions of frida (7.2) that use v8 as the default engine. However, I found that in older frida version, gumstalker is probably not implemented for arm / arm64. So this is an awkward situation that I am not able to use stalker with any version of frida on iOS/android...
Could you please help? Thank you!