search

frida / frida-core

Frida core library intended for static linking into bindings
https://frida.re
Other
592 stars 187 forks source link

[Barebone] Unable to attach to Cortex-R82AE (AVH) #506

Open Manouchehri opened 3 months ago

Manouchehri commented 3 months ago

When using Arm Virtual Hardware (AVH) with a Cortex-R82AE device, Frida isn't able to attach.

dave@mbp ~ % FRIDA_BAREBONE_ADDRESS="localhost:4000" frida -D barebone -p 0
     ____
    / _  |   Frida 16.1.1 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to GDB Remote Stub (id=barebone)
Failed to attach: invalid register name: TCR_EL1
dave@mbp ~ % FRIDA_BAREBONE_ADDRESS="localhost:4000" frida -D barebone -p 0
     ____
    / _  |   Frida 16.2.1 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to GDB Remote Stub (id=barebone)
Failed to attach: invalid TG1 value

lldb works fine.

dave@mbp ~ % lldb --one-line "gdb-remote localhost:4000"
(lldb) gdb-remote localhost:4000
Process 1 stopped
* thread #1, stop reason = signal SIGINT
    frame #0: 0x000000000021508c
->  0x21508c: adrp   x23, 205
    0x215090: add    x2, x23, #0x548
    0x215094: ldr    w19, [x0, x1]
    0x215098: str    x2, [sp, #0x88]
Target 0: (No executable module.) stopped.
(lldb) register read
general:
        x0 = 0x00000000002e1330
        x1 = 0x0000000000000000
        x2 = 0x000000000000001f
        x3 = 0x0000000000000000
        x4 = 0x0000000000000000
        x5 = 0x000000000028a000
        x6 = 0x0000000000318bc8
        x7 = 0x0000000000000012
        x8 = 0x0000000000000014
        x9 = 0x0000000000000012
       x10 = 0x000000000146c310
       x11 = 0x0000000000000032
       x12 = 0x0000000000310f40
       x13 = 0x000000000030cf40
       x14 = 0x0000000068fbcea8
       x15 = 0x00000000002e1308
       x16 = 0xffffffffffffffff
       x17 = 0xffffffffffffffff
       x18 = 0xffffffffffffffff
       x19 = 0x0000000000000000
       x20 = 0x0000000000318bc8
       x21 = 0x00000000002e0140
       x22 = 0x00000000002e5380
       x23 = 0x0000000000318778
       x24 = 0x0000000000000000
       x25 = 0x0000000000318bc8
       x26 = 0x00000000002e1330
       x27 = 0x00000000002e5380
       x28 = 0x0000000000000000
       x29 = 0x000000007fb3ab30
       x30 = 0x0000000000252fb4
        sp = 0x0000000000000000
        pc = 0x000000000021508c
      cpsr = 0x80000049
      fpsr = 0x00000000
      fpcr = 0x00000000
32 registers were unavailable.
(lldb) bt
* thread #1, stop reason = signal SIGINT
  * frame #0: 0x000000000021508c
    frame #1: 0x000000007ff80214
    frame #2: 0x000000007ff815d8
    frame #3: 0x000000007ff80fac
    frame #4: 0x000000007ff95ce8
    frame #5: 0x000000007ff8fa34
    frame #6: 0x000000007ff8fcf8
    frame #7: 0x000000007ff8f314
    frame #8: 0x000000007ff8f808
    frame #9: 0x000000007ff8fcf8
    frame #10: 0x000000007ff8f2d4
    frame #11: 0x000000007ff94fec
    frame #12: 0x000000007ff95ce8
    frame #13: 0x000000007ff8fa34
    frame #14: 0x000000007ff8fcf8
    frame #15: 0x000000007ff8f314
    frame #16: 0x000000007ff8f808
    frame #17: 0x000000007ff8fcf8
    frame #18: 0x000000007ff8f2d4
    frame #19: 0x000000007ff9507c
    frame #20: 0x000000007ff95ce8
    frame #21: 0x000000007ff8fa34
    frame #22: 0x000000007ff8f6f4
    frame #23: 0x000000007ff8f6f4
    frame #24: 0x000000007ff8fcf8
    frame #25: 0x000000007ff8f2d4
    frame #26: 0x000000007ff9507c
    frame #27: 0x000000007ff95ce8
    frame #28: 0x000000007ff8fa34
    frame #29: 0x000000007ff8f6f4
    frame #30: 0x000000007ff8fcf8
    frame #31: 0x000000007ff8f2d4
    frame #32: 0x000000007ff9507c
    frame #33: 0x000000007ff95ce8
    frame #34: 0x000000007ff8fa34
    frame #35: 0x000000007ff8f6f4
    frame #36: 0x000000007ff8f6f4
    frame #37: 0x000000007ff8fcf8
    frame #38: 0x000000007ff8f2d4
    frame #39: 0x000000007ff9507c
    frame #40: 0x000000007ff95ce8
    frame #41: 0x000000007ff8fa34
    frame #42: 0x000000007ff8f6f4
    frame #43: 0x000000007ff8fcf8
    frame #44: 0x000000007ff8f2d4
    frame #45: 0x000000007ff9507c
    frame #46: 0x000000007ff95ce8
    frame #47: 0x000000007ff8fa34
    frame #48: 0x000000007ff8fcf8
    frame #49: 0x000000007ff8f2d4
    frame #50: 0x000000007ff9507c
    frame #51: 0x000000007ff95ce8
    frame #52: 0x000000007ff8fa34
    frame #53: 0x000000007ff8fcf8
    frame #54: 0x000000007ff8f314
    frame #55: 0x000000007ff8f808
    frame #56: 0x000000007ff8f6f4
    frame #57: 0x000000007ff8fcf8
    frame #58: 0x000000007ff8f2d4
    frame #59: 0x000000007ff9507c
    frame #60: 0x000000007ff95ce8
    frame #61: 0x000000007ff8fa34
    frame #62: 0x000000007ff8fcf8
    frame #63: 0x000000007ff8f2d4
    frame #64: 0x000000007ff8e160
    frame #65: 0x000000007ff90890
    frame #66: 0x000000007ff90b48
    frame #67: 0x000000007ff7fe54