search

frida / frida-java-bridge

Java runtime interop from Frida
326 stars 123 forks source link

Java API only partially available for JDK 17 #242

Open AndrewFasano opened 2 years ago

AndrewFasano commented 2 years ago

I'm trying to use Frida with a Linux x86_64 Java application. I'm using the OpenJDK 17 with debug symbols provided by Eclipse Adoptium.

When I run the application (a .jar file) with something like frida /path/to/openjdk17/bin/java myapp.jar and let it start (%resume), I then check if Java is available with Java.available and get an error about two unsupported methods:

[Local::java]-> Java.available
Error: Java API only partially available; please file a bug. Missing: _ZN6Method24restore_unshareable_infoEP6Thread, _ZN10JavaThread27thread_from_jni_environmentEP7JNIEnv_
    at P (frida/node_modules/frida-java-bridge/lib/jvm.js:143)
    at C (frida/node_modules/frida-java-bridge/lib/jvm.js:12)
    at _tryInitialize (frida/node_modules/frida-java-bridge/index.js:17)
    at y (frida/node_modules/frida-java-bridge/index.js:9)
    at <anonymous> (frida/node_modules/frida-java-bridge/index.js:320)
    at call (native)
    at o (/_java.js)
    at <anonymous> (/_java.js)
    at <anonymous> (frida/runtime/java.js:1)
    at call (native)
    at o (/_java.js)
    at r (/_java.js)
    at <eval> (frida/runtime/java.js:3)
    at _loadJava (native)
    at get (frida/runtime/core.js:130)
    at <anonymous> (<input>:22)

But methods are referenced in jvm.js here and here. I was going to try adding support for them, but given that they're already there, I'm not sure what to do.

I build Frida from source in a Docker container as follows. In hindsight, this may have been overkill, but I saw the methods in the source here and assumed (incorrectly) the issue was that the pip-based install was out of date.

FROM ubuntu:20.04
RUN apt-get -qq update && \
    DEBIAN_FRONTEND=noninteractive apt-get -qq install -y \
    build-essential curl git lib32stdc++-9-dev \
    libc6-dev-i386 nodejs npm python3-dev python3-pip \
    python3.8 gcc-multilib g++-multilib

RUN pip3 install colorama prompt-toolkit pygments

RUN git clone --recurse-submodules https://github.com/frida/frida.git /frida

WORKDIR /frida

RUN make core-linux-x86_64
RUN make python-linux-x86_64 PYTHON=$(which python3.8)

# Setup Frida python/tools (so we can run frida on the cli)
ENV FRIDA_EXTENSION=/frida/build/frida-linux-x86_64/lib/python3.8/site-packages/_frida.so

RUN cd /frida/frida-python && \
    FRIDA_VERSION=$(git describe --tags) \
    python3.8 setup.py install

RUN cd /frida/frida-tools && make && python3.8 setup.py install

# Install JDK
RUN mkdir /java
RUN curl -L -o- https://github.com/adoptium/temurin17-binaries/releases/download/jdk-17.0.2%2B8/OpenJDK17U-jdk_x64_linux_hotspot_17.0.2_8.tar.gz | tar xz -C /java

I believe this is different from frida/frida#171 as I'm getting a different list of missing methods and I don't think they're really missing. Any advice would be much appreciated, thanks!

AndrewFasano commented 2 years ago

Looked into this a bit more and things are starting to make more sense. Those symbols were missing because frida couldn't find them in my libjvm.so (not sure how I misunderstood that at first).

It looks like this happened because the argument type to Method::restore_unsharable_info changed from a Thread to a JavaThread sometime between the last JDK version frida supported in this. I have _ZN6Method24restore_unshareable_infoEP10JavaThread which demangles to Method::restore_unshareable_info(JavaThread*) vs the code here which handles _ZN6Method24restore_unshareable_infoEP6Thread (Method::restore_unshareable_info(Thread*)).

And it looks like _ZN10JavaThread27thread_from_jni_environmentEP7JNIEnv_ (JavaThread::thread_from_jni_environment(JNIEnv_*)) is no longer an exported symbol.

I found this comment which seems to provide some guidance for a workaround so I'll try that and report back: frida/frida-java-bridge#254

4val0v commented 2 years ago

@AndrewFasano Try the JDK from https://adoptopenjdk.net/upstream.html and after attaching to the process execute Java.available to check

iddoeldor commented 2 years ago

@AndrewFasano Try the JDK from https://adoptopenjdk.net/upstream.html and after attaching to the process execute Java.available to check

any news ? downloaded the JDK and Java is still not available

depocoder commented 1 year ago

Any news? Still have issue.. Downloaded JDK 17 and still have issue.

XhstormR commented 1 year ago

Does the latest JDK 20 have this problem?