search

frida / frida-java-bridge

Java runtime interop from Frida
324 stars 120 forks source link

`Java.use` get spring boot jar class throw java.lang.NoClassDefFoundError on OpenJDK 17 #298

Open XhstormR opened 1 year ago

XhstormR commented 1 year ago

I use the Java.enumerateLoadedClasses method to enumerate the classes in the spring boot jar. If it matches, I use Java.use to get the class, but it does throw a NoClassDefFoundError exception.

I used OpenJDK version download link: https://cdn.azul.com/zulu/bin/zulu17.44.53-ca-jdk17.0.8.1-macosx_x64.zip

script.js :

Java.perform(() => {
    Java.enumerateLoadedClasses({
        onMatch: function (className) {
            if (className.includes('com.example.demo.DemoApplication')) {
                console.log(className)
                let clazz = Java.use(className) // NoClassDefFoundError
            }
        },
        onComplete: function () {
            console.log('------')
        }
    })
})

log:

$ java --version 
openjdk 17.0.8.1 2023-08-24 LTS
OpenJDK Runtime Environment Zulu17.44+53-CA (build 17.0.8.1+1-LTS)
OpenJDK 64-Bit Server VM Zulu17.44+53-CA (build 17.0.8.1+1-LTS, mixed mode, sharing)
$ frida --version 
16.1.4
$ frida -l 123.js  -p 41931    
     ____
    / _  |   Frida 16.1.4 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Local System (id=local)
Attaching...
com.example.demo.DemoApplication$$EnhancerBySpringCGLIB$$d084d40e
Error: java.lang.NoClassDefFoundError: com/example/demo/DemoApplication$$EnhancerBySpringCGLIB$$d084d40e
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/env.js:124)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/env.js:115)
    at apply (native)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/env.js:97)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/class-factory.js:488)
    at value (frida/node_modules/frida-java-bridge/lib/class-factory.js:945)
    at value (frida/node_modules/frida-java-bridge/lib/class-factory.js:950)
    at _make (frida/node_modules/frida-java-bridge/lib/class-factory.js:165)
    at use (frida/node_modules/frida-java-bridge/lib/class-factory.js:62)
    at use (frida/node_modules/frida-java-bridge/index.js:258)
    at onMatch (/Users/user/Documents/IdeaProjects/tttttt/123.js:6)
    at _enumerateLoadedClassesJvm (frida/node_modules/frida-java-bridge/index.js:104)
    at enumerateLoadedClasses (frida/node_modules/frida-java-bridge/index.js:67)
    at <anonymous> (/Users/user/Documents/IdeaProjects/tttttt/123.js:12)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)
    at perform (frida/node_modules/frida-java-bridge/index.js:205)
    at <eval> (/Users/user/Documents/IdeaProjects/tttttt/123.js:13)
    at evaluate (native)
    at <anonymous> (/frida/repl-2.js:1)

another script2.js thorw error: Unable to make thread_from_jni_environment() helper for the current architecture:

const traceMethod = (className, methodName) => {
    let clazz = Java.use(className)

    let targetClassMethod = className + '.' + methodName

    for (const method of clazz[methodName].overloads) {
        method.implementation = function() {
            let log = { 'method' : targetClassMethod, args : [] }

            for (const argument of arguments) {
                log.args.push(argument)
            }

            let ret = method.apply(this, arguments)
            log.ret = ret
            //loging(log, { i : false })
            printStackTrace()
            return ret
        }
    }
}

Java.perform(() => {
    traceMethod('java.lang.String',  'toString');
})

console.log('------')
$ frida -l 123.js  -p 41931 
     ____
    / _  |   Frida 16.1.4 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Local System (id=local)
Attaching...
------
------
Error: Unable to make thread_from_jni_environment() helper for the current architecture
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/jvm.js:191)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/jvm.js:235)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)
    at R (frida/node_modules/frida-java-bridge/lib/jvm.js:250)
[Local::PID::41931 ]->