Frida not work on Mac M1

[huan]

I ran into frida/frida#1578 this week with M1 and frida 14.2.18, and the 14.2.2

$ uname -a
Darwin Huans-Air 20.3.0 Darwin Kernel Version 20.3.0: Thu Jan 21 00:06:51 PST 2021; root:xnu-7195.81.3~1/RELEASE_ARM64_T8101 arm64
$ which python3
/opt/homebrew/bin/python3
$ python3 --version
Python 3.9.5
$ pip3 list | grep frida
frida             14.2.2
frida-tools       9.2.5
$ frida Safari
     ____
    / _  |   Frida 14.2.2 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
Failed to attach: unable to access process with pid 34510 from the current user account
$ frida WeChat
     ____
    / _  |   Frida 14.2.2 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
Failed to attach: process is dead  

Update 1: disable SIP

After reading Frida 12.11 Released, I did a disable SIP, I got the following error messages:

1. Failed to attach: unexpected error while starting thread (set_thread_state returned '(os/kern) protection failure')
2. Failed to attach: failed to open file “/usr/lib/libSystem.B.dylib”: open() failed: No such file or directory

$ frida Safari
     ____
    / _  |   Frida 14.2.18 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
Failed to attach: unexpected error while starting thread (set_thread_state returned '(os/kern) protection failure')
$ frida WeChat
     ____
    / _  |   Frida 14.2.18 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
Failed to attach: failed to open file “/usr/lib/libSystem.B.dylib”: open() failed: No such file or directory

Update 2: add a boot argument

After reading Frida 12.11 Released, I did a add a boot argument, after reboot, I got the following error messages:

1. Failed to attach: process is dead with Spotify
2. It works with Safari.

$ frida Safari
     ____
    / _  |   Frida 14.2.18 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/

[Local::Safari]->
^D

$ frida Spotify
     ____
    / _  |   Frida 14.2.18 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
Failed to attach: process is dead   

Update 3:

I confirm that I can run the following C code with frida, from frida/frida#1581 @chrisliu529

#include <unistd.h>

int main() {
    while(1) {
        sleep(1);
    }
    return 0;
}

$ ./a.out &
[1] 2168
$ frida a.out
     ____
    / _  |   Frida 14.2.18 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/

[Local::a.out]->

So what we are facing is the same issue as https://github.com/frida/frida/issues/1728 now.

[huan]

Frida 15.1.11 works! 🎉

WeChat: Version 3.2.1 (19797)

$ pip3 install --upgrade frida

$ frida --version
15.1.11
┌ huan@Huans-MacBook-Air.local:~ [00:41:02] tty:[ttys000] jobs:[0]
└ $ frida WeChat
     ____
    / _  |   Frida 15.1.11 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/

[Local::WeChat]->

[mr-m0nst3r]

Hey guys,

This is interesting:

frida --version 15.1.14

if we attach to process running under apple silicon, it's working.

if we attach to process running under intel, process is dead:

frida 阿里云盘

---

/ | Frida 15.1.14 - A world-class dynamic instrumentation toolkit | (| | | Commands: // |_| help -> Displays the help system . . . . object? -> Display information about 'object' . . . . exit/quit -> Exit . . . . . . . . More info at https://frida.re/docs/home/ Failed to attach: process is dead

So, I guess we should use Intel version of frida, which means that frida running under Intel/Rosetta, to attach to Intel processes.

Haven't tested yet.

[reinismu]

Ye same here with me. Thought to play with frida and one offline game, but it will just exit '''

---

/ _  |   Frida 15.1.17 - A world-class dynamic instrumentation toolkit

| (_| |

| Commands: // |_| help -> Displays the help system . . . . object? -> Display information about 'object' . . . . exit/quit -> Exit . . . . . . . . More info at https://frida.re/docs/home/ . . . . . . . . Connected to Local System (id=local) Failed to attach: process is dead '''

Tried both with and without rosetta. The result is the same. Game does run under rosetta.

My SIP is disabled

A bit sand that can't tinker with it