error 500 - Githubissues

slowmistio commented 4 years ago

Load Classes and Methods 🎯... and then HOOK everything ⚓️ Load Classes

then: Request URL: http://127.0.0.1:5000/dump?choice=1 Request Method: GET Status Code: 500 INTERNAL SERVER ERROR Remote Address: 127.0.0.1:5000

error 500

slowmistio commented 4 years ago

[] Process Spawned 127.0.0.1 - - [01/Apr/2020 11:30:47] "POST / HTTP/1.1" 200 - [2020-04-01 11:31:36,100] ERROR in app: Exception on /dump [GET] Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise raise value File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request return self.view_functionsrule.endpoint File "mobilesecurity.py", line 230, in home loaded_classes=api.loadclasses() File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 401, in method return script._rpc_request('call', js_name, args, **kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper return f(args, kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 316, in _rpc_request self.post(message) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper return f(args, kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 267, in post self._impl.post(raw_message, kwargs) frida.InvalidOperationError: script is destroyed 127.0.0.1 - - [01/Apr/2020 11:31:36] "GET /dump?choice=1 HTTP/1.1" 500 - [2020-04-01 11:31:40,825] ERROR in app: Exception on /dump [GET] Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise raise value File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request return self.view_functionsrule.endpoint File "mobilesecurity.py", line 230, in home loaded_classes=api.loadclasses() File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 401, in method return script._rpc_request('call', js_name, args, **kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper return f(args, kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 316, in _rpc_request self.post(message) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper return f(args, kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 267, in post self._impl.post(raw_message, kwargs) frida.InvalidOperationError: script is destroyed 127.0.0.1 - - [01/Apr/2020 11:31:40] "GET /dump?choice=1 HTTP/1.1" 500 - [2020-04-01 11:31:42,215] ERROR in app: Exception on /dump [GET] Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise raise value File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request return self.view_functionsrule.endpoint File "mobilesecurity.py", line 230, in home loaded_classes=api.loadclasses() File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 401, in method return script._rpc_request('call', js_name, args, **kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper return f(args, *kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 316, in _rpc_request self.post(message) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper return f(args, kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 267, in post self._impl.post(raw_message, kwargs) frida.InvalidOperationError: script is destroyed 127.0.0.1 - - [01/Apr/2020 11:31:42] "GET /dump?choice=1 HTTP/1.1" 500 - 127.0.0.1 - - [01/Apr/2020 11:31:55] "GET /static/bootstrap.bundle.min.js.map HTTP/1.1" 200 - 127.0.0.1 - - [01/Apr/2020 11:31:55] "GET /static/bootstrap.min.css.map HTTP/1.1" 200 -

m0bilesecurity commented 4 years ago

Interesting 😉 Can you provide info about the APK and the device used for the test?

slowmistio commented 4 years ago

@m0bilesecurity
the device is an Android virtual machine App https://m.bybit.com

slowmistio commented 4 years ago

Android virtual machine http://mumu.163.com/

m0bilesecurity commented 4 years ago

Are you sure that FRIDA server is working fine on your emulator? Have you tried to get process list (frida-ps -U) or inject a simple js script (frida -f com.example.app -l your_script.js )?

Anyway, I'm sorry but I have no plans to support mamu163. Please try to use AVD or Genymotion.

slowmistio commented 4 years ago

@m0bilesecurity yes, FRIDA server is working fine

m0bilesecurity commented 4 years ago

Is com.android.systemui available? Can you try to attach it directly with FRIDA?

NOTE RMS attachs a persistence process called com.android.systemui to get the list of all the classes that are already loaded in memory before the launch of the target app.

slowmistio commented 4 years ago

@m0bilesecurity OK， i have a try

slowmistio commented 4 years ago

Package Name: com.android.systemui Mode: Spawn Frida Startup Script: Java.perform(function() {

var str = Java.use('java.lang.String');
str.equals.overload('java.lang.Object').implementation = function(obj) {
    var result = str.equals.overload('java.lang.Object').call(this, obj);
    if (obj) {
        if (obj.toString().length > 8) {
            send(str.toString.call(this)+" == "+obj.toString()+" ? "+ result);
        }
    }
    return result;
}

}); [2020-04-02 15:43:46,298] ERROR in app: Exception on / [POST] Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise raise value File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request return self.view_functionsrule.endpoint File "mobilesecurity.py", line 151, in device_management pid = device.spawn([package_name]) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper return f(*args, **kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 140, in spawn return self._impl.spawn(program, argv, envp, env, cwd, stdio, aux_options) frida.NotSupportedError: unable to find a front-door activity 127.0.0.1 - - [02/Apr/2020 15:43:46] "POST / HTTP/1.1" 500 -

slowmistio commented 4 years ago

After this error, everything else works fine.

but : [2020-04-02 15:55:32,972] ERROR in app: Exception on /dump [GET] Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise raise value File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request return self.view_functionsrule.endpoint File "mobilesecurity.py", line 239, in home loaded_methods=api.loadmethods(loaded_classes) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 401, in method return script._rpc_request('call', js_name, args, kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper return f(*args, kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 333, in _rpc_request raise result[2] frida.InvalidOperationError: script is destroyed 127.0.0.1 - - [02/Apr/2020 15:55:32] "GET /dump?choice=2 HTTP/1.1" 500 - [2020-04-02 15:56:19,699] ERROR in app: Exception on /dump [GET] Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise raise value File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request return self.view_functions[rule.endpoint](req.view_args) File "mobilesecurity.py", line 239, in home loaded_methods=api.loadmethods(loaded_classes) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 401, in method return script._rpc_request('call', js_name, args, *kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper return f(args, kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 316, in _rpc_request self.post(message) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper return f(args, kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 267, in post self._impl.post(raw_message, kwargs) frida.InvalidOperationError: script is destroyed 127.0.0.1 - - [02/Apr/2020 15:56:19] "GET /dump?choice=2 HTTP/1.1" 500 - [2020-04-02 15:56:22,780] ERROR in app: Exception on /dump [GET] Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 2446, in wsgi_app response = self.full_dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1951, in full_dispatch_request rv = self.handle_user_exception(e) File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1820, in handle_user_exception reraise(exc_type, exc_value, tb) File "/usr/local/lib/python3.7/site-packages/flask/_compat.py", line 39, in reraise raise value File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1949, in full_dispatch_request rv = self.dispatch_request() File "/usr/local/lib/python3.7/site-packages/flask/app.py", line 1935, in dispatch_request return self.view_functionsrule.endpoint File "mobilesecurity.py", line 239, in home loaded_methods=api.loadmethods(loaded_classes) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 401, in method return script._rpc_request('call', js_name, args, **kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper return f(args, *kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 316, in _rpc_request self.post(message) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper return f(args, kwargs) File "/usr/local/lib/python3.7/site-packages/frida/core.py", line 267, in post self._impl.post(raw_message, kwargs) frida.InvalidOperationError: script is destroyed 127.0.0.1 - - [02/Apr/2020 15:56:22] "GET /dump?choice=2 HTTP/1.1" 500 -

slowmistio commented 4 years ago

This is due to the stability of app itself or some unknown crash of frida framework ?

m0bilesecurity commented 4 years ago

Hey ciao, glad to see it working ;)

As explained in the README sometime RMS fails to load complex methods. Use a filter when this happens or feel free to improve the algo (default.js). If you are able to find out what is causing the issue it will be great. Feel free to create a pull request in this case ;)

For example, with RootBeer Sample app I was not able to load methods for some classes like R$styleable and TextViewFont.

With classes like RootBeer, RootBeerNative, MainActivity you should not face any issues. Please try and let me know. Thanks

slowmistio commented 4 years ago

@m0bilesecurity thanks~

m0bilesecurity / RMS-Runtime-Mobile-Security

error 500 #3