response speed in visual mode is too slow.

[ghostkkk]

hi~

I'm analyzing a program. the program has a security program. So i can't go through a ptrace-based program to reverse engineering.

But it is accessible with Frida. I think this is because so files are attached to different processors and work by reading memory directly.

So... I think r2frida(radare2+frida) is really the best combination.

But there was a problem while analyzing r2frida.

When using r2Frida remotely, The response speed in radare visual mode is too slow.

It takes too long to put in each command.

I was wondering if it was caused by remote access. I tested another program using r2 gdb and the response was as fast as local.

Is there a setting that allows you to perform visual mode quickly?

If r2frida is problem. I hope that the problem of r2frida is solved.

Test Environment frida-server-12.2.6-android-x86 in Android OS r2frida 2.9.0 in Mac Os

[trufae]

Which version of r2 are you using? From Git? i cant barely see any performance issue, but there's always room for improvement. Can you provide the remote target you are using (tcp, usb, android, ios, linux,..) and maybe a oneliner to reproduce this?

[enovella]

Same, I would like to reproduce too. Also, dont expect the same speed static vs dynamic.

[ghostkkk]

The environment I used is as follows.

frida install

Frida downloaded and used Frida-server-12.2.6-android-x86.xz as an executable in the emulator.

r2frida install.

Mac Siria 10.11 using vmware I installed it in the preferred way.

$ git clone https://github.com/nowsecure/r2frida.git $ cd r2frida $ make $ sudo make install

The connection method is the connection using tcp.

The server ran on Android as "Frida_server -l 0.0.0.0:99999 &".

Then client ran "r2 frida://192.168.1.101:9999/2589" on the Mac computer

Use the "s" command to move to a specific memory location. then Visual mode is accessed by V command in r2 command mode.

I honestly don't know how to provide a test environment.

If necessary, it is possible to produce a video clip.

ps : But in the same environment, the "r2 gdb://192.168.1.101/1234" is clearly fast.

[ghostkkk]

I solved this problem.

It was my setting problem.

In the meantime, the network on the server side and the client side have operated in different bands. ( server ip: 192.168.1.101 client : 192.168.63.3 )

The fast motion was confirmed as the client was aligned with the server's band just now. =>( server ip: 192.168.1.101 client : 192.168.1.3 )

Thank you for your interest in enovella,truefae.