Android: `wa ret` is not allowed in R2Frida session. `error: expected a pointer`

[enovella]

More info & sample at: https://github.com/nowsecure/r2frida/issues/556

Problem

We cannot perform in-memory patching

Old slides with right inmem patching

More info

[0x751067cad4]> wa ret
ERROR: error: expected a pointer
ERROR: Cannot write. Use `omf`, `io.cache` or reopen the file in rw with `oo+`
[0x751067cad4]> wx c0035fd6
ERROR: error: expected a pointer
ERROR: Cannot write. Use `omf`, `io.cache` or reopen the file in rw with `oo+`
[0x751067cad4]> wx 0xc0035fd6
ERROR: error: expected a pointer
ERROR: Cannot write. Use `omf`, `io.cache` or reopen the file in rw with `oo+`
[0x751067cad4]>

Memory permissions: :dmp failing

[enovella]

@trufae was io.cache set to false by default before?

[trufae]

if io.cache is enabled then you are not patching anything. on linux, mac and ios all these commands works fine, , wa, wx and dmp work as it should

[as0ler]

It worked running Android 12 and Frida 16.1.10: (with io.cache=false)

[as0ler]

:dmp working on Android 12 running Frida 16.1.11:

[enovella]

It doesnt work on a region that it doesnt already have rwx:

[enovella]

It worked running Android 12 and Frida 16.1.10: (with io.cache=false)

Where is your ret written into? I cannot see the successful message as well as the opcode ret in the current offset.

[0x7b5aecbad4]> wa ret
INFO: Written 4 byte(s) (ret) = wx c0035fd6 @ 0x7b5aecbad4

[enovella]

It works on a cleaned installation, tested with @as0ler