Reputation: 11
Frida-Gadget not working with Android's app_process
I want to instrument a Java program on my Android device via a Frida-Gadget but I am failing to get it to work. Here are the steps i took.
First of all here is the code of a simple Java program:
import java.io.IOException;
import java.io.InputStreamReader;
public class Program{
public static void main(String[] args) {
System.load("/data/local/tmp/frida-gadget.so");
System.out.println("Hello World");
System.out.println("Press Enter to continue...");
try {
new BufferedReader(new InputStreamReader(System.in)).readLine();
} catch (IOException e) {
e.printStackTrace();
}
test();
}
public static void test() {
System.out.println("Hello World 2");
}
}
I compiled this program to a Program.class file and then to a .dex file via d8 Android SDK Tools. I packed the classes.dex file in a jar archive and pushed it to my Android Device (Android 11). I also pushed the frida-gadget.so (arm64 version 16.1.3) to /data/local/tmp as well as the frida-gadget.config and the script.js file.
Here is my frida-gadget.config file:
"interaction": {
"type": "script",
"path": "/data/local/tmp/script.js"
}
}
and my script file:
console.log("frida stared without issues!");
console.log(Java.available)
console.log(Process.id)
Java.perform(function() {
console.log("inside Java.perform()")
try {
var ProgramClass = Java.use('Program');
ProgramClass.test.implementation = function() {
console.log("Hooked Hello World 2");
this.test(); // Call the original function
};
} catch(e) {
console.error("Error during instrumentation: " + e.message);
}
});
I start my program with the following line:
adb shell CLASSPATH=/sdcard/program.jar exec app_process /system/bin/ Program
On the output i can see all lines from the console.log() calls from the script, expect those inside the Java.perform() call. In fact it does not seem that anything inside Java.perform() is executed, since also the instrumentation does not work.
What i have tried so far: I also put
"java":
{
"enabled":true
}
inside my config, without any outcome.
What I noticed is that as soon as I am including the System.load("/data/local/tmp/frida-gadget.so") line in my program, it finishes execution but it does return with exit code -1. But anyway i cannot find any meaningful error message in logcat or the console. I also tried wrapping the whole script with a try catch block, without any outcome.
My question now is if anybody has experienced similar issues or if someone knows if there are specific security measures on Android which do not allow to instrument the code here. (I had the intention using Frida-Gadgets is specifically for devices without root).
I am forced to use the app_process for very specific reasons, this is just a test program.
Thanks in Advance!
Upvotes: 1
Views: 765
Answers (1)
Reputation: 11
Java.performNow() works as mentioned in this link https://github.com/frida/frida-java-bridge/issues/89 and tried out by me when facing similar problem
Upvotes: 0
Related Questions
- Jackson with JSON: Unrecognized field, not marked as ignorable
- You need to use a Theme.AppCompat theme (or descendant) with this activity
- Can't create handler inside thread that has not called Looper.prepare()
- Why is executing Java code in comments with certain Unicode characters allowed?
- Android 8: Cleartext HTTP traffic not permitted
- How can I create an executable/runnable JAR with dependencies using Maven?
- How can I open a URL in Android's web browser from my application?
- How to get the current working directory in Java?
- How to create RecyclerView with multiple view types
- Eclipse/Java code completion not working