chame1eon / jnitrace Goto Github PK
View Code? Open in Web Editor NEWA Frida based tool that traces usage of the JNI API in Android apps.
License: MIT License
jnitrace's People
Contributors
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
Stargazers
Watchers
Forkers
crackercat lgq2015 radcet wyu0hop sepyeight androlua killvxk aplus123 xixixi0hehehe haidragon skyun1314 hohjgdhsj bigfacecat2017 icew4y yuknight ztony478 jiejiao6 weiunli beyondmark primekun freemanzyq zekn kingking888 monohrom001 jacobi2017 1683942030 frank13810055034 youlor damnya hobama goodday123 pharazone misscoconut bjzz lycfr oujunke xinzeyang playniuniu david8557 litttley dev-bobbie clovin irain1987 bkerler satnglove hanbinglengyue xwangkai jpacg shuixi2013 0x6b7966 n0thing2speak jack51706 p-g-krish tigerwood xtftbwvfp sumerzhang yong718100 dxcyber409 gy02042006 widy28 seraphn thr0wcat sowdust darksand lincolnphu ch0pin lr-zhao jasonxgw asan1148 gyyfifafans forsun23 unverbraucht coperius antichown oleavr deathmemory soon-gz nadersidc xzhao23 iyzwei4666 kaelsun yujintao529 tchigher lucaks hhzkzt daisixuan kingsun0 xiajun325 bill-bil losenineai wangzh7678 tinymagicka kungia09 ramble01 kernelbk hanger23 datougui2020 xxoo2995 baptistapedro brucehe1026jnitrace's Issues
Error after attach, spawn app crashing
ERROR: {'type': 'error', 'description': 'Error: unable to intercept function at 0x7132f4a6a8; please file a bug', 'stack': 'Error: unable to intercept function at 0x7132f4a6a8; please file a bug\n at value (frida/runtime/core.js:364)\n at I (node_modules/jnitrace-engine/dist/engine.js:33)\n at onLeave (node_modules/jnitrace-engine/dist/engine.js:69)', 'fileName': 'frida/runtime/core.js', 'lineNumber': 364, 'columnNumber': 1}
Android 9.0
Frida version 15.1.14
ERROR: {'type': 'error', 'description': 'Error: unable to intercept function at 0x6cee8446a8; please file a bug', 'stack': 'Error: unable to intercept function at 0x6cee8446a8; please file a bug\n at value (frida/runtime/core.js:364)\n at I (node_modules/jnitrace-engine/dist/engine.js:33)\n at onLeave (node_modules/jnitrace-engine/dist/engine.js:69)', 'fileName': 'frida/runtime/core.js', 'lineNumber': 364, 'columnNumber': 1}
Android 11
Frida version 15.1.14
spawn crash on both devices
output not saved to file when remote?
$jnitrace -l libEncryptor.so -l libsscronet.so -l libttcrypto.so -l libttmain.so com.zhiliaoapp.musically -R 192.168.86.65:6666 --output jnitrace.log -b accurate --ignore-vm
$cat jnitrace.log
[]%
However, the trace data is printing to stdout. Am I doing something wrong?
device: arm64-v8a, android 8.1.0
frida: 14.2.13
jnitrace: 3.2.0
jnitrace execution error
Hello
I am trying to execute jnitrace with python3.8 environment
it shows below
Traceback (most recent call last):
File "C:\Users\a\AppData\Local\Programs\Python\Python38\Scripts\jnitrace-script.py", line 11, in
load_entry_point('jnitrace==3.0.0', 'console_scripts', 'jnitrace')()
File "C:\Users\a\AppData\Local\Programs\Python\Python38\lib\site-packages\jnitrace-3.0.0-py3.8.egg\jnitrace\jnitrace.py", line 519, in main
File "C:\Users\a\AppData\Local\Programs\Python\Python38\lib\site-packages\pkg_resources_init_.py", line 1156, in resource_string
return get_provider(package_or_requirement).get_resource_string(
File "C:\Users\a\AppData\Local\Programs\Python\Python38\lib\site-packages\pkg_resources_init_.py", line 361, in get_provider
import(moduleOrReq)
ModuleNotFoundError: No module named 'jnitrace.build'
can you take this issue?
App stopped when spawn mode
when I use spawn mode,the app will stopped.
the comman is jnitrace -l * com.kanxue.ollvm_ndk_9.
when I use attach mode, It work normally.
the command is jni -m attach -l * com.kanxue.ollvm_ndk_9.
the app is here.
ollvm9.zip
frida.TimedOutError : ~
Hi, I am using frida 14.2.8 & python 3.6.
my devices is galaxy s9+, so 64bits of frida-server is running on devices.
but when I have try to use, the error occurred .
jnitrace -l libDrm2.so com.appName
------Error----------------------------------------
Traceback (most recent call last):
File "c:\users\des\appdata\local\programs\python\python36\lib\runpy.py", line 193, in _run_module_as_main
"main", mod_spec)
File "c:\users\des\appdata\local\programs\python\python36\lib\runpy.py", line 85, in run_code
exec(code, run_globals)
File "C:\Users\des\AppData\Local\Programs\Python\Python36\Scripts\jnitrace.exe_main.py", line 9, in
File "c:\users\des\appdata\local\programs\python\python36\lib\site-packages\jnitrace\jnitrace.py", line 565, in main
pid = device.spawn([args.target], **aux_kwargs)
File "c:\users\des\appdata\local\programs\python\python36\lib\site-packages\frida\core.py", line 26, in wrapper
return f(*args, **kwargs)
File "c:\users\des\appdata\local\programs\python\python36\lib\site-packages\frida\core.py", line 140, in spawn
return self._impl.spawn(program, argv, envp, env, cwd, stdio, aux_options)
frida.TimedOutError: unexpectedly timed out while waiting for app to launch
Export the hooking logic as a library
Are there any plans to expose the core hooking logic of this library as a NPM library that other Frida scripts can consume?
I'd love to reuse the code you have already written and a library would probably be more maintainable than copy-pasting functions. :)
[Not an Issue] Termux Support
Since Frida now can be run in Android Termux fine , please give an -N option to connect to frida-server running on 127.0.0.1 locally, same as
https://github.com/sensepost/objection
which have -N option to connect on by default 127.0.0.1:27042 . so if jnitrace have -N it can perfectly run on android standalone , no need of pc as host .
Thanks
Attach mode maybe has some bugs
When using attach mode,jnitrace can't find the target process although that target process is running all the time:
Traceback (most recent call last):
File "H:\python\program\Scripts\jnitrace-script.py", line 11, in
load_entry_point('jnitrace==3.3.0', 'console_scripts', 'jnitrace')()
File "h:\python\program\lib\site-packages\jnitrace\jnitrace.py", line 584, in main
pid = device.get_process(args.target).pid
File "h:\python\program\lib\site-packages\frida\core.py", line 26, in wrapper
return f(*args, **kwargs)
File "h:\python\program\lib\site-packages\frida\core.py", line 121, in get_process
raise _frida.ProcessNotFoundError("unable to find process with name '%s'" % process_name)
frida.ProcessNotFoundError: unable to find process with name 'com.hxyh.wxamp3'
Frida 15.1.16 - A world-class dynamic instrumentation toolkit
filter not work
-i Get
-e *
-e .*
--ignore-env
--ignore-vm
i had try many option, but none of them work, it would print evething called
frida-server 14.0.8
android 10, pixel QP1A.191005.007.A3
Error includes of null
i got this error
ERROR: {'type': 'error', 'description': "TypeError: Cannot read property 'includes' of null", 'stack': "TypeError: Cannot read property 'includes' of null
at jnitrace/src/main.ts:39:22
at Array.forEach (<anonymous>)
at Object.onLoaded (jnitrace/src/main.ts:38:26)
at Object.doCallback (node_modules/jnitrace-engine/dist/index.js:127:13)
at checkLibrary (node_modules/jnitrace-engine/dist/engine.js:44:9)
at InvocationContext.<anonymous> (node_modules/jnitrace-engine/dist/engine.js:102:17)", 'fileName': 'jnitrace/src/main.ts', 'lineNumber': 39, 'columnNumber': 22}jnitrace 怎么打印返回的jstring值
怎么修改jnitrace源码打印返回的jstring值
Get error when jnitrace an app packed by 360
Hello, I test jnitrace on an app packed by 360 but got an error message:
command is below:
jnitrace -l \* my.v1rtyoz.helloworld- Nexus 6P - Android 6.0.1
- frida - 12.8.1
- application: my.v1rtyoz.helloworld .apk
- displayed error messages
Error: abort was called
jnitrace -l libsgmainso-6.4.94.so com.alimama.moon
get this error:
ERROR: {'type': 'error', 'description': 'Error: abort was called', 'stack': 'Error: abort was called\n at InvocationContext. (jnitrace/src/jni/java_vm_interceptor.ts:100:40)', 'fileName': 'jnitrace/src/jni/java_vm_interceptor.ts', 'lineNumber': 100, 'columnNumber': 40}
npm run watch error -> build error
Hi there, When i run "npm run watch" right after "npm install", tons of error show up, and this is one of them.
jnitrace version: 3.3.0
py version: 3.7.7
frida version: 14.2.18
npm version: 6.14.7
OS: Debian based Linux
`jnitrace -I` syntax error
jnitrace -I work()V -l libmyjni.so com.gdufs.xman
bash: syntax error near unexpected token `('
why?
frida --version
12.8.0
Tracing. Press any key to quit...
Tracing. Press any key to quit...
app 直接闪退了,打印输出如下,什么都没有?
Tracing. Press any key to quit...
Stopping application (name=com.xunmeng.pinduoduo, pid=6042)...stopped.
设备:android10 MI8
frida-server:14.2.8
app: 拼多多4.69.0
Error when running script line 1: expecting '(' at <anonymous> (/frida/repl-2.js:1)
When i run example script showing error. Thank you in advance.
import { JNIInterceptor } from "jnitrace-engine";
// Attach to the JNI FindClass method
JNIInterceptor.attach("FindClass", {
onEnter(args) {
// called whenever the FindClass is about to be called
console.log("FindClass method called");
this.className = Memory.readCString(args[1]);
},
onLeave(retval) {
// called whenever the FindClass method has finished executing
console.log("\tLoading Class:", this.className);
console.log("\tClass ID:", retval.get());
}
});
frida version:
16.1.3
Device:
Nox Emulator, Android Version 7. x86.
jnitrace为何无法attach?
要么APP崩掉,要么什么都没有
APP has stopped
I used to run with Nox emulator with android 7.1.2
and then APP has stopped. and nothing happens at the console just shows "Tracing. Press any key to quit..."
not working on x86 emulator with arm support
I'm tested jnitrace on mumu emulator which support arm libraries
jnitrace don't print anything
tested library is arm
Cannot trace any function calls
C:\Users\cooluser>jnitrace -m attach -l * com.coolpackage.app
Tracing. Press any key to quit...
I am debugging an app which uses JNI to do most of its work. When I use jnitrace, there is no function calls I can see. I can do anything in the app, any movement, but it just keeps being stuck. No function calls. What would be the problem? Thanks!
filters not working?
host: macosx big sur 11.0.1
remote device: arm64-v8a, android 8.1.0
frida: 14.2.13
jnitrace: 3.2.1
i'm looking to trace one method, yet it looks like it's tracing all of them. Perhaps this native code has inserted it's own hooks you are following?
output:
$jnitrace -l '*' -R 192.168.86.65:6666 -i http_verify_sign com.zhiliaoapp.musically
Tracing. Press any key to quit...
/* TID 18776 */
568 ms [+] JavaVM->GetEnv
568 ms |- JavaVM* : 0x78258a8200
568 ms |- void** : 0x7fee618be0
568 ms |: 0x78258cb1c0
568 ms |- jint : 65542
568 ms |= jint : 0
568 ms ----------------------------Backtrace----------------------------
568 ms |-> 0x78075d8d18: JNI_OnLoad+0x44 (libkeva.so:0x78075cb000)
568 ms |-> 0x78075d8d18: JNI_OnLoad+0x44 (libkeva.so:0x78075cb000)
/* TID 18776 */
696 ms [+] JNIEnv->FindClass
696 ms |- JNIEnv* : 0x78258cb1c0
696 ms |- char* : 0x78075e9e24
696 ms |: com/bytedance/keva/KevaImpl
696 ms |= jclass : 0x89 { com/bytedance/keva/KevaImpl }
696 ms ----------------------------Backtrace----------------------------
696 ms |-> 0x78075d8d3c: JNI_OnLoad+0x68 (libkeva.so:0x78075cb000)
696 ms |-> 0x78075d8d3c: JNI_OnLoad+0x68 (libkeva.so:0x78075cb000)
/* TID 18776 */
699 ms [+] JNIEnv->GetMethodID
699 ms |- JNIEnv* : 0x78258cb1c0
699 ms |- jclass : 0x89 { com/bytedance/keva/KevaImpl }
699 ms |- char* : 0x78075e9e40
699 ms |: addMapIntWhenLoading
699 ms |- char* : 0x78075e9e55
699 ms |: (Ljava/lang/String;IJ)V
699 ms |= jmethodID : 0x9bbc2778 { addMapIntWhenLoading(Ljava/lang/String;IJ)V }
699 ms ----------------------------Backtrace----------------------------
699 ms |-> 0x78075d8d68: JNI_OnLoad+0x94 (libkeva.so:0x78075cb000)
699 ms |-> 0x78075d8d68: JNI_OnLoad+0x94 (libkeva.so:0x78075cb000)
/* TID 18776 */
703 ms [+] JNIEnv->GetMethodID
703 ms |- JNIEnv* : 0x78258cb1c0
703 ms |- jclass : 0x89 { com/bytedance/keva/KevaImpl }
703 ms |- char* : 0x78075e9e6d
703 ms |: addMapBoolWhenLoading
703 ms |- char* : 0x78075e9e83
703 ms |: (Ljava/lang/String;ZJ)V
703 ms |= jmethodID : 0x9bbc26e8 { addMapBoolWhenLoading(Ljava/lang/String;ZJ)V }
703 ms ----------------------------Backtrace----------------------------
703 ms |-> 0x78075d8d9c: JNI_OnLoad+0xc8 (libkeva.so:0x78075cb000)
703 ms |-> 0x78075d8d9c: JNI_OnLoad+0xc8 (libkeva.so:0x78075cb000)
/* TID 18776 */
706 ms [+] JNIEnv->GetMethodID
706 ms |- JNIEnv* : 0x78258cb1c0
706 ms |- jclass : 0x89 { com/bytedance/keva/KevaImpl }
706 ms |- char* : 0x78075e9e9b
706 ms |: addMapFloatWhenLoading
706 ms |- char* : 0x78075e9eb2
706 ms |: (Ljava/lang/String;FJ)V
706 ms |= jmethodID : 0x9bbc2748 { addMapFloatWhenLoading(Ljava/lang/String;FJ)V }
706 ms ----------------------------Backtrace----------------------------
706 ms |-> 0x78075d8dc8: JNI_OnLoad+0xf4 (libkeva.so:0x78075cb000)
706 ms |-> 0x78075d8dc8: JNI_OnLoad+0xf4 (libkeva.so:0x78075cb000)
/* TID 18776 */
709 ms [+] JNIEnv->GetMethodID
709 ms |- JNIEnv* : 0x78258cb1c0
709 ms |- jclass : 0x89 { com/bytedance/keva/KevaImpl }
709 ms |- char* : 0x78075e9eca
709 ms |: addMapDoubleWhenLoading
709 ms |- char* : 0x78075e9ee2
709 ms |: (Ljava/lang/String;DJ)V
709 ms |= jmethodID : 0x9bbc2718 { addMapDoubleWhenLoading(Ljava/lang/String;DJ)V }
709 ms -----------------------------Backtrace-----------------------------
709 ms |-> 0x78075d8df4: JNI_OnLoad+0x120 (libkeva.so:0x78075cb000)
709 ms |-> 0x78075d8df4: JNI_OnLoad+0x120 (libkeva.so:0x78075cb000)
/* TID 18776 */
713 ms [+] JNIEnv->GetMethodID
713 ms |- JNIEnv* : 0x78258cb1c0
713 ms |- jclass : 0x89 { com/bytedance/keva/KevaImpl }
713 ms |- char* : 0x78075e9efa
713 ms |: addMapLongWhenLoading
713 ms |- char* : 0x78075e9f10
713 ms |: (Ljava/lang/String;JJ)V
713 ms |= jmethodID : 0x9bbc27a8 { addMapLongWhenLoading(Ljava/lang/String;JJ)V }
713 ms -----------------------------Backtrace-----------------------------
713 ms |-> 0x78075d8e20: JNI_OnLoad+0x14c (libkeva.so:0x78075cb000)
713 ms |-> 0x78075d8e20: JNI_OnLoad+0x14c (libkeva.so:0x78075cb000)
/* TID 18776 */
716 ms [+] JNIEnv->GetMethodID
716 ms |- JNIEnv* : 0x78258cb1c0
716 ms |- jclass : 0x89 { com/bytedance/keva/KevaImpl }
716 ms |- char* : 0x78075e9f28
716 ms |: addMapOffsetWhenLoading
716 ms |- char* : 0x78075e9f40
716 ms |: (Ljava/lang/String;JI)V
716 ms |= jmethodID : 0x9bbc27d8 { addMapOffsetWhenLoading(Ljava/lang/String;JI)V }
716 ms -----------------------------Backtrace-----------------------------
716 ms |-> 0x78075d8e4c: JNI_OnLoad+0x178 (libkeva.so:0x78075cb000)
716 ms |-> 0x78075d8e4c: JNI_OnLoad+0x178 (libkeva.so:0x78075cb000)
/* TID 18776 */
719 ms [+] JNIEnv->FindClass
719 ms |- JNIEnv* : 0x78258cb1c0
719 ms |- char* : 0x78075e9f58
719 ms |: java/lang/RuntimeException
719 ms |= jclass : 0x91 { java/lang/RuntimeException }
719 ms -----------------------------Backtrace-----------------------------
719 ms |-> 0x78075d8e6c: JNI_OnLoad+0x198 (libkeva.so:0x78075cb000)
719 ms |-> 0x78075d8e6c: JNI_OnLoad+0x198 (libkeva.so:0x78075cb000)
/* TID 18776 */
723 ms [+] JNIEnv->NewGlobalRef
723 ms |- JNIEnv* : 0x78258cb1c0
723 ms |- jobject : 0x91 { java/lang/RuntimeException }
723 ms |= jobject : 0x1e12 { java/lang/RuntimeException }
723 ms -----------------------------Backtrace-----------------------------
723 ms |-> 0x78075d8e80: JNI_OnLoad+0x1ac (libkeva.so:0x78075cb000)
723 ms |-> 0x78075d8e80: JNI_OnLoad+0x1ac (libkeva.so:0x78075cb000)
/* TID 18776 */
728 ms [+] JNIEnv->RegisterNatives
728 ms |- JNIEnv* : 0x78258cb1c0
728 ms |- jclass : 0x89 { com/bytedance/keva/KevaImpl }
728 ms |- JNINativeMethod* : 0x78075f2000
728 ms |: 0x78075d8ee0 - loadRepo(Ljava/lang/String;IZ)J
728 ms |: 0x78075d9088 - initialize(Ljava/lang/String;)V
728 ms |: 0x78075d91a0 - delete(Ljava/lang/String;)Z
728 ms |: 0x78075d9300 - clear(J)V
728 ms |: 0x78075d93c4 - dump(J)V
728 ms |: 0x78075d93d4 - checkReportException(J)V
728 ms |: 0x78075d9488 - storeInt(JLjava/lang/String;JI)J
728 ms |: 0x78075d9684 - storeBoolean(JLjava/lang/String;JZ)J
728 ms |: 0x78075d9884 - storeString(JLjava/lang/String;JLjava/lang/String;)J
728 ms |: 0x78075d9b78 - storeFloat(JLjava/lang/String;JF)J
728 ms |: 0x78075d9d7c - storeLong(JLjava/lang/String;JJ)J
728 ms |: 0x78075d9f78 - storeDouble(JLjava/lang/String;JD)J
728 ms |: 0x78075da17c - storeBytes(JLjava/lang/String;J[BI)J
728 ms |: 0x78075da40c - storeStringArray(JLjava/lang/String;J[Ljava/lang/String;I)J
728 ms |: 0x78075da818 - fetchInt(JLjava/lang/String;JI)I
728 ms |: 0x78075daa5c - fetchBoolean(JLjava/lang/String;JZ)Z
728 ms |: 0x78075daca0 - fetchLong(JLjava/lang/String;JJ)J
728 ms |: 0x78075daee4 - fetchFloat(JLjava/lang/String;JF)F
728 ms |: 0x78075db128 - fetchDouble(JLjava/lang/String;JD)D
728 ms |: 0x78075db36c - fetchString(JLjava/lang/String;JLjava/lang/String;)Ljava/lang/String;
728 ms |: 0x78075db65c - fetchBytes(JLjava/lang/String;J[BI)[B
728 ms |: 0x78075db90c - fetchStringArray(JLjava/lang/String;J[Ljava/lang/String;I)[Ljava/lang/String;
728 ms |: 0x78075dbdfc - erase(JLjava/lang/String;J)V
728 ms |: 0x78075dbfe0 - rebuildValueMap(J)V
728 ms |: 0x78075dc0c4 - contains(JLjava/lang/String;J)Z
728 ms |: 0x78075dc2bc - eraseUnusedChunk(JJ)V
728 ms |: 0x78075dc2d0 - protectPortingInterProcess(Ljava/lang/String;ZI)I
728 ms |- jint : 27
728 ms |= jint : 0
728 ms -----------------------------Backtrace-----------------------------
728 ms |-> 0x78075d8eac: JNI_OnLoad+0x1d8 (libkeva.so:0x78075cb000)
728 ms |-> 0x78075d8eac: JNI_OnLoad+0x1d8 (libkeva.so:0x78075cb000)
/* TID 18776 */
1099 ms [+] JNIEnv->GetStringUTFChars
1099 ms |- JNIEnv* : 0x78258cb1c0
1099 ms |- jstring : 0x7fee619098
1099 ms |- jboolean* : 0x0
1099 ms |= char* : 0x781a6c5640
1099 ms ------------------------------Backtrace------------------------------
1099 ms |-> 0x78075d90cc: libkeva.so!0xe0cc (libkeva.so:0x78075cb000)
1099 ms |-> 0x78075d90cc: libkeva.so!0xe0cc (libkeva.so:0x78075cb000)
/* TID 18776 */
1122 ms [+] JNIEnv->ReleaseStringUTFChars
1122 ms |- JNIEnv* : 0x78258cb1c0
1122 ms |- jstring : 0x781a6c5640
1122 ms |- char* : 0x781a6c5640
1122 ms |: /data/user/0/com.zhiliaoapp.musically/files/keva
1122 ms ------------------------------Backtrace------------------------------
1122 ms |-> 0x78075d916c: libkeva.so!0xe16c (libkeva.so:0x78075cb000)
1122 ms |-> 0x78075d916c: libkeva.so!0xe16c (libkeva.so:0x78075cb000)
/* TID 18776 */
1144 ms [+] JNIEnv->GetStringUTFChars
1144 ms |- JNIEnv* : 0x78258cb1c0
1144 ms |- jstring : 0x7fee619b88
1144 ms |- jboolean* : 0x0
1144 ms |= char* : 0x781a66a520
1144 ms ------------------------------Backtrace------------------------------
1144 ms |-> 0x78075d8f3c: libkeva.so!0xdf3c (libkeva.so:0x78075cb000)
1144 ms |-> 0x78075d8f3c: libkeva.so!0xdf3c (libkeva.so:0x78075cb000)
...
Jinitrace with frida gadget
Hi, first thank you for writing this script.
I am trying to run it on unrooted android using frida gadget.
The server has been included correctly in the apk and loaded correctly (confirmed with frida-ps -R).
But can't run it using jnitrace.
I started the app with gadget config set to "wait".
I tried the following code but all failed with error related to target:
jnitrace: error: the following arguments are required: target
The command tested are the following:
jnitrace -l * -R Gadget
jnitrace -l * -R re.frida.Gadget
jnitrace -l * -R localhost
jnitrace -l * -R localhost:27042
jnitrace -l * -R 127.0.0.1:27042
jnitrace -l * -R 127.0.0.1
None are working.
If I tried to run:
frida --codeshare chame1eon/jnitrace -R Gadget
It works but the output is a little messy and prefer using the python wrapper of jnitrace instead.
Any idea how to make it work?
Thank you.
'runtime' is an invalid keyword argument
Hi, when I use jnitrace, it told me below errors
frida version:12.2.6
jnitrace version:3.0.7
android version: 4.4.2(kitkat) arm emulator
jnitrace -l xx.so com.xxx
Traceback (most recent call last):
File "/usr/local/bin/jnitrace", line 8, in
sys.exit(main())
File "/usr/local/lib/python3.6/site-packages/jnitrace/jnitrace.py", line 552, in main
script = session.create_script(jscode, runtime="v8")
File "/usr/local/lib/python3.6/site-packages/frida/core.py", line 148, in create_script
return Script(self._impl.create_script(*args, **kwargs))
TypeError: 'runtime' is an invalid keyword argument for this function
Error: abort was called
Hello. I am new in studying your toolkit. Thank you for developing such interesting tool.
Together with frida you can do everything you want:)
I've got an error. The log and error below. The app doesn't starts. Is it because of unity libs?
Tried frida 12.8.20 and last 12.9.3.
Thanks. Waiting for reply:)
Also I'd like to suggest to add an argument :)
-el <regex> - is used to specify library names that should be ignored in the trace.
This can be helpful for reducing the noise in particularly large JNI apps.
The option can be supplied multiple times.
For example, -el testLib1.so -el testLib2.so would exclude from the results all JNI method names that contained in this libs.
jnitrace -l * -m spawn com.boundless.jawaker
(https://play.google.com/store/apps/details?id=com.boundless.jawaker&hl=en)
Tracing. Press any key to quit...
/* TID 7713 */
124 ms [+] JavaVM->GetEnv
124 ms |- JavaVM* : 0x7df82c8cc0
124 ms |- void** : 0x7fceef5190
124 ms |: 0x7df82e8460
124 ms |- jint : 65542
124 ms |= jint : 0
124 ms ----------------------------------Backtrace----------------------------------
124 ms |-> 0x7dd6112960: JNI_OnLoad+0x3c (libqti_performance.so:0x7dd6111000)
/* TID 7713 */
199 ms [+] JNIEnv->FindClass
199 ms |- JNIEnv* : 0x7df82e8460
199 ms |- char* : 0x7dd6113764
199 ms |: com/qualcomm/qti/Performance
199 ms |= jclass : 0x85 { com/qualcomm/qti/Performance }
199 ms ----------------------------------------Backtrace----------------------------------------
199 ms |-> 0x7e7cba0484: jniRegisterNativeMethods+0x40 (libnativehelper.so:0x7e7cb9e000)
/* TID 7713 */
204 ms [+] JNIEnv->RegisterNatives
204 ms |- JNIEnv* : 0x7df82e8460
204 ms |- jclass : 0x85 { com/qualcomm/qti/Performance }
204 ms |- JNINativeMethod* : 0x7dd6131008
204 ms |: 0x7dd61129f0 - native_perf_lock_acq(II[I)I
204 ms |: 0x7dd6112abc - native_perf_lock_rel(I)I
204 ms |: 0x7dd6112ad8 - native_perf_hint(ILjava/lang/String;II)I
204 ms |: 0x7dd6112b90 - native_perf_get_feedback(ILjava/lang/String;)I
204 ms |: 0x7dd6112c24 - native_perf_io_prefetch_start(ILjava/lang/String;Ljava/lang/String;)I
204 ms |: 0x7dd6112e58 - native_perf_io_prefetch_stop()I
204 ms |: 0x7dd6112f80 - native_perf_uxEngine_events(IILjava/lang/String;I)I
204 ms |: 0x7dd6113154 - native_perf_uxEngine_trigger(I)Ljava/lang/String;
204 ms |- jint : 8
204 ms |= jint : 0
204 ms ----------------------------------------Backtrace----------------------------------------
204 ms |-> 0x7e7cba04e0: jniRegisterNativeMethods+0x9c (libnativehelper.so:0x7e7cb9e000)
/* TID 7713 */
213 ms [+] JNIEnv->DeleteLocalRef
213 ms |- JNIEnv* : 0x7df82e8460
213 ms |- jobject : 0x85
213 ms ----------------------------------------Backtrace----------------------------------------
213 ms |-> 0x7e7cba0534: jniRegisterNativeMethods+0xf0 (libnativehelper.so:0x7e7cb9e000)
/* TID 7713 */
432 ms [+] JavaVM->AttachCurrentThread
432 ms |- JavaVM* : 0x7df82c8cc0
432 ms |- void** : 0x7fceef4ca8
432 ms |: 0x7df82e8460
432 ms |- void* : 0x0
432 ms |= jint : 0
432 ms ----------------------------Backtrace----------------------------
432 ms |-> 0x7dd54e1858: JNI_OnLoad+0x1c (libmain.so:0x7dd54e1000)
/* TID 7713 */
437 ms [+] JNIEnv->FindClass
437 ms |- JNIEnv* : 0x7df82e8460
437 ms |- char* : 0x7dd54e1b28
437 ms |: com/unity3d/player/NativeLoader
437 ms |= jclass : 0x91 { com/unity3d/player/NativeLoader }
437 ms ----------------------------Backtrace----------------------------
437 ms |-> 0x7dd54e1870: JNI_OnLoad+0x34 (libmain.so:0x7dd54e1000)
/* TID 7713 */
443 ms [+] JNIEnv->RegisterNatives
443 ms |- JNIEnv* : 0x7df82e8460
443 ms |- jclass : 0x91 { com/unity3d/player/NativeLoader }
443 ms |- JNINativeMethod* : 0x7dd54f1fa0
443 ms |: 0x7dd54e18cc - load(Ljava/lang/String;)Z
443 ms |: 0x7dd54e1a9c - unload()Z
443 ms |- jint : 2
443 ms |= jint : 0
443 ms ----------------------------Backtrace----------------------------
443 ms |-> 0x7dd54e1894: JNI_OnLoad+0x58 (libmain.so:0x7dd54e1000)
/* TID 7713 */
453 ms [+] JNIEnv->GetStringUTFLength
453 ms |- JNIEnv* : 0x7df82e8460
453 ms |- jstring : 0x7fceef5668
453 ms |= jsize : 66
453 ms -----------------------------Backtrace-----------------------------
453 ms |-> 0x7dd54e1904: libmain.so!0x904 (libmain.so:0x7dd54e1000)
/* TID 7713 */
457 ms [+] JNIEnv->GetStringUTFChars
457 ms |- JNIEnv* : 0x7df82e8460
457 ms |- jstring : 0x7fceef5668
457 ms |- jboolean* : 0x0
457 ms |= char* : 0x7df823b750
457 ms -----------------------------Backtrace-----------------------------
457 ms |-> 0x7dd54e1930: libmain.so!0x930 (libmain.so:0x7dd54e1000)
/* TID 7713 */
462 ms [+] JNIEnv->ReleaseStringUTFChars
462 ms |- JNIEnv* : 0x7df82e8460
462 ms |- jstring : 0x7df823b750
462 ms |- char* : 0x7df823b750
462 ms |: /data/app/com.boundless.jawaker-h3IBeFROAGcy8xvbmPRpuw==/lib/arm64
462 ms -----------------------------Backtrace-----------------------------
462 ms |-> 0x7dd54e195c: libmain.so!0x95c (libmain.so:0x7dd54e1000)
/* TID 7713 */
466 ms [+] JNIEnv->GetJavaVM
466 ms |- JNIEnv* : 0x7df82e8460
466 ms |- JavaVM** : 0x7fceef4a00
466 ms |: 0x7df82c8cc0
466 ms |= jint : 0
466 ms -----------------------------Backtrace-----------------------------
466 ms |-> 0x7dd54e197c: libmain.so!0x97c (libmain.so:0x7dd54e1000)
ERROR: {'type': 'error', 'description': 'Error: abort was called', 'stack': 'Error: abort was called\n at InvocationContext. (node_modules/jnitrace-engine/dist/jni/jni_env_interceptor.js:260:23)', 'fileName': 'node_modules/jnitrace-engine/dist/jni/jni_env_interceptor.js', 'lineNumber': 260, 'columnNumber': 23}
App crashing - Tracing. Press any key to quit...
Hi, I have been experiencing problems with jnitrace. Meanwhile, thank you for developing this great tool 🥇
Workspace:
- macbook chip m2
- Android Studio AVD Emulator (API 26 to 29 tested)
- frida, frida-tools and frida-server 16.1.0
- jnitrace 3.3.1
Tested App:
ViewerJNI from Google Drive Folder
You can also find a PoC, youtube video, here
My scenario:
run: jnitrace -l libnative-lib.so com.example.viewerjni and tools reply with: Tracing. Press any key to quit...
In the same time, app open and crash.
Logcat stacktrace info:
[...]
library "/vendor/lib64/egl/libGLESv1_CM_emulation.so" ("/vendor/lib64/egl/libGLESv1_CM_emulation.so") needed or dlopened by "/memfd:frida-agent-64.so (deleted)" is not accessible for the namespace: [name="(default)", ld_library_paths="", default_library_paths="/system/lib64", permitted_paths="/system/lib64/drm:/system/lib64/extractors:/system/lib64/hw:/system/product/lib64:/system/framework:/system/app:/system/priv-app:/vendor/framework:/vendor/app:/vendor/priv-app:/odm/framework:/odm/app:/odm/priv-app:/oem/app:/system/product/framework:/system/product/app:/system/product/priv-app:/data:/mnt/expand"]
[...]
Android/sdk_gphone_arm64/generic_arm64:9/PSR1.210301.009.B6/9767327:userdebug/dev-keys
[...]
channel 'dd8ad63 com.example.viewerjni/com.example.viewerjni.MainActivity (server)' ~ Channel is unrecoverably broken
how to use frida to watch va_list
JNI函数中会存在变长参数,大概看了一下应该处理为pointer
但是具体怎么处理,取得这里面的值的,还请大佬科普一下 /xk
" -m attach" can't trace and " -m spawn" trace error
apk download link:
http://dl.pddpic.com/android_dev/2020-04-28/d6b12f09b516007981b0ae328f700747.apk
Test command line 1:
jnitrace -l libPddSecure.so -i Call.* -m attach com.xunmeng.pinduoduo
There is no output
Tracing. Press any key to quit...
Test command line 2:
jnitrace -l libPddSecure.so -i Call.* com.xunmeng.pinduoduo
Output error
`
39302 ms [+] JNIEnv->CallObjectMethod
39302 ms |- JNIEnv* : 0xd4ed33e0
39302 ms |- jobject : 0x79 { android/util/DisplayMetrics }
39302 ms |- jmethodID : 0x6f7bafc4 { getPublicKey()Ljava/security/PublicKey; }
39302 ms |= jobject : 0x91 { java/security/PublicKey }
`
DisplayMetric has no method named getPublicKey
How to load jnitrace-engine scripts when running jnitrace
Hello,
I've read through the readme files, but I'm still not sure how to load jnitrace-engine scripts when running jnitrace.
(I'm quite new to frida and jnitrace.)
Initially I thought the jnitrace-engine script would work in the same way as frida scripts, so I tried
jnitrace -l libnative-lib.so com.example.myapplication -a path/to/jnitrace-engine-script.js
but it didn't seem to work. (where the content of jnitrace-engine-script.js is exactly same as the simple usage example in the docs)
Could you give some more details about this?
Thank you :)
unable to attach the target
Device: Google Nexus 5
Frida-server:frida-server-12.6.13-android-arm
frida:12.6.13
frida-tools:2.0.2
Application: just a helloworld
Stack Trace:
C:\Users\YueLuo>jnitrace -l * com.yueluo.bkpttest -m attach
Traceback (most recent call last):
File "c:\users\yueluo\appdata\local\programs\python\python37-32\lib\runpy.py", line 193, in _run_module_as_main
"__main__", mod_spec)
File "c:\users\yueluo\appdata\local\programs\python\python37-32\lib\runpy.py", line 85, in _run_code
exec(code, run_globals)
File "C:\Users\YueLuo\AppData\Local\Programs\Python\Python37-32\Scripts\jnitrace.exe\__main__.py", line 9, in <module>
File "c:\users\yueluo\appdata\local\programs\python\python37-32\lib\site-packages\jnitrace\jnitrace.py", line 491, in main
session = device.attach(device.attach(args.target))
File "c:\users\yueluo\appdata\local\programs\python\python37-32\lib\site-packages\frida\core.py", line 110, in attach
return Session(self._impl.attach(self._pid_of(target)))
File "c:\users\yueluo\appdata\local\programs\python\python37-32\lib\site-packages\frida\core.py", line 128, in _pid_of
return self.get_process(target).pid
File "c:\users\yueluo\appdata\local\programs\python\python37-32\lib\site-packages\frida\core.py", line 68, in get_process
process_name_lc = process_name.lower()
AttributeError: 'Session' object has no attribute 'lower'
I have fixed this problem by simply change
jni.py
#487 to
device = frida.get_usb_device(3)
pid = device.spawn([args.target])
if args.inject_method == "spawn":
session = device.attach(pid)
else:
session = device.attach(args.target)the issuse seems like the lastest frida has changed their api, but I know shit about frida, so I'm not sure how to completely fix this problem on all frida versions.
argument of type 'NoneType' is not iterable
Traceback (most recent call last):
File "/Users/anaconda3/env/lib/python3.6/site-packages/frida-12.6.11-py3.6-macosx-10.6-intel.egg/frida/core.py", line 298, in _on_message
callback(message, data)
File "/Users/anaconda3/envs//lib/python3.6/site-packages/jnitrace/jnitrace.py", line 438, in on_message
self._print_backtrace(payload["backtrace"])
File "/Users/anaconda3/envs/lib/python3.6/site-packages/jnitrace/jnitrace.py", line 288, in _print_backtrace
max_len, max_name, size = self._calculate_backtrace_lengths(backtrace)
File "/Users/anaconda3/envs/lib/python3.6/site-packages/jnitrace/jnitrace.py", line 270, in _calculate_backtrace_lengths
b_t["module"]["name"], b_t["symbol"]["name"]
File "/Users/anaconda3/envs/lib/python3.6/site-packages/jnitrace/jnitrace.py", line 242, in _create_backtrace_symbol
if "+" not in symbol_name:
TypeError: argument of type 'NoneType' is not iterable
“jntrace -l *” unrecognized arguments
如果是使用多so文件的时候,用法是-l xxx1.so -l xx2.so,但是如果用jnitrace -l *时,就变成了jnitrace -l xxx1.so xxx2.so,就会出现jnitrace: error: unrecognized arguments,应该要改为判断-l 后面的参数都作为参数才对
Is there an implementation library for C++?
I hope to implement it with C++ & and inlinehook
jnitrace blank response
c:\adb>jnitrace -l libsc.so com.exampleapp.android
Tracing. Press any key to quit...
Traced library "libsc.so" loaded from path "/data/app/com.exampleapp.android-1/lib/arm".
Why i can't grab any information?
Thanks.
frida error
jnitrace -l lib.so application -R 127.0.0.1:21042
frida.NotSupportedError: unable to spawn other apps when embedded
the err and break whta happend?
ERROR: {'type': 'error', 'description': "TypeError: cannot read property 'fridaParams' of undefined", 'stack': "TypeError: cannot read property 'fridaParams' of undefined\n at (node_modules/jnitrace-engine/dist/jni/jni_env_interceptor.js:170)", 'fileName': 'node_modules/jnitrace-engine/dist/jni/jni_env_interceptor.js', 'lineNumber': 170, 'columnNumber': 1}
How to install specific version with frida?
For example I'm using frida 12.8.0 family bucket, which version should I get to use?
Not work / empty response
F:\Temp>jnitrace -l * com.example.oaidtest2
Tracing. Press any key to quit...
Neither emulator(android 12.0) nor real phone (android 8.1)
TypeError: cannot read property 'threadId' of undefined"
then app crash....
Unable to intercept function
Hi, I got an error when using jnitrace :
ERROR: {'type': 'error', 'description': 'Error: unable to intercept function at 0x7a833a1000; please file a bug', 'stack': 'Error: unable to intercept function at 0x7a833a1000; please file a bug\n at value (frida/runtime/core.js:315)\n at create (node_modules/jnitrace-engine/dist/jni/jni_env_interceptor.js:39)\n at <anonymous> (node_modules/jnitrace-engine/dist/jni/java_vm_interceptor.js:45)', 'fileName': 'frida/runtime/core.js', 'lineNumber': 315, 'columnNumber': 1}
And at the same time, the app crashed,
? A/OpenGLRenderer: Failed to choose config, error = EGL_SUCCESS
--------- beginning of crash
? A/libc: Fatal signal 6 (SIGABRT), code -6 in tid 19594 (RenderThread), pid 19492 (on_test.xxx)
? I/crash_dump64: obtaining output fd from tombstoned, type: kDebuggerdTombstone
? I//system/bin/tombstoned: received crash request for pid 19492
? I/crash_dump64: performing dump of process 19492 (target tid = 19594)
? A/DEBUG: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
? A/DEBUG: Build fingerprint: 'google/walleye/walleye:8.1.0/OPM4.171019.021.Q1/4820346:user/release-keys'
? A/DEBUG: Revision: 'MP1'
? A/DEBUG: ABI: 'arm64'
? A/DEBUG: pid: 19492, tid: 19594, name: RenderThread >>> com.xxx.test <<<
? A/DEBUG: signal 6 (SIGABRT), code -6 (SI_TKILL), fault addr --------
? A/DEBUG: Abort message: 'Failed to choose config, error = EGL_SUCCESS'
? A/DEBUG: x0 0000000000000000 x1 0000000000004c8a x2 0000000000000006 x3 0000007a6732d770
? A/DEBUG: x4 0000000000000000 x5 0000000000000000 x6 0000000000000000 x7 7f7f7f7f7f7f7f7f
? A/DEBUG: x8 00000000000000f0 x9 8f7d662b3a37c327 x10 8f7d662b3a37c327 x11 0000000000000001
? A/DEBUG: x12 0000007a6732d4b8 x13 0000007b0def1ff0 x14 0000000000000100 x15 0000007a6732d368
? A/DEBUG: x16 0000000000000000 x17 0000007b0c1ee52c x18 cf2f6f00bcb045f8 x19 0000007a6732d770
? A/DEBUG: x20 0000000000004c24 x21 0000007a6732d770 x22 0000000000000000 x23 0000007a6732d4b8
? A/DEBUG: x24 0000000000004cec x25 0000000000000062 x26 0000007a6732f588 x27 0000000000000000
? A/DEBUG: x28 0000000000000001 x29 0000007a6732d3c0 x30 0000007b0df580a0
? A/DEBUG: sp 0000007a6732d3b0 pc 0000007b0dfcce00 pstate 0000000000000000
? A/DEBUG: backtrace:
? A/DEBUG: #00 pc 000000000009de00 /system/bin/linker64 (__dl_syscall+32)
? A/DEBUG: #01 pc 000000000002909c /system/bin/linker64 (__dl__ZL13resend_signalP7siginfob+96)
? A/DEBUG: #02 pc 0000000000028f4c /system/bin/linker64 (__dl__ZL24debuggerd_signal_handleriP7siginfoPv+1180)
? A/DEBUG: #03 pc 00000000001b1c30 /data/local/tmp/re.frida.server/frida-agent-64.so
Please help me to resolve it, thanks.
安装了jnitrace,却提示commond no found
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.