Running Java.enumerateClassLoadersSync() while attached to a JVM application results in the following error:
Error: unable to find module 'libc.so'
at value (/frida/runtime/core.js:315)
at Xe (/frida/bridges/java.js:1)
at <anonymous> (/frida/bridges/java.js:1)
at <anonymous> (/frida/bridges/java.js:1)
at Ge (/frida/bridges/java.js:1)
at <anonymous> (/frida/bridges/java.js:1)
at <anonymous> (/frida/bridges/java.js:1)
at Be (/frida/bridges/java.js:1)
at <anonymous> (/frida/bridges/java.js:1)
at On (/frida/bridges/java.js:1)
at build (/frida/bridges/java.js:1)
at _make (/frida/bridges/java.js:8)
at use (/frida/bridges/java.js:8)
at _chooseObjectsJvm (/frida/bridges/java.js:8)
at choose (/frida/bridges/java.js:8)
at choose (/frida/bridges/java.js:8)
at _enumerateClassLoadersJvm (/frida/bridges/java.js:8)
at enumerateClassLoaders (/frida/bridges/java.js:8)
at enumerateClassLoadersSync (/frida/bridges/java.js:8)
at <eval> (<input>:1)
I believe this is caused by the getArtClassSpec() call here:
|
const { vm } = env; |
|
const artClass = getArtClassSpec(vm); |
|
if (artClass !== null) { |
Before 534d8d0 (v7.0.5) getArtClassSpec() would optimistically try to get Android version and return early on any error:
|
export function getArtClassSpec (vm) { |
|
let apiLevel; |
|
try { |
|
apiLevel = getAndroidApiLevel(); |
|
} catch (e) { |
|
return null; |
|
} |
v7.0.5 had the line moved to getArtFieldSpec() while removing catch block. Now as I read it when Frida attempts to determine Android version on a non-Android JVM app (trying to load libc.so which doesn't exist on e.g. Ubuntu/Debian) the above error is no longer ignored, preventing correct operation such as enumerating Java class loaders.
|
export function getArtFieldSpec (vm) { |
|
const apiLevel = getAndroidApiLevel(); |
|
|
|
if (apiLevel >= 23) { |
How to reproduce
Compile and run this sample Java progam (use Java 11 Temurin build as recommended here):
// WaitForKey.java
import java.io.IOException;
public class WaitForKey {
public static void main(String[] args) throws IOException {
System.out.println("Press any key to exit...");
System.in.read();
System.out.println("Exiting.");
}
}jdk-11.0.28+6/bin/javac WaitForKey.java
jdk-11.0.28+6/bin/java WaitForKey
Then in another shell attach with Frida:
and attempt to enumerate class loaders:
Java.enumerateClassLoadersSync()
Workaround
In my case downgrading to the following versions worked:
pip install frida==17.2.11 frida-tools==14.4.1
Running
Java.enumerateClassLoadersSync()while attached to a JVM application results in the following error:I believe this is caused by the
getArtClassSpec()call here:frida-java-bridge/lib/class-model.js
Lines 1305 to 1307 in 9bf86b7
Before 534d8d0 (v7.0.5)
getArtClassSpec()would optimistically try to get Android version and return early on any error:frida-java-bridge/lib/android.js
Lines 958 to 964 in 27a9a6f
v7.0.5 had the line moved to
getArtFieldSpec()while removingcatchblock. Now as I read it when Frida attempts to determine Android version on a non-Android JVM app (trying to load libc.so which doesn't exist on e.g. Ubuntu/Debian) the above error is no longer ignored, preventing correct operation such as enumerating Java class loaders.frida-java-bridge/lib/android.js
Lines 1154 to 1157 in 534d8d0
How to reproduce
Compile and run this sample Java progam (use Java 11 Temurin build as recommended here):
Then in another shell attach with Frida:
and attempt to enumerate class loaders:
Workaround
In my case downgrading to the following versions worked: