[求助]请问下这是fridaBUG吗?-求助问答-看雪-安全社区|安全招聘|kanxue.com

未解决 [求助]请问下这是fridaBUG吗?

发表于: 2023-12-18 16:47 2653

未解决 [求助]请问下这是fridaBUG吗?

黑色刺客

2023-12-18 16:47

2653

当前环境:

1	`pixel6 android13`

pip3.9 list | findstr frida
frida                   16.1.8
frida-tools             12.3.0
 
pip3.9 list | findstr objection
objection               1.11.0

============================
com.android.art版本:

cat /apex/apex-info-list.xml | grep android.art

<apex-info moduleName="com.android.art" modulePath="/data/apex/decompressed/com.android.art@331012050.decompressed.apex" preinstalledModulePath="/system/apex/com.google.android.art.apex" versionCode="331012050" versionName="" isFactory="true" isActive="true" lastUpdateMillis="1673655934" provideSharedApexLibs="false">

=======================================================
报错:

objection --debug -g 25501 explore
[debug] Agent path is: c:\python39\lib\site-packages\objection\agent.js
[debug] Injecting agent...
Using USB device Pixel 6
[debug] Attempting to attach to process: 25501
[debug] Process attached!
Agent injected and responds ok!
Traceback (most recent call last):
File "C:\python39\Scripts\objection-script.py", line 33, in
 
[incoming message] ------------------
sys.exit(load_entry_point('objection==1.11.0', 'console_scripts', 'objection')())
File "c:\python39\lib\site-packages\click\core.py", line 1157, in call
"process-terminated"
 
[./incoming message] ----------------
return self.main(*args, **kwargs)
File "c:\python39\lib\site-packages\click\core.py", line 1078, in main
(session detach message) process-terminated
(process crash report)
rv = self.invoke(ctx)
File "c:\python39\lib\site-packages\click\core.py", line 1688, in invoke
 
  *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'google/oriole/oriole:13/TQ1A.230205.002/9471150:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm'
Timestamp: 2023-12-17 23:17:55.220917676+0800
Process uptime: 17s
Cmdline: com.test.test1
pid: 25501, tid: 25736, name: Thread-21 >>> com.test.test1 <<<
uid: 10250
signal 7 (SIGBUS), code 1 (BUS_ADRALN), fault addr 0xae5446d4
Abort message: 'Check failed: old_state_and_flags.GetState() != ThreadState::kRunnable (old_state_and_flags.GetState()=Runnable, ThreadState::kRunnable=Runnable) Native Thread[2,tid=25736,Runnable,Thread*=0xe50cee10,peer=0x12c80000,"Thread-21"] Thread[2,tid=25736,Runnable,Thread*=0xe50cee10,peer=0x12c80000,"Thread-21"]'
r0 ae5446d4 r1 00006788 r2 00000000 r3 00000004
r4 00000074 r5 eb24df50 r6 eb24df30 r7 00000000
r8 ae5446ec r9 ae544774 r10 00012d08 r11 00000002
ip 80000000 sp ae5446bc lr e5ad1dc3 pc e5ac677e
backtrace:
#00 pc 0003a77e /apex/com.android.art/lib/libunwindstack.so (unwindstack::ElfInterfaceImplunwindstack::ElfTypes32::ReadProgramHeaders(elf32_hdr const&, long long*)+202) (BuildId: f29bfabf148ca0daaf83fecdc9fc13a8)
#1 pc 00039f43 /apex/com.android.art/lib/libunwindstack.so (unwindstack::ElfInterfaceImplunwindstack::ElfTypes32::ReadAllHeaders(long long*)+70) (BuildId: f29bfabf148ca0daaf83fecdc9fc13a8)
#2 pc 0003cf67 /apex/com.android.art/lib/libunwindstack.so (unwindstack::ElfInterfaceArm::Init(long long*)+6) (BuildId: f29bfabf148ca0daaf83fecdc9fc13a8)
#3 pc 000384ed /apex/com.android.art/lib/libunwindstack.so (unwindstack::Elf::Init()+48) (BuildId: f29bfabf148ca0daaf83fecdc9fc13a8)
#4 pc 00041773 /apex/com.android.art/lib/libunwindstack.so (unwindstack::MapInfo::GetElf(std::__1::shared_ptrunwindstack::Memory const&, unwindstack::ArchEnum)+914) (BuildId: f29bfabf148ca0daaf83fecdc9fc13a8)
#5 pc 0004f91b /apex/com.android.art/lib/libunwindstack.so (unwindstack::Unwinder::Unwind(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator > > > const*, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator > > > const*)+794) (BuildId: f29bfabf148ca0daaf83fecdc9fc13a8)
#6 pc 00008db9 /apex/com.android.art/lib/libbacktrace.so (Backtrace::Unwind(unwindstack::Regs*, BacktraceMap*, std::__1::vector<backtrace_frame_data_t, std::__1::allocator<backtrace_frame_data_t> >, unsigned int, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator > > >, BacktraceUnwindError*)+276) (BuildId: 19a68c50e4551fee645fec7b71780e64)
#7 pc 00009419 /apex/com.android.art/lib/libbacktrace.so (UnwindStackCurrent::UnwindFromContext(unsigned int, void*)+280) (BuildId: 19a68c50e4551fee645fec7b71780e64)
#8 pc 004b3185 /apex/com.android.art/lib/libart.so (art::DumpNativeStack(std::__1::basic_ostream<char, std::__1::char_traits >&, int, BacktraceMap*, char const*, art::ArtMethod*, void*, bool)+68) (BuildId: 8a3405190074d955145af6042a9f3658)
#9 pc 00503599 /apex/com.android.art/lib/libart.so (art::Thread::DumpStack(std::__1::basic_ostream<char, std::__1::char_traits >&, bool, BacktraceMap*, bool) const+136) (BuildId: 8a3405190074d955145af6042a9f3658)
#10 pc 0033f053 /apex/com.android.art/lib/libart.so (art::Thread::Dump(std::__1::basic_ostream<char, std::__1::char_traits >&, bool, BacktraceMap*, bool) const+34) (BuildId: 8a3405190074d955145af6042a9f3658)
#11 pc 0050a823 /apex/com.android.art/lib/libart.so (art::DumpCheckpoint::Run(art::Thread*)+166) (BuildId: 8a3405190074d955145af6042a9f3658)
#12 pc 0024b19f /apex/com.android.art/lib/libart.so (art::ThreadList::Dump(std::__1::basic_ostream<char, std::__1::char_traits >&, bool)+1090) (BuildId: 8a3405190074d955145af6042a9f3658)
#13 pc 004f0a05 /apex/com.android.art/lib/libart.so (art::AbortState::Dump(std::__1::basic_ostream<char, std::__1::char_traits >&) const+124) (BuildId: 8a3405190074d955145af6042a9f3658)
#14 pc 004eafd3 /apex/com.android.art/lib/libart.so (art::Runtime::Abort(char const*)+1202) (BuildId: 8a3405190074d955145af6042a9f3658)
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "c:\python39\lib\site-packages\click\core.py", line 1434, in invoke
 
return ctx.invoke(self.callback, **ctx.params)
File "c:\python39\lib\site-packages\click\core.py", line 783, in invoke
return __callback(*args, **kwargs)
File "c:\python39\lib\site-packages\objection\console\cli.py", line 156, in explore
device_info = get_device_info()
File "c:\python39\lib\site-packages\objection\commands\device.py", line 41, in get_device_info
package_info = api.env_android()
File "c:\python39\lib\site-packages\frida\core.py", line 179, in method
return script._rpc_request("call", js_name, args, **kwargs)
File "c:\python39\lib\site-packages\frida\core.py", line 86, in wrapper
return f(*args, **kwargs)
File "c:\python39\lib\site-packages\frida\core.py", line 491, in _rpc_request
raise result.error
frida.InvalidOperationError: script has been destroyed
Asking jobs to stop...
Unloading objection agent...
[debug] Calling unload()
Unable to run cleanups: script is destroyed

[培训]内核驱动高级班，冲击BAT一流互联网大厂工作，每周日13:00-18:00直播授课

最后于 2023-12-18 16:48 被黑色刺客编辑，原因：

收藏・0

免费・0

支持

最新回复 (2)
黑色刺客雪币： 0 活跃值： (329) 能力值： ( LV2，RANK：10 ) 在线值：发帖 28 回帖 117 粉丝 1 关注私信	黑色刺客 2 楼看起来很像这2个里面提到的ClassLinker偏移问题,但是很奇怪的是有些APK可以,有些APK不行 https://github.com/frida/frida/issues/2254 https://github.com/frida/frida/issues/2176 2023-12-18 18:08 0
黑色刺客雪币： 0 活跃值： (329) 能力值： ( LV2，RANK：10 ) 在线值：发帖 28 回帖 117 粉丝 1 关注私信	黑色刺客 3 楼已解决。刷成最新版UQ1A.231205.015就行了 2023-12-18 19:32 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复

黑色刺客

发帖

117

回帖

RANK

关注

私信

他的文章

关于我们

联系我们

企业服务

看雪公众号

最新回复 (2)
黑色刺客雪币： 0 活跃值： (329) 能力值： ( LV2，RANK：10 ) 在线值：发帖 28 回帖 117 粉丝 1 关注私信	黑色刺客 2 楼看起来很像这2个里面提到的ClassLinker偏移问题,但是很奇怪的是有些APK可以,有些APK不行 https://github.com/frida/frida/issues/2254 https://github.com/frida/frida/issues/2176 2023-12-18 18:08 0
黑色刺客雪币： 0 活跃值： (329) 能力值： ( LV2，RANK：10 ) 在线值：发帖 28 回帖 117 粉丝 1 关注私信	黑色刺客 3 楼已解决。刷成最新版UQ1A.231205.015就行了 2023-12-18 19:32 0
	游客登录 \| 注册方可回帖回帖表情雪币赚取及消费高级回复