[求助]请问下这是fridaBUG吗?-求助问答-看雪-安全社区|安全招聘|kanxue.com

[求助]请问下这是fridaBUG吗?

2023-12-18 16:47 2011

[求助]请问下这是fridaBUG吗?

黑色刺客

2023-12-18 16:47

2011

当前环境:

1	`pixel6 android13`

pip3.9 list | findstr frida
frida                   16.1.8
frida-tools             12.3.0
 
pip3.9 list | findstr objection
objection               1.11.0

============================
com.android.art版本:

cat /apex/apex-info-list.xml | grep android.art

<apex-info moduleName="com.android.art" modulePath="/data/apex/decompressed/com.android.art@331012050.decompressed.apex" preinstalledModulePath="/system/apex/com.google.android.art.apex" versionCode="331012050" versionName="" isFactory="true" isActive="true" lastUpdateMillis="1673655934" provideSharedApexLibs="false">

=======================================================
报错:

objection --debug -g 25501 explore
[debug] Agent path is: c:\python39\lib\site-packages\objection\agent.js
[debug] Injecting agent...
Using USB device Pixel 6
[debug] Attempting to attach to process: 25501
[debug] Process attached!
Agent injected and responds ok!
Traceback (most recent call last):
File "C:\python39\Scripts\objection-script.py", line 33, in
 
[incoming message] ------------------
sys.exit(load_entry_point('objection==1.11.0', 'console_scripts', 'objection')())
File "c:\python39\lib\site-packages\click\core.py", line 1157, in call
"process-terminated"
 
[./incoming message] ----------------
return self.main(*args, **kwargs)
File "c:\python39\lib\site-packages\click\core.py", line 1078, in main
(session detach message) process-terminated
(process crash report)
rv = self.invoke(ctx)
File "c:\python39\lib\site-packages\click\core.py", line 1688, in invoke
 
  *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'google/oriole/oriole:13/TQ1A.230205.002/9471150:user/release-keys'
Revision: 'MP1.0'
ABI: 'arm'
Timestamp: 2023-12-17 23:17:55.220917676+0800
Process uptime: 17s
Cmdline: com.test.test1
pid: 25501, tid: 25736, name: Thread-21 >>> com.test.test1 <<<
uid: 10250
signal 7 (SIGBUS), code 1 (BUS_ADRALN), fault addr 0xae5446d4
Abort message: 'Check failed: old_state_and_flags.GetState() != ThreadState::kRunnable (old_state_and_flags.GetState()=Runnable, ThreadState::kRunnable=Runnable) Native Thread[2,tid=25736,Runnable,Thread*=0xe50cee10,peer=0x12c80000,"Thread-21"] Thread[2,tid=25736,Runnable,Thread*=0xe50cee10,peer=0x12c80000,"Thread-21"]'
r0 ae5446d4 r1 00006788 r2 00000000 r3 00000004
r4 00000074 r5 eb24df50 r6 eb24df30 r7 00000000
r8 ae5446ec r9 ae544774 r10 00012d08 r11 00000002
ip 80000000 sp ae5446bc lr e5ad1dc3 pc e5ac677e
backtrace:
#00 pc 0003a77e /apex/com.android.art/lib/libunwindstack.so (unwindstack::ElfInterfaceImplunwindstack::ElfTypes32::ReadProgramHeaders(elf32_hdr const&, long long*)+202) (BuildId: f29bfabf148ca0daaf83fecdc9fc13a8)
#1 pc 00039f43 /apex/com.android.art/lib/libunwindstack.so (unwindstack::ElfInterfaceImplunwindstack::ElfTypes32::ReadAllHeaders(long long*)+70) (BuildId: f29bfabf148ca0daaf83fecdc9fc13a8)
#2 pc 0003cf67 /apex/com.android.art/lib/libunwindstack.so (unwindstack::ElfInterfaceArm::Init(long long*)+6) (BuildId: f29bfabf148ca0daaf83fecdc9fc13a8)
#3 pc 000384ed /apex/com.android.art/lib/libunwindstack.so (unwindstack::Elf::Init()+48) (BuildId: f29bfabf148ca0daaf83fecdc9fc13a8)
#4 pc 00041773 /apex/com.android.art/lib/libunwindstack.so (unwindstack::MapInfo::GetElf(std::__1::shared_ptrunwindstack::Memory const&, unwindstack::ArchEnum)+914) (BuildId: f29bfabf148ca0daaf83fecdc9fc13a8)
#5 pc 0004f91b /apex/com.android.art/lib/libunwindstack.so (unwindstack::Unwinder::Unwind(std::__1::vector<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator > > > const*, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator > > > const*)+794) (BuildId: f29bfabf148ca0daaf83fecdc9fc13a8)
#6 pc 00008db9 /apex/com.android.art/lib/libbacktrace.so (Backtrace::Unwind(unwindstack::Regs*, BacktraceMap*, std::__1::vector<backtrace_frame_data_t, std::__1::allocator<backtrace_frame_data_t> >, unsigned int, std::__1::vector<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator >, std::__1::allocator<std::__1::basic_string<char, std::__1::char_traits, std::__1::allocator > > >, BacktraceUnwindError*)+276) (BuildId: 19a68c50e4551fee645fec7b71780e64)
#7 pc 00009419 /apex/com.android.art/lib/libbacktrace.so (UnwindStackCurrent::UnwindFromContext(unsigned int, void*)+280) (BuildId: 19a68c50e4551fee645fec7b71780e64)
#8 pc 004b3185 /apex/com.android.art/lib/libart.so (art::DumpNativeStack(std::__1::basic_ostream<char, std::__1::char_traits >&, int, BacktraceMap*, char const*, art::ArtMethod*, void*, bool)+68) (BuildId: 8a3405190074d955145af6042a9f3658)
#9 pc 00503599 /apex/com.android.art/lib/libart.so (art::Thread::DumpStack(std::__1::basic_ostream<char, std::__1::char_traits >&, bool, BacktraceMap*, bool) const+136) (BuildId: 8a3405190074d955145af6042a9f3658)
#10 pc 0033f053 /apex/com.android.art/lib/libart.so (art::Thread::Dump(std::__1::basic_ostream<char, std::__1::char_traits >&, bool, BacktraceMap*, bool) const+34) (BuildId: 8a3405190074d955145af6042a9f3658)
#11 pc 0050a823 /apex/com.android.art/lib/libart.so (art::DumpCheckpoint::Run(art::Thread*)+166) (BuildId: 8a3405190074d955145af6042a9f3658)
#12 pc 0024b19f /apex/com.android.art/lib/libart.so (art::ThreadList::Dump(std::__1::basic_ostream<char, std::__1::char_traits >&, bool)+1090) (BuildId: 8a3405190074d955145af6042a9f3658)
#13 pc 004f0a05 /apex/com.android.art/lib/libart.so (art::AbortState::Dump(std::__1::basic_ostream<char, std::__1::char_traits >&) const+124) (BuildId: 8a3405190074d955145af6042a9f3658)
#14 pc 004eafd3 /apex/com.android.art/lib/libart.so (art::Runtime::Abort(char const*)+1202) (BuildId: 8a3405190074d955145af6042a9f3658)
return _process_result(sub_ctx.command.invoke(sub_ctx))
File "c:\python39\lib\site-packages\click\core.py", line 1434, in invoke
 
return ctx.invoke(self.callback, **ctx.params)
File "c:\python39\lib\site-packages\click\core.py", line 783, in invoke
return __callback(*args, **kwargs)
File "c:\python39\lib\site-packages\objection\console\cli.py", line 156, in explore
device_info = get_device_info()
File "c:\python39\lib\site-packages\objection\commands\device.py", line 41, in get_device_info
package_info = api.env_android()
File "c:\python39\lib\site-packages\frida\core.py", line 179, in method
return script._rpc_request("call", js_name, args, **kwargs)
File "c:\python39\lib\site-packages\frida\core.py", line 86, in wrapper
return f(*args, **kwargs)
File "c:\python39\lib\site-packages\frida\core.py", line 491, in _rpc_request
raise result.error
frida.InvalidOperationError: script has been destroyed
Asking jobs to stop...
Unloading objection agent...
[debug] Calling unload()
Unable to run cleanups: script is destroyed

[CTF入门培训]顶尖高校博士及硕士团队亲授《30小时教你玩转CTF》，视频+靶场+题目！助力进入CTF世界

最后于 2023-12-18 16:48 被黑色刺客编辑，原因：

收藏・0

点赞・0

打赏

最新回复 (2)
黑色刺客雪币： 0 活跃值： (309) 能力值： ( LV2，RANK：10 ) 在线值：发帖 29 回帖 115 粉丝 1 关注私信	黑色刺客 2023-12-18 18:08 2 楼 0 看起来很像这2个里面提到的ClassLinker偏移问题,但是很奇怪的是有些APK可以,有些APK不行 https://github.com/frida/frida/issues/2254 https://github.com/frida/frida/issues/2176
黑色刺客雪币： 0 活跃值： (309) 能力值： ( LV2，RANK：10 ) 在线值：发帖 29 回帖 115 粉丝 1 关注私信	黑色刺客 2023-12-18 19:32 3 楼 0 已解决。刷成最新版UQ1A.231205.015就行了
	游客登录 \| 注册方可回帖　回帖　表情雪币赚取及消费高级回复