script_error_android10 #227
Comments
|
I can reproduce it too > r2 frida://spawn/usb//com.android.chrome
DetachReason: FRIDA_SESSION_DETACH_REASON_PROCESS_TERMINATED
CrashReport: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'xiaomi/jasmine/jasmine_sprout:10/QKQ1.190910.002/V11.0.6.0.QDIMIXM:user/release-keys'
Revision: '0'
ABI: 'arm'
Timestamp: 2020-05-01 13:10:42-0400
pid: 21406, tid: 21428, name: Thread-2 >>> com.android.chrome <<<
uid: 10063
signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xc6166100 (*pc=0x71b4f500)
r0 bfe3b980 r1 00000008 r2 00000004 r3 d7347c50
r4 d7347c58 r5 00000004 r6 00000008 r7 bfe3b970
r8 bfe3bc10 r9 de1c9100 r10 de083838 r11 c61df10b
ip 40000000 sp bfe3b8d0 lr 00000539 pc c6166100
backtrace:
#00 pc 00124100 /data/local/tmp/re.frida.server/frida-agent-32.so |
|
i've tracked down the issue to get the frida reproducer. The crash happens when trying to read 4 bytes at address 8, you can get the same crash like this: So it's an issue in frida server's Exceptor for android/thumb. From the r2frida side i did a workaround that is now available on master. Run r2 like this: |
|
I'm closing the issue because that's a bug in Frida and we have a workaround in r2frida Follow the frida bug in frida/frida-gum#422 |
|
Like this command "R2FRIDA_SAFE_IO=1 r2 frida://usb//31483"? But there is still errors. backtrace: Target process terminated |
|
Please try again, i found a bug in my workaround tha tmaybe was the reason for your crash. |
|
I have tried many times as your workaround. All results are the same as I descriptions above. I have tried chrome, wechat and qq. But I have tried command "" r2 -d frida://ec4f9ac17ce5/com.xingin.xhs" ,It works fine. |
|
without the workaround doing In my case im using Frida 12.8.20 in the agent side. as a reminder if you do frida://usb//(pid|procname) you dont have to type the deviceid ebcause it will take the first usb device it found |
|
@enovella can you try to repro after my fix?
… On 2 May 2020, at 11:58, 18345093167 ***@***.***> wrote:
I have tried many times. All results are the same as I descriptions above. I have tried chrome, wechat and qq.
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub <#227 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/AAG75FVFEDMJMDTDGFUUFB3RPPVDPANCNFSM4MT4QMUA>.
|
burning@burning-RedmiBook-14-APCS:~$ r2 frida://BH93001BDE/com.android.chrome
DetachReason: FRIDA_SESSION_DETACH_REASON_PROCESS_TERMINATED
CrashReport: *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint: 'KDDI/SOV39_jp_kdi/SOV39:10/52.1.C.0.217/052001C000021700726438165:userdebug/dev-keys'
Revision: '0'
ABI: 'arm'
Timestamp: 2020-04-30 01:25:41+0900
pid: 8225, tid: 16459, name: Thread-4 >>> com.android.chrome <<<
uid: 10272
signal 4 (SIGILL), code 1 (ILL_ILLOPC), fault addr 0xb667b0f8 (*pc=0x71b4f500)
r0 b9f8f980 r1 00000008 r2 00000004 r3 d37166b0
r4 d37166b8 r5 00000004 r6 00000008 r7 b9f8f970
r8 b9f8fc10 r9 d3706100 r10 d3596018 r11 b66f402b
ip 40000000 sp b9f8f8d0 lr 00000539 pc b667b0f8
backtrace:
#00 pc 001240f8 /data/local/tmp/re.frida.server/frida-agent-32.so
Target process terminated
error: Script is destroyed
The text was updated successfully, but these errors were encountered: