Android Frida ProcessNotFoundError error when trying to attach to a process

Question

I've installed frida according to the official page installation guide and downloaded frida-server-16.1.5-android-x86_64 from their github release pages and placed in the /data/local/tmp/ directory of my android 9.0 vm (x86_64 VM running through virt-manager). Even after running the frida-server as root and running this sample script to try to attach to a process I keep having this error.

import frida

def on_message(message, _data):
    if message['type'] == 'send':
        print(f"Syscall: {message['payload']}")

def trace_syscalls(target_process):
    session = frida.attach(target_process)
    session.on('message', on_message)
    session.detach() 

if __name__ == '__main__':
    target_process = 17772 
    # target_process = 'owasp.mstg.uncrackable2' 
    # target_process = 'Uncrackable Level 2' 
    trace_syscalls(target_process)

I'm sure both the process name and pid are correct. The errors are

frida.ProcessNotFoundError: unable to find process with pid 17772

when I try with PID or

frida.ProcessNotFoundError: unable to find process with name 'owasp.mstg.uncrackable2'

frida.ProcessNotFoundError: unable to find process with name 'Uncrackable Level 2'

when I try with process name (returned from frida-ps -Ua)

Output of frida-trace -U -N owasp.mstg.uncrackable2:

$ frida-trace -U -N owasp.mstg.uncrackable2
Started tracing 0 functions. Press Ctrl+C to stop.                      
Process terminated

Outputs nothing, even when I use the app, it remains like that until I close the process. Also there is only this android device connected through ADB.

The frida-tools package from pip is version 12.3.0, the most recent from pip. And the frida-server is 16.1.5 the most recent from their git repo. What can be causing this and how to solve it? Thanks in advance.

Answer 1

The problem is your Python code. You directly call frida.attach(target_process). THow should Frida know the process to be hooked is running inside the VM? By this call Frida will try to find the process by it's pid on the host machine and not inside the VM and as this doesn't work you get an frida.ProcessNotFoundError.

You first have to establish connection to the VM. As it is a virtual Android device with adb support the VM works like a USB device. Therefore this code will help you to hook the Android app:

package_name = "owasp.mstg.uncrackable2"
device = frida.get_usb_device()
pid = None
for a in device.enumerate_applications():
    if a.identifier == package_name:
        pid = a.pid
        break

session = device.attach(pid)