TechQA.

Frida server not enough privileges

15.9k views Asked by At

Im running Android within an Anbox setup, I downloaded the frida-server version for Anbox the android-x86_64.

I followed this steps

adb push frida-server-12.11.18-android-x86_64
 /data/local/tmp/
adb shell "chmod 755 /data/local/tmp/frida-server-12.11.18-android-x86_64
"
adb shell "/data/local/tmp/frida-server-12.11.18-android-x86_64
 &"

Ok now comes my issue if I try to

# frida-ps -Uai
Failed to enumerate applications: unable to find process with name 'system_server'

But without the ai works, the problem is that does not have visibility of running applications

frida-ps -U
 PID  Name
----  ------------------------------------
2333  frida-server-12.11.18-android-x86_64
1571  logcat
2335  logcat
  48  sh

My guess is that this is related to permissions of the frida-server running inside the Anbox, I have tried to launch it as root but it crashes the whole environment.

x86_64:/data/local/tmp $ ls -ll                                                                                                                       
total 110648
-rwxr-xr-x 1 u1_root u1_root 56645256 2020-10-15 16:11 frida-server-12.11.18-android-x86_64
drwxr-xr-x 2 root    root        4096 2020-10-17 07:41 re.frida.server

Any clue on how to give visibility to the frida-server ?

android reverse-engineering frida
Original Q&A
2

There are 2 answers

0
Mohamed Farouk On

You have to be a sudo user

Note: Make sure Frida-Server is the same version as your Frida install. You can safely run a newer version on the host side though, as long as the major version is the same.

Tested

user@user:~$ adb push frida-server /data/local/tmp/frida-server
user@user:~$ adb shell
x86_64:/ $ su
x86_64:/ # chmod 777 ./data/local/tmp/frida-server
x86_64:/ # ./data/local/tmp/frida-server
2
Lior Neumann On

After debugging this issue today I have discovered that frida-agent-32.so causes zygote to crash for some reason. After zygote crashes Anbox immediately crashes as well.

Because I am lazy, I have decided to look for a workaround instead of fixing this bug. After trial and error I have found that this bug is not present in the 64 bit version of the agent (frida-agent-64.so). Therefore, after disabling 32 bit agent Frida can still inject and execute every 64 bit or libhoudini (arm/arm64) app.

In order to prevent frida-server from injecting the agent to zygote (32 bit) I have simply modified two lines, see the last commit.

If you want to avoid the hassle of compiling frida-server yourself you can just use my compiled version.

Related Questions in ANDROID

Related Questions in REVERSE-ENGINEERING

Related Questions in FRIDA

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions