Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Frida not work on Mac M1 #1

Open
huan opened this issue Jun 22, 2021 · 3 comments
Open

Frida not work on Mac M1 #1

huan opened this issue Jun 22, 2021 · 3 comments

Comments

@huan
Copy link
Owner

huan commented Jun 22, 2021
edited
Loading

I ran into frida/frida#1578 this week with M1 and frida 14.2.18, and the 14.2.2

$ uname -a
Darwin Huans-Air 20.3.0 Darwin Kernel Version 20.3.0: Thu Jan 21 00:06:51 PST 2021; root:xnu-7195.81.3~1/RELEASE_ARM64_T8101 arm64
$ which python3
/opt/homebrew/bin/python3
$ python3 --version
Python 3.9.5
$ pip3 list | grep frida
frida             14.2.2
frida-tools       9.2.5
$ frida Safari
     ____
    / _  |   Frida 14.2.2 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
Failed to attach: unable to access process with pid 34510 from the current user account
$ frida WeChat
     ____
    / _  |   Frida 14.2.2 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
Failed to attach: process is dead

Update 1: disable SIP

After reading Frida 12.11 Released, I did a disable SIP, I got the following error messages:

  1. Failed to attach: unexpected error while starting thread (set_thread_state returned '(os/kern) protection failure')
  2. Failed to attach: failed to open file “/usr/lib/libSystem.B.dylib”: open() failed: No such file or directory
$ frida Safari
     ____
    / _  |   Frida 14.2.18 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
Failed to attach: unexpected error while starting thread (set_thread_state returned '(os/kern) protection failure')
$ frida WeChat
     ____
    / _  |   Frida 14.2.18 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
Failed to attach: failed to open file “/usr/lib/libSystem.B.dylib”: open() failed: No such file or directory

Update 2: add a boot argument

After reading Frida 12.11 Released, I did a add a boot argument, after reboot, I got the following error messages:

  1. Failed to attach: process is dead with Spotify
  2. It works with Safari.
$ frida Safari
     ____
    / _  |   Frida 14.2.18 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
                                                                                
[Local::Safari]->
^D

$ frida Spotify
     ____
    / _  |   Frida 14.2.18 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
Failed to attach: process is dead

Update 3:

I confirm that I can run the following C code with frida, from frida/frida#1581 @chrisliu529

#include <unistd.h>

int main() {
    while(1) {
        sleep(1);
    }
    return 0;
}
$ ./a.out &
[1] 2168
$ frida a.out
     ____
    / _  |   Frida 14.2.18 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
                                                                                
[Local::a.out]->

So what we are facing is the same issue as frida/frida#1728 now.
@huan huan mentioned this issue Jun 22, 2021
Closed
@huan huan mentioned this issue Aug 7, 2021
Open
@huan
Copy link
Owner Author

huan commented Nov 20, 2021
edited
Loading

Frida 15.1.11 works! 🎉

WeChat: Version 3.2.1 (19797)

$ pip3 install --upgrade frida

$ frida --version
15.1.11
┌ huan@Huans-MacBook-Air.local:~ [00:41:02] tty:[ttys000] jobs:[0]
└ $ frida WeChat
     ____
    / _  |   Frida 15.1.11 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
                                                                                
[Local::WeChat]->

@mr-m0nst3r
Copy link

Hey guys,

This is interesting:

frida --version
15.1.14

if we attach to process running under apple silicon, it's working.

if we attach to process running under intel, process is dead:

frida 阿里云盘
____
/ _ | Frida 15.1.14 - A world-class dynamic instrumentation toolkit
| (| |
> _ | Commands:
// |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
Failed to attach: process is dead

So, I guess we should use Intel version of frida, which means that frida running under Intel/Rosetta, to attach to Intel processes.

Haven't tested yet.

@reinismu
Copy link

reinismu commented Mar 1, 2022

Ye same here with me. Thought to play with frida and one offline game, but it will just exit
'''
____
/ _ | Frida 15.1.17 - A world-class dynamic instrumentation toolkit
| (| |
> _ | Commands:
// |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
. . . .
. . . . Connected to Local System (id=local)
Failed to attach: process is dead
'''

Tried both with and without rosetta. The result is the same. Game does run under rosetta.

My SIP is disabled

A bit sand that can't tinker with it

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@huan @reinismu @mr-m0nst3r