Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ANR Java_com_aheaditec_talsec_1security_security_Natives_d #138

Closed
kreativityapps opened this issue Oct 8, 2024 · 8 comments · Fixed by #142
Closed

ANR Java_com_aheaditec_talsec_1security_security_Natives_d #138

kreativityapps opened this issue Oct 8, 2024 · 8 comments · Fixed by #142
Assignees
Labels
bug Something isn't working

Comments

@kreativityapps
Copy link

Describe the bug
I can see a huge spike in ANR's in crashlytics in production after updating freerasp from 6.6.0 to 6.7.1

     main (native):tid=1 systid=15749 
#00 pc 0x9fde8 libc.so (__ppoll + 8) (BuildId: 7589cf4bcb5e11ec06c41940bf849449)
#01 pc 0x5c124 libc.so (poll + 92) (BuildId: 7589cf4bcb5e11ec06c41940bf849449)
#02 pc 0x22a7dc split_config.arm64_v8a.apk + 16998400 (BuildId: 668a5160bdf3fa42b7c484aac5bb2a68253e197e)
#03 pc 0x223c8c split_config.arm64_v8a.apk + 16998400 (BuildId: 668a5160bdf3fa42b7c484aac5bb2a68253e197e)
#04 pc 0x1ff154 split_config.arm64_v8a.apk + 16998400 (BuildId: 668a5160bdf3fa42b7c484aac5bb2a68253e197e)
#05 pc 0x1fe3cc split_config.arm64_v8a.apk (Java_com_aheaditec_talsec_1security_security_Natives_d + 828) (BuildId: 668a5160bdf3fa42b7c484aac5bb2a68253e197e)
       at com.aheaditec.talsec_security.security.Natives.b(SourceFile)
       at com.aheaditec.talsec_security.security.Natives.a(SourceFile:81)
       at com.aheaditec.talsec.security.v1.a(SourceFile:1)
       at com.aheaditec.talsec.security.u1$b.b(SourceFile:20)
       at com.aheaditec.talsec.security.u1$b.a(SourceFile:1)
       at com.aheaditec.talsec.security.u1.a(SourceFile:2)
       at com.aheaditec.talsec_security.security.runner.a.b(SourceFile:18)
       at com.aheaditec.talsec_security.security.runner.a.b(SourceFile:149)
       at com.aheaditec.talsec_security.security.runner.a.a(SourceFile:53)
       at com.aheaditec.talsec_security.security.runner.a.a(SourceFile:37)
       at com.aheaditec.talsec.security.t1.a(SourceFile:13)
       at com.aheaditec.talsec.security.t1.a(SourceFile:6)
       at com.aheaditec.talsec_security.security.runner.TalsecMonitoringReceiver.onReceive(SourceFile:11)
       at android.app.LoadedApk$ReceiverDispatcher$Args.lambda$getRunnable$0$LoadedApk$ReceiverDispatcher$Args(LoadedApk.java:1697)
       at android.app.LoadedApk$ReceiverDispatcher$Args$$ExternalSyntheticLambda0.run(unavailable:2)
       at android.os.Handler.handleCallback(Handler.java:938)
       at android.os.Handler.dispatchMessage(Handler.java:99)
       at android.os.Looper.loopOnce(Looper.java:201)
       at android.os.Looper.loop(Looper.java:288)
       at android.app.ActivityThread.main(ActivityThread.java:7881)
       at java.lang.reflect.Method.invoke(Native method)
       at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:568)
       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1045)

To Reproduce
I can't reproduce it locally, it's only in the logs from production

Expected behavior
No ANR

Screenshots
No screenshots

Please complete the following information:

  • Device: Vivo, Oppo, Motorola, Lenovo Mobile, TCT Mobile Limited (Alcatel), Transsion, Samsung, Honor
  • OS version: Android 11, 12, 13
  • Version of freeRASP: 6.7.1

Additional context
The bug was probably introduced in 6.7.0 or 6.7.1

@kreativityapps kreativityapps added the bug Something isn't working label Oct 8, 2024
@abhijeetnapses
Copy link

abhijeetnapses commented Oct 8, 2024

Getting same, here's log

main (native):tid=1 systid=21284 
#00 pc 0xb1cac libc.so (__ppoll + 12) (BuildId: f93a8a2b8acdd38006769d7dffc74c6b)
#01 pc 0x6a5cc libc.so (poll + 96) (BuildId: f93a8a2b8acdd38006769d7dffc74c6b)
#02 pc 0x22a7dc split_config.arm64_v8a.apk + 11935744 (BuildId: e5c5646ee3d0e380efa2ff993b617a1365d6876c)
#03 pc 0x223c8c split_config.arm64_v8a.apk + 11935744 (BuildId: e5c5646ee3d0e380efa2ff993b617a1365d6876c)
#04 pc 0x1ff154 split_config.arm64_v8a.apk + 11935744 (BuildId: e5c5646ee3d0e380efa2ff993b617a1365d6876c)
#05 pc 0x1fe3cc split_config.arm64_v8a.apk (Java_com_aheaditec_talsec_1security_security_Natives_d + 828) (BuildId: e5c5646ee3d0e380efa2ff993b617a1365d6876c)
       at com.aheaditec.talsec_security.security.Natives.d(Native method)
       at com.aheaditec.talsec_security.security.Natives.c(SourceFile:16)
       at e6.v2.a(SourceFile:17)
       at e6.p2$b.g(SourceFile:89)
       at e6.p2$b.e(SourceFile:1)
       at e6.p2.c(SourceFile:28)
       at g6.c.m(SourceFile:23)
       at g6.c.o(SourceFile:13)
       at g6.c.g(SourceFile:35)
       at g6.c.f(SourceFile:2)
       at e6.l2.x(SourceFile:34)
       at e6.l2.y(SourceFile:13)
       at g6.b.onReceive(SourceFile:67)
       at android.app.LoadedApk$ReceiverDispatcher$Args.lambda$getRunnable$0(LoadedApk.java:1897)
       at android.app.LoadedApk$ReceiverDispatcher$Args.$r8$lambda$gDuJqgxY6Zb-ifyeubKeivTLAwk(unavailable)
       at android.app.LoadedApk$ReceiverDispatcher$Args$$ExternalSyntheticLambda0.run(unavailable:2)
       at android.os.Handler.handleCallback(Handler.java:1013)
       at android.os.Handler.dispatchMessage(Handler.java:101)
       at android.os.Looper.loopOnce(Looper.java:226)
       at android.os.Looper.loop(Looper.java:328)
       at android.app.ActivityThread.main(ActivityThread.java:9168)
       at java.lang.reflect.Method.invoke(Native method)
       at com.android.internal.os.RuntimeInit$MethodAndArgsCaller.run(RuntimeInit.java:594)
       at com.android.internal.os.ZygoteInit.main(ZygoteInit.java:1099)
        

Affected devices

97% Vivo

33% V30
27% IQOO Z6 Lite 5G
10% T2 Pro 5G
27% Other (4)
10% IQOO Neo7 Pro
7% V27
7% IQOO Z7s 5G
3% V30 Pro

3% Nothing

3%
Nothing Phone (2a)

OS Android 14 - 100%

Version of freeRASP: 6.7.0

@tompsota
Copy link
Member

tompsota commented Oct 8, 2024

Hello @kreativityapps, @abhijeetnapses,

thank you for reporting the issue. Can you send us your android package name and watcher email to
support@talsec.app so that we can better identify the root cause of the issue?

Thank you.

Tomas from Talsec

@furkanKotic
Copy link

This problem started happening to me too. But my IOS users also started reporting complaints. A similar situation to this error may also be happening on the IOS side.

@abhijeetnapses
Copy link

For me iOS users were getting false positive privileged access. Downgrade to 6.4.0 works for me!

@msikyna
Copy link
Member

msikyna commented Oct 18, 2024

Hello @furkanKotic , @abhijeetnapses ,

could please you create the issue in the iOS repository (https://github.com/talsec/Free-RASP-iOS) and elaborate more? The last iOS SDK introduced the Dopamine jailbreak detection. Based on the data, we do not see any unexpected false positives, the current jailbreak ratio is 0,16% of devices.

Kind regards,
Talsec team

@abhijeetnapses
Copy link

@msikyna few iOS users including me who got the false positive had previously used Dopamine jailbreak, then uninstalled it. Even after rebooting it was detecting a false positive.

@msikyna
Copy link
Member

msikyna commented Oct 18, 2024

Hello @abhijeetnapses ,

rebooting does not fully remove all traces of the jailbreak. The device is "broken". If you send us an email to support@talsec.app with the exact time of the run, watcherMail, bundle id, team id, device model and os version, we can look at the data and tell you what traces have been left on the device.

@msikyna
Copy link
Member

msikyna commented Oct 18, 2024

Hello,
the issue has been solved in the new version: 6.7.2.

Kind regards,
Talsec team

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working
Projects
None yet
Development

Successfully merging a pull request may close this issue.

6 participants