Jinitrace with frida gadget

[euzada]

Hi, first thank you for writing this script.

I am trying to run it on unrooted android using frida gadget.

The server has been included correctly in the apk and loaded correctly (confirmed with frida-ps -R).

But can't run it using jnitrace.

I started the app with gadget config set to "wait".
I tried the following code but all failed with error related to target:
jnitrace: error: the following arguments are required: target

The command tested are the following:

jnitrace -l * -R Gadget
jnitrace -l * -R re.frida.Gadget
jnitrace -l * -R localhost
jnitrace -l * -R localhost:27042
jnitrace -l * -R 127.0.0.1:27042
jnitrace -l * -R 127.0.0.1

None are working.

If I tried to run:

frida --codeshare chame1eon/jnitrace -R Gadget

It works but the output is a little messy and prefer using the python wrapper of jnitrace instead.

Any idea how to make it work?
Thank you.

[chame1eon]

Hi,

Thank you. I'm glad you like the tool.

So I think the issue is that you need to combine the commands you are trying. If you are connecting to a remote device you need the following:

jnitrace -l * -R : Gadget

If the device is local you should just need this:

jnitrace -l * Gadget

Let me know if that helps.

Thanks

[euzada]

Thank you for your answer.

I forgot to mention that I am using termux on the actual device to trace jni. I don't know if termux needs different command.

Unfortunately, it didn't work. Both solutions failed.

For the first idea, here is the error:

~/.../shared/Download $ jnitrace -l libnex* Gadget
Traceback (most recent call last):
File "/data/data/com.termux/files/usr/bin/jnitrace", line 33, in
sys.exit(load_entry_point('jnitrace==3.2.2', 'console_scripts', 'jnitrace')())
File "/data/data/com.termux/files/usr/lib/python3.9/site-packages/jnitrace/jnitrace.py", line 576, in main
device = frida.get_usb_device(3)
File "/data/data/com.termux/files/usr/lib/python3.9/site-packages/frida/init.py", line 82, in get_usb_device
return get_device_matching(lambda d: d.type == 'usb', timeout, **kwargs)
File "/data/data/com.termux/files/usr/lib/python3.9/site-packages/frida/init.py", line 90, in get_device_matching
return get_device_manager().get_device_matching(predicate, timeout, **kwargs)
File "/data/data/com.termux/files/usr/lib/python3.9/site-packages/frida/core.py", line 26, in wrapper
return f(*args, **kwargs)
File "/data/data/com.termux/files/usr/lib/python3.9/site-packages/frida/core.py", line 58, in get_device_matching
return Device(self._impl.get_device_matching(lambda d: predicate(Device(d)), raw_timeout))
frida.InvalidArgumentError: device not found

For the second, the error is slightly different:

~/.../shared/Download $ jnitrace -l libnex* -R : Gadget
Traceback (most recent call last):
File "/data/data/com.termux/files/usr/bin/jnitrace", line 33, in
sys.exit(load_entry_point('jnitrace==3.2.2', 'console_scripts', 'jnitrace')())
File "/data/data/com.termux/files/usr/lib/python3.9/site-packages/jnitrace/jnitrace.py", line 584, in main
pid = device.get_process(args.target).pid
File "/data/data/com.termux/files/usr/lib/python3.9/site-packages/frida/core.py", line 26, in wrapper
return f(*args, **kwargs)
File "/data/data/com.termux/files/usr/lib/python3.9/site-packages/frida/core.py", line 106, in get_process
matching = [process for process in self._impl.enumerate_processes() if fnmatch.fnmatchcase(process.name.lower(), process_name_lc)]
frida.InvalidArgumentError: if a ':' character is given, it must be followed by a port (in hostname ':').

[chame1eon]

Okay, can you try this:

jnitrace -l libnex* -R 127.0.0.1:27042 re.frida.Gadget

[WanghongLin]

What I have done is making frida to read a customized configuration and listen in all interfaces

{
  "interaction": {
    "type": "listen",
    "address": "0.0.0.0",
    "port": 27042,
    "on_port_conflict": "fail",
    "on_load": "wait"
  }
}

Run the app with frida gadget integrated, and wait.

Then invoke the following command to use jni trace from PC in the same LAN

jnitrace -l libname.so -R 10.0.0.3:27042 Gadget -m attach

[chame1eon]

Are you having the same issues for this one on newer Frida versions?