frida-xamarin-unpin
frida-xamarin-unpin copied to clipboard
GoSecure
Can't find Mono runtime when running in emulator
Hi, I just wanted to replicate/try your repo. I did run all described steps.
Clone the modified frida-mono-api in this repository's root. git clone https://github.com/GoSecure/frida-mono-api mono-api cd mono-api && git switch extra Run npm i && npm run build Ensure you have frida installed (pip install frida frida-push) Start the test Application on your Android device Run the following commands to launch the script frida-push frida -U com.test.sample -l dist/xamarin-unpin.js --no-pause
I was expecting the same output as in the example but got:
Error: Can't find Mono runtime!
at mono-api/src/mono-module.js:20
at o (node_modules/browser-pack/_prelude.js:1)
at mono-api/src/mono-api.js:2
at o (node_modules/browser-pack/_prelude.js:1)
at mono-api/src/index.js:1
at o (node_modules/browser-pack/_prelude.js:1)
at src/main.js:24
at o (node_modules/browser-pack/_prelude.js:1)
at r (node_modules/browser-pack/_prelude.js:1)
I am not sure how to fix this or where to investigate the cause. More context: Host system: Arch 5.4.x Guest system: Emulated Pixel 3a (API 24) Frida 12.8.20 frida-ps is working and the server shows no error when pushed.
Hi, @tweidinger, did you make sure that the app is already running on the phone when you launch the frida script? frida-mono-api can't attach to processes early because the mono image is not mapped yet, and there's (currently) no good support to wait until a library is mapped to run code.
If that doesn't work, then I'd list the mapped modules and see if mono is indeed present... Maybe the image name is different.
Hey @alxbl thanks for the quick answer. Yes I did make sure that it is running on the phone before launching the script.
I will check the mapped modules and look for similar named modules. Can you still replicate the example from the readme?
I did check and could not find a running mono module.
Process.enumerateModulesSync()
Is there a step I am missing? Loaded Modules in case they are relevant:
[
{
"base": "0x58276000",
"name": "app_process32",
"path": "/system/bin/app_process32",
"size": 28672
},
{
"base": "0xe8894000",
"name": "libandroid_runtime.so",
"path": "/system/lib/libandroid_runtime.so",
"size": 2015232
},
{
"base": "0xea365000",
"name": "libbinder.so",
"path": "/system/lib/libbinder.so",
"size": 598016
},
{
"base": "0xe990c000",
"name": "libcutils.so",
"path": "/system/lib/libcutils.so",
"size": 73728
},
{
"base": "0xec40e000",
"name": "libhwbinder.so",
"path": "/system/lib/libhwbinder.so",
"size": 176128
},
{
"base": "0xe8be7000",
"name": "liblog.so",
"path": "/system/lib/liblog.so",
"size": 102400
},
{
"base": "0xebdb0000",
"name": "libnativeloader.so",
"path": "/system/lib/libnativeloader.so",
"size": 36864
},
{
"base": "0xea859000",
"name": "libutils.so",
"path": "/system/lib/libutils.so",
"size": 122880
},
{
"base": "0xe8ac0000",
"name": "libwilhelm.so",
"path": "/system/lib/libwilhelm.so",
"size": 262144
},
{
"base": "0xe8680000",
"name": "libc++.so",
"path": "/system/lib/libc++.so",
"size": 901120
},
{
"base": "0xe9247000",
"name": "libc.so",
"path": "/system/lib/libc.so",
"size": 1015808
},
{
"base": "0xeb144000",
"name": "libm.so",
"path": "/system/lib/libm.so",
"size": 237568
},
{
"base": "0xe9b77000",
"name": "libdl.so",
"path": "/system/lib/libdl.so",
"size": 16384
},
{
"base": "0xe886d000",
"name": "libbpf.so",
"path": "/system/lib/libbpf.so",
"size": 53248
},
{
"base": "0xec511000",
"name": "libnetdutils.so",
"path": "/system/lib/libnetdutils.so",
"size": 45056
},
{
"base": "0xe99e7000",
"name": "libmemtrack.so",
"path": "/system/lib/libmemtrack.so",
"size": 16384
},
{
"base": "0xe8411000",
"name": "libandroidfw.so",
"path": "/system/lib/libandroidfw.so",
"size": 368640
},
{
"base": "0xeb1eb000",
"name": "libappfuse.so",
"path": "/system/lib/libappfuse.so",
"size": 53248
},
{
"base": "0xe9ba3000",
"name": "libbase.so",
"path": "/system/lib/libbase.so",
"size": 77824
},
{
"base": "0xe94c9000",
"name": "libcrypto.so",
"path": "/system/lib/libcrypto.so",
"size": 1196032
},
{
"base": "0xeb9e4000",
"name": "libnativehelper.so",
"path": "/system/lib/libnativehelper.so",
"size": 32768
},
{
"base": "0xe8c50000",
"name": "libdebuggerd_client.so",
"path": "/system/lib/libdebuggerd_client.so",
"size": 24576
},
{
"base": "0xe9bce000",
"name": "libui.so",
"path": "/system/lib/libui.so",
"size": 163840
},
{
"base": "0xea6a3000",
"name": "libgraphicsenv.so",
"path": "/system/lib/libgraphicsenv.so",
"size": 16384
},
{
"base": "0xea21c000",
"name": "libgui.so",
"path": "/system/lib/libgui.so",
"size": 638976
},
{
"base": "0xeba27000",
"name": "libsensor.so",
"path": "/system/lib/libsensor.so",
"size": 94208
},
{
"base": "0xe8644000",
"name": "libinput.so",
"path": "/system/lib/libinput.so",
"size": 196608
},
{
"base": "0xec580000",
"name": "libcamera_client.so",
"path": "/system/lib/libcamera_client.so",
"size": 331776
},
{
"base": "0xe8b01000",
"name": "libcamera_metadata.so",
"path": "/system/lib/libcamera_metadata.so",
"size": 40960
},
{
"base": "0xe9f83000",
"name": "libsqlite.so",
"path": "/system/lib/libsqlite.so",
"size": 1253376
},
{
"base": "0xea5d0000",
"name": "libEGL.so",
"path": "/system/lib/libEGL.so",
"size": 176128
},
{
"base": "0xe836b000",
"name": "libGLESv1_CM.so",
"path": "/system/lib/libGLESv1_CM.so",
"size": 45056
},
{
"base": "0xec38d000",
"name": "libGLESv2.so",
"path": "/system/lib/libGLESv2.so",
"size": 102400
},
{
"base": "0xe8385000",
"name": "libvulkan.so",
"path": "/system/lib/libvulkan.so",
"size": 180224
},
{
"base": "0xe99a3000",
"name": "libziparchive.so",
"path": "/system/lib/libziparchive.so",
"size": 53248
},
{
"base": "0xe9d32000",
"name": "libETC1.so",
"path": "/system/lib/libETC1.so",
"size": 20480
},
{
"base": "0xe8cb7000",
"name": "libhardware.so",
"path": "/system/lib/libhardware.so",
"size": 16384
},
{
"base": "0xe8cea000",
"name": "libhardware_legacy.so",
"path": "/system/lib/libhardware_legacy.so",
"size": 16384
},
{
"base": "0xe9098000",
"name": "libselinux.so",
"path": "/system/lib/libselinux.so",
"size": 98304
},
{
"base": "0xeb803000",
"name": "libicuuc.so",
"path": "/system/lib/libicuuc.so",
"size": 1748992
},
{
"base": "0xebcc9000",
"name": "libmedia.so",
"path": "/system/lib/libmedia.so",
"size": 700416
},
{
"base": "0xe9e20000",
"name": "libmediametrics.so",
"path": "/system/lib/libmediametrics.so",
"size": 69632
},
{
"base": "0xe8b41000",
"name": "libaudioclient.so",
"path": "/system/lib/libaudioclient.so",
"size": 491520
},
{
"base": "0xebc09000",
"name": "libjpeg.so",
"path": "/system/lib/libjpeg.so",
"size": 565248
},
{
"base": "0xe8802000",
"name": "libusbhost.so",
"path": "/system/lib/libusbhost.so",
"size": 24576
},
{
"base": "0xe8787000",
"name": "libharfbuzz_ng.so",
"path": "/system/lib/libharfbuzz_ng.so",
"size": 401408
},
{
"base": "0xe9a1c000",
"name": "libz.so",
"path": "/system/lib/libz.so",
"size": 106496
},
{
"base": "0xebe4b000",
"name": "libpdfium.so",
"path": "/system/lib/libpdfium.so",
"size": 5439488
},
{
"base": "0xeb7c7000",
"name": "libimg_utils.so",
"path": "/system/lib/libimg_utils.so",
"size": 86016
},
{
"base": "0xe9af2000",
"name": "libnetd_client.so",
"path": "/system/lib/libnetd_client.so",
"size": 20480
},
{
"base": "0xe9c0e000",
"name": "libsoundtrigger.so",
"path": "/system/lib/libsoundtrigger.so",
"size": 65536
},
{
"base": "0xeb197000",
"name": "libminikin.so",
"path": "/system/lib/libminikin.so",
"size": 159744
},
{
"base": "0xea540000",
"name": "libprocessgroup.so",
"path": "/system/lib/libprocessgroup.so",
"size": 32768
},
{
"base": "0xebb6c000",
"name": "libnativebridge.so",
"path": "/system/lib/libnativebridge.so",
"size": 20480
},
{
"base": "0xec604000",
"name": "libmemunreachable.so",
"path": "/system/lib/libmemunreachable.so",
"size": 176128
},
{
"base": "0xe83c9000",
"name": "libhidlbase.so",
"path": "/system/lib/libhidlbase.so",
"size": 159744
},
{
"base": "0xe9c8b000",
"name": "libhidltransport.so",
"path": "/system/lib/libhidltransport.so",
"size": 475136
},
{
"base": "0xea706000",
"name": "libvintf.so",
"path": "/system/lib/libvintf.so",
"size": 585728
},
{
"base": "0xec4c4000",
"name": "libnativewindow.so",
"path": "/system/lib/libnativewindow.so",
"size": 24576
},
{
"base": "0xea887000",
"name": "libhwui.so",
"path": "/system/lib/libhwui.so",
"size": 8916992
},
{
"base": "0xe90e7000",
"name": "libstatslog.so",
"path": "/system/lib/libstatslog.so",
"size": 86016
},
{
"base": "0xe9408000",
"name": "libutilscallstack.so",
"path": "/system/lib/libutilscallstack.so",
"size": 32768
},
{
"base": "0xec57d000",
"name": "libvndksupport.so",
"path": "/system/lib/libvndksupport.so",
"size": 12288
},
{
"base": "0xe9d6b000",
"name": "libmedia_omx.so",
"path": "/system/lib/libmedia_omx.so",
"size": 331776
},
{
"base": "0xec3c5000",
"name": "libmediaextractor.so",
"path": "/system/lib/libmediaextractor.so",
"size": 69632
},
{
"base": "0xe9ec8000",
"name": "libaudiomanager.so",
"path": "/system/lib/libaudiomanager.so",
"size": 20480
},
{
"base": "0xe8e40000",
"name": "libstagefright.so",
"path": "/system/lib/libstagefright.so",
"size": 2093056
},
{
"base": "0xeb242000",
"name": "libstagefright_foundation.so",
"path": "/system/lib/libstagefright_foundation.so",
"size": 253952
},
{
"base": "0xe9603000",
"name": "libstagefright_http_support.so",
"path": "/system/lib/libstagefright_http_support.so",
"size": 20480
},
{
"base": "0xebbaa000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 90112
},
{
"base": "0xe8dd1000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 98304
},
{
"base": "0xec689000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 12288
},
{
"base": "0xe9e99000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 114688
},
{
"base": "0xea306000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 122880
},
{
"base": "0xe9b0b000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 167936
},
{
"base": "0xea6c9000",
"name": "android.hardware.configstore-utils.so",
"path": "/system/lib/android.hardware.configstore-utils.so",
"size": 16384
},
{
"base": "0xea62e000",
"name": "libsync.so",
"path": "/system/lib/libsync.so",
"size": 16384
},
{
"base": "0xe8d12000",
"name": "libbufferhubqueue.so",
"path": "/system/lib/libbufferhubqueue.so",
"size": 131072
},
{
"base": "0xeba4d000",
"name": "libpdx_default_transport.so",
"path": "/system/lib/libpdx_default_transport.so",
"size": 430080
},
{
"base": "0xea522000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 20480
},
{
"base": "0xebdf3000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 290816
},
{
"base": "0xe9648000",
"name": "libicui18n.so",
"path": "/system/lib/libicui18n.so",
"size": 2633728
},
{
"base": "0xec493000",
"name": "libbacktrace.so",
"path": "/system/lib/libbacktrace.so",
"size": 114688
},
{
"base": "0xe9dc2000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 12288
},
{
"base": "0xec649000",
"name": "libpcre2.so",
"path": "/system/lib/libpcre2.so",
"size": 147456
},
{
"base": "0xea5ba000",
"name": "libpackagelistparser.so",
"path": "/system/lib/libpackagelistparser.so",
"size": 20480
},
{
"base": "0xeb2c2000",
"name": "libclang_rt.ubsan_standalone-i686-android.so",
"path": "/system/lib/libclang_rt.ubsan_standalone-i686-android.so",
"size": 5165056
},
{
"base": "0xe9f01000",
"name": "libsonivox.so",
"path": "/system/lib/libsonivox.so",
"size": 385024
},
{
"base": "0xe9349000",
"name": "libexpat.so",
"path": "/system/lib/libexpat.so",
"size": 172032
},
{
"base": "0xe8a95000",
"name": "libaudioutils.so",
"path": "/system/lib/libaudioutils.so",
"size": 86016
},
{
"base": "0xe8611000",
"name": "libmedia_helper.so",
"path": "/system/lib/libmedia_helper.so",
"size": 98304
},
{
"base": "0xe854d000",
"name": "libft2.so",
"path": "/system/lib/libft2.so",
"size": 647168
},
{
"base": "0xe849b000",
"name": "libhidl-gen-utils.so",
"path": "/system/lib/libhidl-gen-utils.so",
"size": 536576
},
{
"base": "0xe948c000",
"name": "libtinyxml2.so",
"path": "/system/lib/libtinyxml2.so",
"size": 94208
},
{
"base": "0xea105000",
"name": "libdng_sdk.so",
"path": "/system/lib/libdng_sdk.so",
"size": 909312
},
{
"base": "0xea2cf000",
"name": "libheif.so",
"path": "/system/lib/libheif.so",
"size": 36864
},
{
"base": "0xea7d6000",
"name": "libpiex.so",
"path": "/system/lib/libpiex.so",
"size": 110592
},
{
"base": "0xe9048000",
"name": "libpng.so",
"path": "/system/lib/libpng.so",
"size": 229376
},
{
"base": "0xe9a48000",
"name": "libprotobuf-cpp-lite.so",
"path": "/system/lib/libprotobuf-cpp-lite.so",
"size": 266240
},
{
"base": "0xe8e00000",
"name": "libRScpp.so",
"path": "/system/lib/libRScpp.so",
"size": 262144
},
{
"base": "0xe910a000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 573440
},
{
"base": "0xe9e46000",
"name": "libdrmframework.so",
"path": "/system/lib/libdrmframework.so",
"size": 143360
},
{
"base": "0xea485000",
"name": "libion.so",
"path": "/system/lib/libion.so",
"size": 16384
},
{
"base": "0xea0c8000",
"name": "libmediautils.so",
"path": "/system/lib/libmediautils.so",
"size": 57344
},
{
"base": "0xe8dad000",
"name": "libstagefright_codecbase.so",
"path": "/system/lib/libstagefright_codecbase.so",
"size": 28672
},
{
"base": "0xec466000",
"name": "libstagefright_omx_utils.so",
"path": "/system/lib/libstagefright_omx_utils.so",
"size": 28672
},
{
"base": "0xe8d54000",
"name": "libstagefright_xmlparser.so",
"path": "/system/lib/libstagefright_xmlparser.so",
"size": 57344
},
{
"base": "0xe8c27000",
"name": "libhidlallocatorutils.so",
"path": "/system/lib/libhidlallocatorutils.so",
"size": 12288
},
{
"base": "0xea4c8000",
"name": "libhidlmemory.so",
"path": "/system/lib/libhidlmemory.so",
"size": 28672
},
{
"base": "0xeb290000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 98304
},
{
"base": "0xebbe0000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 106496
},
{
"base": "0xebb1d000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 135168
},
{
"base": "0xe944b000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 102400
},
{
"base": "0xe9972000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 12288
},
{
"base": "0xea653000",
"name": "libunwind.so",
"path": "/system/lib/libunwind.so",
"size": 180224
},
{
"base": "0xe91c3000",
"name": "libunwindstack.so",
"path": "/system/lib/libunwindstack.so",
"size": 356352
},
{
"base": "0xea401000",
"name": "libdexfile.so",
"path": "/system/lib/libdexfile.so",
"size": 258048
},
{
"base": "0xea455000",
"name": "libstdc++.so",
"path": "/system/lib/libstdc++.so",
"size": 20480
},
{
"base": "0xeb228000",
"name": "libspeexresampler.so",
"path": "/system/lib/libspeexresampler.so",
"size": 24576
},
{
"base": "0xe9c40000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 159744
},
{
"base": "0xebae9000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 90112
},
{
"base": "0xe938f000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 315392
},
{
"base": "0xea811000",
"name": "liblzma.so",
"path": "/system/lib/liblzma.so",
"size": 188416
},
{
"base": "0xe7ad1000",
"name": "libart.so",
"path": "/system/lib/libart.so",
"size": 6971392
},
{
"base": "0xe7a24000",
"name": "liblz4.so",
"path": "/system/lib/liblz4.so",
"size": 94208
},
{
"base": "0xe7a9e000",
"name": "libmetricslogger.so",
"path": "/system/lib/libmetricslogger.so",
"size": 16384
},
{
"base": "0xeca82000",
"name": "libtombstoned_client.so",
"path": "/system/lib/libtombstoned_client.so",
"size": 24576
},
{
"base": "0xe7a5e000",
"name": "libsigchain.so",
"path": "/system/lib/libsigchain.so",
"size": 12288
},
{
"base": "0x71acd000",
"name": "boot.oat",
"path": "/system/framework/x86/boot.oat",
"size": 9396224
},
{
"base": "0x723c3000",
"name": "boot-core-libart.oat",
"path": "/system/framework/x86/boot-core-libart.oat",
"size": 5013504
},
{
"base": "0x7288b000",
"name": "boot-conscrypt.oat",
"path": "/system/framework/x86/boot-conscrypt.oat",
"size": 688128
},
{
"base": "0x72933000",
"name": "boot-okhttp.oat",
"path": "/system/framework/x86/boot-okhttp.oat",
"size": 786432
},
{
"base": "0x729f3000",
"name": "boot-bouncycastle.oat",
"path": "/system/framework/x86/boot-bouncycastle.oat",
"size": 1675264
},
{
"base": "0x72b8c000",
"name": "boot-apache-xml.oat",
"path": "/system/framework/x86/boot-apache-xml.oat",
"size": 1359872
},
{
"base": "0x72cd8000",
"name": "boot-ext.oat",
"path": "/system/framework/x86/boot-ext.oat",
"size": 1142784
},
{
"base": "0x72def000",
"name": "boot-framework.oat",
"path": "/system/framework/x86/boot-framework.oat",
"size": 35528704
},
{
"base": "0x74fd1000",
"name": "boot-telephony-common.oat",
"path": "/system/framework/x86/boot-telephony-common.oat",
"size": 4947968
},
{
"base": "0x75489000",
"name": "boot-voip-common.oat",
"path": "/system/framework/x86/boot-voip-common.oat",
"size": 180224
},
{
"base": "0x754b5000",
"name": "boot-ims-common.oat",
"path": "/system/framework/x86/boot-ims-common.oat",
"size": 241664
},
{
"base": "0x754f0000",
"name": "boot-android.hidl.base-V1.0-java.oat",
"path": "/system/framework/x86/boot-android.hidl.base-V1.0-java.oat",
"size": 53248
},
{
"base": "0x754fd000",
"name": "boot-android.hidl.manager-V1.0-java.oat",
"path": "/system/framework/x86/boot-android.hidl.manager-V1.0-java.oat",
"size": 73728
},
{
"base": "0x7550f000",
"name": "boot-framework-oahl-backward-compatibility.oat",
"path": "/system/framework/x86/boot-framework-oahl-backward-compatibility.oat",
"size": 28672
},
{
"base": "0x75516000",
"name": "boot-android.test.base.oat",
"path": "/system/framework/x86/boot-android.test.base.oat",
"size": 57344
},
{
"base": "0xe505c000",
"name": "libadbconnection.so",
"path": "/system/lib/libadbconnection.so",
"size": 53248
},
{
"base": "0xe495a000",
"name": "libhoudini.so",
"path": "/system/lib/libhoudini.so",
"size": 7151616
},
{
"base": "0xe4918000",
"name": "libandroid.so",
"path": "/system/lib/libandroid.so",
"size": 122880
},
{
"base": "0xe48c3000",
"name": "libaaudio.so",
"path": "/system/lib/libaaudio.so",
"size": 204800
},
{
"base": "0xe4751000",
"name": "libcamera2ndk.so",
"path": "/system/lib/libcamera2ndk.so",
"size": 139264
},
{
"base": "0xe470b000",
"name": "libmediandk.so",
"path": "/system/lib/libmediandk.so",
"size": 126976
},
{
"base": "0xe4846000",
"name": "libmedia_jni.so",
"path": "/system/lib/libmedia_jni.so",
"size": 438272
},
{
"base": "0xe4785000",
"name": "libmediadrm.so",
"path": "/system/lib/libmediadrm.so",
"size": 217088
},
{
"base": "0xe46df000",
"name": "libmidi.so",
"path": "/system/lib/libmidi.so",
"size": 81920
},
{
"base": "0xe4691000",
"name": "libmtp.so",
"path": "/system/lib/libmtp.so",
"size": 188416
},
{
"base": "0xe4802000",
"name": "libexif.so",
"path": "/system/lib/libexif.so",
"size": 217088
},
{
"base": "0xe47d3000",
"name": "libmediadrmmetrics_lite.so",
"path": "/system/lib/libmediadrmmetrics_lite.so",
"size": 155648
},
{
"base": "0xe4580000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 524288
},
{
"base": "0xe461f000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 339968
},
{
"base": "0xe4563000",
"name": "libasyncio.so",
"path": "/system/lib/libasyncio.so",
"size": 12288
},
{
"base": "0xe4520000",
"name": "libGLESv3.so",
"path": "/system/lib/libGLESv3.so",
"size": 102400
},
{
"base": "0xe44f5000",
"name": "libjnigraphics.so",
"path": "/system/lib/libjnigraphics.so",
"size": 12288
},
{
"base": "0xe4191000",
"name": "libneuralnetworks.so",
"path": "/system/lib/libneuralnetworks.so",
"size": 2547712
},
{
"base": "0xe414a000",
"name": "libtextclassifier_hash.so",
"path": "/system/lib/libtextclassifier_hash.so",
"size": 28672
},
{
"base": "0xe4442000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 270336
},
{
"base": "0xe4410000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 126976
},
{
"base": "0xe4108000",
"name": "libOpenMAXAL.so",
"path": "/system/lib/libOpenMAXAL.so",
"size": 16384
},
{
"base": "0xe40cd000",
"name": "libOpenSLES.so",
"path": "/system/lib/libOpenSLES.so",
"size": 16384
},
{
"base": "0xe4013000",
"name": "libRS.so",
"path": "/system/lib/libRS.so",
"size": 81920
},
{
"base": "0xe4041000",
"name": "[email protected]",
"path": "/system/lib/[email protected]",
"size": 520192
},
{
"base": "0xe3ffb000",
"name": "libwebviewchromium_plat_support.so",
"path": "/system/lib/libwebviewchromium_plat_support.so",
"size": 20480
},
{
"base": "0xe3f7a000",
"name": "libjavacore.so",
"path": "/system/lib/libjavacore.so",
"size": 286720
},
{
"base": "0xe2785000",
"name": "libopenjdk.so",
"path": "/system/lib/libopenjdk.so",
"size": 225280
},
{
"base": "0xe2808000",
"name": "libssl.so",
"path": "/system/lib/libssl.so",
"size": 339968
},
{
"base": "0xe27e5000",
"name": "libopenjdkjvm.so",
"path": "/system/lib/libopenjdkjvm.so",
"size": 40960
},
{
"base": "0xe2503000",
"name": "libart-compiler.so",
"path": "/system/lib/libart-compiler.so",
"size": 2486272
},
{
"base": "0xdf8f0000",
"name": "libsoundpool.so",
"path": "/system/lib/libsoundpool.so",
"size": 53248
},
{
"base": "0xdf880000",
"name": "libjavacrypto.so",
"path": "/system/lib/libjavacrypto.so",
"size": 262144
},
{
"base": "0xdf78c000",
"name": "[email protected]",
"path": "/system/vendor/lib/hw/[email protected]",
"size": 32768
},
{
"base": "0xdf744000",
"name": "libcompiler_rt.so",
"path": "/system/lib/libcompiler_rt.so",
"size": 217088
},
{
"base": "0xdf6a8000",
"name": "libwebviewchromium_loader.so",
"path": "/system/lib/libwebviewchromium_loader.so",
"size": 16384
},
{
"base": "0xd2241000",
"name": "base.odex",
"path": "/data/app/com.test.sample-xYPrvLJbYgg8WvTMvLFzew==/oat/x86/base.odex",
"size": 4153344
},
{
"base": "0xe000000",
"name": "libtcb.so",
"path": "/system/lib/arm/nb/libtcb.so",
"size": 675840
},
{
"base": "0xccb00000",
"name": "libEGL_emulation.so",
"path": "/system/vendor/lib/egl/libEGL_emulation.so",
"size": 188416
},
{
"base": "0xccb52000",
"name": "libOpenglSystemCommon.so",
"path": "/system/vendor/lib/libOpenglSystemCommon.so",
"size": 40960
},
{
"base": "0xcc4e0000",
"name": "lib_renderControl_enc.so",
"path": "/system/vendor/lib/lib_renderControl_enc.so",
"size": 53248
},
{
"base": "0xcc148000",
"name": "libGLESv2_enc.so",
"path": "/system/vendor/lib/libGLESv2_enc.so",
"size": 491520
},
{
"base": "0xcc0d9000",
"name": "libGLESv1_enc.so",
"path": "/system/vendor/lib/libGLESv1_enc.so",
"size": 307200
},
{
"base": "0xcc093000",
"name": "libGLESv1_CM_emulation.so",
"path": "/system/vendor/lib/egl/libGLESv1_CM_emulation.so",
"size": 86016
},
{
"base": "0xcc049000",
"name": "libGLESv2_emulation.so",
"path": "/system/vendor/lib/egl/libGLESv2_emulation.so",
"size": 114688
},
{
"base": "0xcb5dc000",
"name": "gralloc.vbox86.so",
"path": "/system/vendor/lib/hw/gralloc.vbox86.so",
"size": 53248
},
{
"base": "0xc80dc000",
"name": "frida-agent-32.so",
"path": "/data/local/tmp/re.frida.server/frida-agent-32.so",
"size": 21835776
},
{
"base": "0xecd74000",
"name": "linux-vdso.so.1",
"path": "linux-vdso.so.1",
"size": 4096
},
{
"base": "0xecd75000",
"name": "linker",
"path": "/system/bin/linker",
"size": 1306624
}
]
Hmm, there are indeed no mono libraries at all in there. If you retargeted the solution for Pixel 3, is it possible that AOT compilation is now a default? Or maybe the behavior inside an emulator is different? Isn't the android emulator build compiling the code to x86 instead of ARM? (for performance reasons)
Regarding the AOT I am not sure if this is affecting here, but I used the precompiled apk from this repo. I will build it from source and see if there is a difference. Checked the script with multiple xamarin apks and there was no runtime present. I am suspecting possible issues because of x86/arm translation and will try to replicate on a physical device to exclude this issue - still I would be interested in running the unpin inside emulated devices.
Yeah, I totally understand. We didn't test emulated devices, so this would be something new to investigate and implement. There's little hope of the pinning script working though if the Mono runtime isn't being used at all :( If you end up finding something, do let me know.
If there is anything I can do to help, let me know as well.
El problema es la compilación de su aplicativo revisa que tenga soporte para x86 en xamarin, de esa forma podrás usarlo en un emulador
Here's a google translate of the previous comment for the record. It looks like important information regarding this issue.
The problem is the compilation of your application check that it has support for x86 in xamarin, that way you can use it in an emulator
@gunnrcrakr, @achmstein: as previously stated by @alxbl, if you run in an emulator the code is AOT compiled instead of JIT'ed using the mono runtime. This solution doesn't work on AOT compiled code.
Bumping the issue will not help. Only someone willing to develop a solution would help.
To add to what @obilodeau said, it's not actually clear so far whether this is due to AOT, or due to the x86 cross-compilation that most emulators use to improve performance. Both are technically possible, but I am indeed inclined to believe AOT is the cause.
Since Xamarin appears to be phasing out the .NET HTTP Client in favour of the platform's built-in client, Universal pinning bypasses for the Java HttpClient might work on newer Mono applications.
The only case remaining is AOT which uses the .NET HTTPClient, which will require to find the native method through RE and patching that using a custom Frida script.
AOT is Ahead-of-Time compilation, where the .NET code is fully (or partially) compiled to native code before the application is packaged. Once this happens there is no trace of .NET or Mono assemblies left in the package, which means the functions cannot be hooked unless their native counterparts can be found.
We haven't implemented that as it was an area of future work. What works right now should be any application that loads the Mono runtime at launch (meaning that the .NET bytecode still exists and hasn't been precompiled into native code)
What was initially reported in this issue is that the emulators seem to AOT compile, or otherwise compile in a way that makes the mono runtime unavailable.
If possible, I'd recommend trying on a rooted android phone with a release build of the application you want to test.
Excuse me if I do not understand my English is not good, it is required to build the app for x86 architecture, I leave the link https://docs.microsoft.com/en-us/xamarin/android/deploy-test/building-apps/abi-specific-apks
This should work without any issues:
Wait for the application to be loaded completely before running the frida script. That should resolve the issue:
frida -U -f com.example.application
After the application spawns with frida attached, pass the following to load the SSL unpinning file:
[Android Emulator 5554::com.example.application ]-> %load xamarin-unpin.js
Alternatively, modify the .js file to add a timeout of 1-2 seconds before loading it. I've tested the script in Android Studio Emulator as well, works fine with the way described above.
