Frida broken on Android 12 (emulators only?), and the error told me to file a bug report. #1917
Description
Hi, when trying to run frida on an Android 12 (API 31) emulator, I get the following output:
$ adb shell 'su 0 /data/local/tmp/frida-server'
{"type":"error","description":"TypeError: r is not a function","stack":"TypeError: r is not a function\n at CallbackContext.lt (frida/node_modules/frida-java-bridge/lib/android.js:547:1)\n at NativeFunction.<anonymous> (<anonymous>)\n at dt (frida/node_modules/frida-java-bridge/lib/android.js:542:1)\n at frida/node_modules/frida-java-bridge/lib/class-model.js:112:1\n at Function.build (frida/node_modules/frida-java-bridge/lib/class-model.js:7:1)\n at I._make (frida/node_modules/frida-java-bridge/lib/class-factory.js:115:1)\n at I.use (frida/node_modules/frida-java-bridge/lib/class-factory.js:63:1)\n at frida/node_modules/frida-java-bridge/index.js:212:1\n at c.perform (frida/node_modules/frida-java-bridge/lib/vm.js:11:1)\n at g._performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:211:1)","fileName":"frida/node_modules/frida-java-bridge/lib/android.js","lineNumber":547,"columnNumber":1}
{"type":"error","description":"Error: Unable to perform state transition; please file a bug","stack":"Error: Unable to perform state transition; please file a bug\n at dt (frida/node_modules/frida-java-bridge/lib/android.js:542:1)\n at frida/node_modules/frida-java-bridge/lib/class-model.js:112:1\n at Function.build (frida/node_modules/frida-java-bridge/lib/class-model.js:7:1)\n at I._make (frida/node_modules/frida-java-bridge/lib/class-factory.js:115:1)\n at I.use (frida/node_modules/frida-java-bridge/lib/class-factory.js:63:1)\n at frida/node_modules/frida-java-bridge/index.js:212:1\n at c.perform (frida/node_modules/frida-java-bridge/lib/vm.js:11:1)\n at g._performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:211:1)\n at g.perform (frida/node_modules/frida-java-bridge/index.js:192:1)\n at /internal-agent.js:490:6","fileName":"frida/node_modules/frida-java-bridge/lib/android.js","lineNumber":542,"columnNumber":1}Here's that output after formatting, for convenience:
{
"type": "error",
"description": "TypeError: r is not a function",
"stack": "TypeError: r is not a function\n at CallbackContext.lt (frida/node_modules/frida-java-bridge/lib/android.js:547:1)\n at NativeFunction.<anonymous> (<anonymous>)\n at dt (frida/node_modules/frida-java-bridge/lib/android.js:542:1)\n at frida/node_modules/frida-java-bridge/lib/class-model.js:112:1\n at Function.build (frida/node_modules/frida-java-bridge/lib/class-model.js:7:1)\n at I._make (frida/node_modules/frida-java-bridge/lib/class-factory.js:115:1)\n at I.use (frida/node_modules/frida-java-bridge/lib/class-factory.js:63:1)\n at frida/node_modules/frida-java-bridge/index.js:212:1\n at c.perform (frida/node_modules/frida-java-bridge/lib/vm.js:11:1)\n at g._performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:211:1)",
"fileName": "frida/node_modules/frida-java-bridge/lib/android.js",
"lineNumber": 547,
"columnNumber": 1
}
{
"type": "error",
"description": "Error: Unable to perform state transition; please file a bug",
"stack": "Error: Unable to perform state transition; please file a bug\n at dt (frida/node_modules/frida-java-bridge/lib/android.js:542:1)\n at frida/node_modules/frida-java-bridge/lib/class-model.js:112:1\n at Function.build (frida/node_modules/frida-java-bridge/lib/class-model.js:7:1)\n at I._make (frida/node_modules/frida-java-bridge/lib/class-factory.js:115:1)\n at I.use (frida/node_modules/frida-java-bridge/lib/class-factory.js:63:1)\n at frida/node_modules/frida-java-bridge/index.js:212:1\n at c.perform (frida/node_modules/frida-java-bridge/lib/vm.js:11:1)\n at g._performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:211:1)\n at g.perform (frida/node_modules/frida-java-bridge/index.js:192:1)\n at /internal-agent.js:490:6",
"fileName": "frida/node_modules/frida-java-bridge/lib/android.js",
"lineNumber": 542,
"columnNumber": 1
}This is all on the latest version (15.1.12), running on x86_64. The emulator in question was freshly installed (multiple times), wiped, cold booted, etc. The avdmanager string used to create the AVD is system-images;android-31;default;x86_64.
I have also updated my pip packages, as seen here:
$ pip freeze | grep frida
frida==15.1.12
frida-tools==10.4.1And here are some additional tests (with frida-server still running after printing the original error):
$ frida-ps -U
Failed to enumerate processes: cannot read property 'getRunningAppProcesses' of undefined
$ adb shell ps -A | grep frida
root 18320 447 10903992 102840 0 0 S frida-server
$ adb shell ps -A | grep system_server
system 556 360 22941640 369312 0 0 S system_server
$ frida -U -n system_server
____
/ _ | Frida 15.1.12 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
Failed to spawn: cannot read property 'getRunningAppProcesses' of undefined
Even though I could not attach to system_server by name, I can attach by PID (although it takes several seconds).
$ frida -U -p 556
____
/ _ | Frida 15.1.12 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://frida.re/docs/home/
[Android Emulator 5554::PID::556]-> Java.available
true
[Android Emulator 5554::PID::556]->
[Android Emulator 5554::PID::556]->
Thank you for using Frida!
I get similar issues when running via the python bindings, which is what led me to this. Please let me know if I can help test anything else.