Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Android 15, unable to perform state transition #336

Open
matbrik opened this issue Sep 16, 2024 · 3 comments
Open

Android 15, unable to perform state transition #336

matbrik opened this issue Sep 16, 2024 · 3 comments

Comments

@matbrik
Copy link

matbrik commented Sep 16, 2024

Device Pixel 6 Android 15 beta AP31.240617.015 rooted with Magisk

 ./frida-inject-16.5.1-android-arm64 -p 1437 -i -s test.js                                                                                                                                                                                           
{"type":"error","description":"Error: Unable to perform state transition; please file a bug","stack":"Error: Unable to perform state transition; please file a bug
    at bt (frida/node_modules/frida-java-bridge/lib/android.js:578)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/class-model.js:115)
    at build (frida/node_modules/frida-java-bridge/lib/class-model.js:7)
    at _make (frida/node_modules/frida-java-bridge/lib/class-factory.js:168)
    at use (frida/node_modules/frida-java-bridge/lib/class-factory.js:62)
    at <anonymous> (frida/node_modules/frida-java-bridge/index.js:224)
    at <anonymous> (frida/node_modules/frida-java-bridge/lib/vm.js:12)
    at _performPendingVmOpsWhenReady (frida/node_modules/frida-java-bridge/index.js:244)
    at perform (frida/node_modules/frida-java-bridge/index.js:204)
    at <eval> (/test.js:17)","fileName":"frida/node_modules/frida-java-bridge/lib/android.js","lineNumber":578,"columnNumber":1}

I get the same error using a frida-server

How can I debug this? I cannot match the line numbers in the stacktrace with a relevant code in the source files
@pig837
Copy link

pig837 commented Sep 16, 2024
edited
Loading

It's frida bug.

If the ROM is equipped with a Google Play System Update version before August 2024, the workaround in the link below can be applied. However, if the ROM is equipped after August 2024, the workaround may cannot be applied, and this is something that Frida developers need to fix.

frida/frida#2958

@matbrik
Copy link
Author

matbrik commented Sep 20, 2024

I found the issue and I've tested an "hardcoded" version of frida. Basically at https://github.com/frida/frida-java-bridge/blob/main/lib/android.js#L3929 frida looks for the address of ExceptionClear but the address found is wrong. Setting the correct address of ExceptionClear (found through diffing 2 libart) Frida works again.
Next week I'll try to find the new offset in the vtable for exceptionclear and commit the fix

@matbrik matbrik changed the title Andorid 15, unable to perform state transition Android 15, unable to perform state transition Sep 23, 2024
@QingShiLuoGu
Copy link

@matbrik same issue, have you solved it?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@matbrik @pig837 @QingShiLuoGu