Frida: Unable to access process: Frida should provide a better error-message when trying to attach to Apple-protected processes on El Capitan

Created on 28 Nov 2015  Â·  18Comments  Â·  Source: frida/frida

After installing frida on OSX using easy_install I'm getting the following error when I try to run the example.py (as described on http://www.frida.re/docs/installation/):

sudo python frida_example.py
Password:
Traceback (most recent call last):
File "frida_example.py", line 5, in
session = frida.attach("cat")
File "build/bdist.macosx-10.11-x86_64/egg/frida/init.py", line 55, in attach
File "build/bdist.macosx-10.11-x86_64/egg/frida/core.py", line 87, in attach
frida.PermissionDeniedError: unable to access process with pid 1992 from the current user account

Most helpful comment

Another way was to write a simple execute program, and attach it without disable SIP.

  1. Write a simple "hello.c":
#include <stdio.h>
int main() {
     printf("Hello World\n");
     getchar();
     return 0;
}
  1. Compile and run it
$ gcc hello.c -o hello
$ ./hello
  1. Modify the "example.py"
import sys
import frida
session = frida.attach("cat" if len(sys.argv)<=1 else int(sys.argv[1]))
print([x.name for x in session.enumerate_modules()])
  1. Get the hello process id and attach it
$ ps aux|grep hello
lang             62676   0.0  0.0  2432780    728 s000  S+    1:56AM   0:00.00 ./hello
$ python example.py 62676

All 18 comments

Hi,

That error means you're on El Capitan trying to attach to a system binary, which /bin/cat technically is (being signed by Apple), so there's not much we can do about that for now except provide a better error-message, and suggest a better example target in the docs.

Cheers!

Or may be disable SIP (System Integrity Protection) for test purposes? Reference: http://osxdaily.com/2015/10/05/disable-rootless-system-integrity-protection-mac-os-x/

Just to clarify, there are no options available to hook onto Messages, etc.?

I am following installation instructions on http://www.frida.re/docs/installation/. Upon executing session = frida.attach("cat"), I get this error:

frida.PermissionDeniedError: unable to access process with pid 67947 from the current user account

Is there a way to make these instructions clearer for Mac OS users?

Hi @IgorGanapolsky,

Is there a way to make these instructions clearer for Mac OS users?

Yes, they were written before SIP entered the picture. Would appreciate a PR improving that guide if any of you feel like it. :-)

@oleavr What should the PR entail? How to forego SIP? What if users have no knowledge of SIP, and just want to try Frida for the first time. This gets a little complicated...

@IgorGanapolsky Good point. Might be easier to ask the user to compile a “Hello World”-style program, like we do in the tutorials. (The alternative would be to suggest different programs depending on the OS, but that quickly becomes messy too.)

what if you copy the cat binary first to /tmp/cat then try the example?

ah I think this only would have worked for I think the prev mac os version (not sierra)

it did't work cause I was stupid and still typed cat instead of the copied version :-)

I lied, it still works :-)

$ cp /bin/cat .
$ ./cat &

$ python test-frida.py
[u'cat', u'libSystem.B.dylib', u'libcache.dylib', u'libcommonCrypto.dylib', u'libcompiler_rt.dylib', u'libcopyfile.dylib', u'libcorecrypto.dylib', u'libdispatch.dylib', u'libdyld.dylib', u'libkeymgr.dylib', u'liblaunch.dylib', u'libmacho.dylib', u'libquarantine.dylib', u'libremovefile.dylib', u'libsystem_asl.dylib', u'libsystem_blocks.dylib', u'libsystem_c.dylib', u'libsystem_configuration.dylib', u'libsystem_coreservices.dylib', u'libsystem_coretls.dylib', u'libsystem_dnssd.dylib', u'libsystem_info.dylib', u'libsystem_kernel.dylib', u'libsystem_m.dylib', u'libsystem_malloc.dylib', u'libsystem_network.dylib', u'libsystem_networkextension.dylib', u'libsystem_notify.dylib', u'libsystem_platform.dylib', u'libsystem_pthread.dylib', u'libsystem_sandbox.dylib', u'libsystem_secinit.dylib', u'libsystem_symptoms.dylib', u'libsystem_trace.dylib', u'libunwind.dylib', u'libxpc.dylib', u'libobjc.A.dylib', u'libauto.dylib', u'libc++abi.dylib', u'libc++.1.dylib', u'frida-agent.dylib', u'libresolv.9.dylib']

opened PR to docs here

@dweinstein Thanks! That's definitely the simplest solution! :-)

@dweinstein When I do frida.attach("cat"), I get this error now:

raise _frida.ProcessNotFoundError("ambiguous name; it matches: %s" % ", ".join(["%s (pid: %d)" % (process.name, process.pid) for process in matching]))
frida.ProcessNotFoundError: ambiguous name; it matches: cat (pid: 29755), cat (pid: 29752)

I am on Sierra.

sounds like you have two cat binaries running. Try killing both of those PIDs first and trying again. Or try the PIDs individually until you find the right one by passing the PID (number) to attach instead (frida.attach(29755))

To kill all the running cat processes you can run pkill cat then try again.

Another way was to write a simple execute program, and attach it without disable SIP.

  1. Write a simple "hello.c":
#include <stdio.h>
int main() {
     printf("Hello World\n");
     getchar();
     return 0;
}
  1. Compile and run it
$ gcc hello.c -o hello
$ ./hello
  1. Modify the "example.py"
import sys
import frida
session = frida.attach("cat" if len(sys.argv)<=1 else int(sys.argv[1]))
print([x.name for x in session.enumerate_modules()])
  1. Get the hello process id and attach it
$ ps aux|grep hello
lang             62676   0.0  0.0  2432780    728 s000  S+    1:56AM   0:00.00 ./hello
$ python example.py 62676

Another way was to write a simple execute program, and attach it without disable SIP.

  1. Write a simple "hello.c":
#include <stdio.h>
int main() {
     printf("Hello World\n");
     getchar();
     return 0;
}
  1. Compile and run it
$ gcc hello.c -o hello
$ ./hello
  1. Modify the "example.py"
import sys
import frida
session = frida.attach("cat" if len(sys.argv)<=1 else int(sys.argv[1]))
print([x.name for x in session.enumerate_modules()])
  1. Get the hello process id and attach it
$ ps aux|grep hello
lang             62676   0.0  0.0  2432780    728 s000  S+    1:56AM   0:00.00 ./hello
$ python example.py 62676
Traceback (most recent call last):
  File "python/1test.py", line 12, in <module>
    print([x.name for x in session.enumerate_modules()])
AttributeError: 'Session' object has no attribute 'enumerate_modules'

For the reason related to the original error, permissions in macOS Catalina due to SIP, please check: https://github.com/frida/frida-website/issues/65

frida.PermissionDeniedError: unable to access process with pid 71045 from the current user account

"The only way to attach to system binaries (until we provide a kernel driver in the future), is to disable SIP. We should definitely improve those docs though – they were written before SIP."


For the enumerate modules error, you can use the original sample available at https://frida.re/docs/installation/, and replace the target binary with "hello" or the PID, using the following code (rather than using the "example.py" code above; follow steps 1 to 4 above, except for step 3):

AttributeError: 'Session' object has no attribute 'enumerate_modules'
import sys
import frida

def on_message(message, data):
    print("[on_message] message:", message, "data:", data)

session = frida.attach("hello" if len(sys.argv)<=1 else int(sys.argv[1]))

script = session.create_script("""
rpc.exports.enumerateModules = function () {
  return Process.enumerateModules();
};
""")
script.on("message", on_message)
script.load()

print([m["name"] for m in script.exports.enumerate_modules()])

I'm still running into the same error message:

$ cp /bin/cat /tmp/
$ /tmp/cat &
[1] 73728
$ python example.py 
Traceback (most recent call last):
  File "example.py", line 6, in <module>
    session = frida.attach("cat")
  File "/Users/lalyos/.virtualenv/lib/python2.7/site-packages/frida/__init__.py", line 62, in attach
    return get_local_device().attach(target, **kwargs)
  File "/Users/lalyos/.virtualenv/lib/python2.7/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/Users/lalyos/.virtualenv/lib/python2.7/site-packages/frida/core.py", line 156, in attach
    return Session(self._impl.attach(self._pid_of(target)))
frida.PermissionDeniedError: unable to access process with pid 73728 from the current user account

with sudo the same:

$ sudo python example.py 
Traceback (most recent call last):
...

Any tip would be highly appreciated.

I'm on osx 10.14 (mojave)

I'm having the same issue on mojave. perhaps might have to follow langrenfengzis suggestion

Another way was to write a simple execute program, and attach it without disable SIP.

1. Write a simple "hello.c":
#include <stdio.h>
int main() {
     printf("Hello World\n");
     getchar();
     return 0;
}
1. Compile and run it
$ gcc hello.c -o hello
$ ./hello
1. Modify the "example.py"
import sys
import frida
session = frida.attach("cat" if len(sys.argv)<=1 else int(sys.argv[1]))
print([x.name for x in session.enumerate_modules()])
1. Get the hello process id and attach it
$ ps aux|grep hello
lang             62676   0.0  0.0  2432780    728 s000  S+    1:56AM   0:00.00 ./hello
$ python example.py 62676
Was this page helpful?
0 / 5 - 0 ratings