Frida: Failed to execute child process in android arm 64

Created on 24 Apr 2018  ·  4Comments  ·  Source: frida/frida

Hello,
I'm running frida-server on an android 7, when I want to hook an API frida-trace says "Failed to attach: failed to execute child process “/data/local/tmp/re.frida.server/frida-helper-64” (Permission denied)"

$frida-trace -U -i "*open*" -n com.samsung.klmsagent
Failed to attach: failed to execute child process “/data/local/tmp/re.frida.server/frida-helper-64” (Permission denied)

I did check frida-helper-64 in above directory, that was executable but contains some critical error.

c5proltechn:/ # /data/local/tmp/re.frida.server/frida-helper-64

(process:13734): Frida-CRITICAL **: frida_helper_service_construct: assertion 'parent_address != NULL' failed

(process:13734): Frida-CRITICAL **: frida_helper_service_run: assertion 'self != NULL' failed

Most helpful comment

Do you happen to have the frida executable in /data/local/tmp ?
If so, i never managed to get the 64 bits arm version to spawn apps.
only the 32 bit in 'attach' mode worked.
Options to fix (try them one by one in this order):

1

- DISABLE AND REMOVE ALL GEAR VR STUFF APPS AND SERVICES. After that: reboot and make sure they are gone (and/or not running)

2

Go to step 4 and return here
On first frida launch, do not use -D but instead cd into /data/local/tmp and run (assuming file name is fr108064) : 
         nohup fr108064 & 

3

clear /data/local/tmp folder :   rm -rf /data/local/tmp/*

4

rename frida binary to something else, without hypens -, dots .  (for ex : i called it fr108064)

5

(if root):
   - set magisk to core only and dont install those damn modules, set magisk su hide to all google/samsung security/play related processes.
   -in adb or terminal app:
      su
      mount -o rw,remount /system
      move/copy the file into /system/priv-app
      chown root:root /system/priv-app/fr108064
      chmod 733 /system/priv-app/fr108064
      mount -o ro,remount /system
      reboot!
      check step 1 again!

All 4 comments

Do you happen to have the frida executable in /data/local/tmp ?
If so, i never managed to get the 64 bits arm version to spawn apps.
only the 32 bit in 'attach' mode worked.
Options to fix (try them one by one in this order):

1

- DISABLE AND REMOVE ALL GEAR VR STUFF APPS AND SERVICES. After that: reboot and make sure they are gone (and/or not running)

2

Go to step 4 and return here
On first frida launch, do not use -D but instead cd into /data/local/tmp and run (assuming file name is fr108064) : 
         nohup fr108064 & 

3

clear /data/local/tmp folder :   rm -rf /data/local/tmp/*

4

rename frida binary to something else, without hypens -, dots .  (for ex : i called it fr108064)

5

(if root):
   - set magisk to core only and dont install those damn modules, set magisk su hide to all google/samsung security/play related processes.
   -in adb or terminal app:
      su
      mount -o rw,remount /system
      move/copy the file into /system/priv-app
      chown root:root /system/priv-app/fr108064
      chmod 733 /system/priv-app/fr108064
      mount -o ro,remount /system
      reboot!
      check step 1 again!

Same issue on

Samsung Galaxy S9
Android 9.0
Magisk Root

Don't know what any of the 1-4 steps will accomplish...
But step 5 will solve this. It's an selinux issue, and moving the program to /system/priv-app will give it a new context system_file versus shell_data_file.

s8 android 9 same issue, but @ultrafunkamsterdam 's method is solved the problem

See https://github.com/frida/frida/issues/877#issuecomment-549636944 for a less destructive fix.

Was this page helpful?
0 / 5 - 0 ratings