Frida: unable to connect to remote frida-server

Created on 2 Aug 2018  路  15Comments  路  Source: frida/frida

macOS:10.13.5
python3.7
frida: 12.0.8
frida-tools: 1.1.0
ios: iPhone7plus 11.3.1
frida-server: 12.0.8

iPhone7p:~ root# lsof -i :27042
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
frida-ser 419 root 5u IPv4 0xf4c60ab784ee7fd7 0t0 TCP localhost:27042 (LISTEN)

iPhone7p:~ root# ps -e | grep frida
419 ?? 0:00.01 /usr/sbin/frida-server
2257 ttys000 0:00.00 grep frida
iPhone7p:~ root#

macOS:
oooo:~ oooo$ iproxy 27042 27042
waiting for connection
accepted connection, fd = 4
waiting for connection
Number of available devices == 0
No connected device found, terminating.

oooo:~ oooo$ frida-ps -H 192.168.1.4
Failed to enumerate processes: unable to connect to remote frida-server
oooo:~ oooo$ frida-ps -R
Failed to enumerate processes: unable to connect to remote frida-server: Error receiving data: Connection reset by peer
oooo:~ oooo$

Most helpful comment

server side:

/usr/bin/frida-server -l 192.168.1.4

client side:

frida-ps -H 192.168.1.4

Just tried with latest frida 12.1.0 and everything works fine.

All 15 comments

you can do this:

adb forward tcp:27042 tcp:27042
adb forward tcp:27043 tcp:27043

@cvt126 ios

@ooszero Make sure that your iPhone is paired/trusted to the macos.

server side:

/usr/bin/frida-server -l 192.168.1.4

client side:

frida-ps -H 192.168.1.4

Just tried with latest frida 12.1.0 and everything works fine.

@in7egral

My frida-server is installed on /usr/sbin by default, and it starts automatically.
Then I killed the process and he restarted it. Then I moved him to /usr/bin/.
Then I'll /usr/bin/frida-server -l 192.168.1.4 again.

iPhone7p:~ root# /usr/bin/frida-server -l 192.168.1.4
2018-08-28 22:01:08.706 frida-server[2628:94693] Frida: Unable to check in with launchd: are we running standalone?

frida-ps -H 192.168.1.4
Connection success

You can check launchd plist that starts frida and change command line /usr/bin/frida-server with specifying IP. If you don't care about security (but change password from alpine to something strong!) you can just leave /usr/bin/frida-server -l 0.0.0.0.

Step by step guide.

  1. Locate file re.frida.server.plist (it's not bplist, just simple xml)

  2. Edit it:

From:

<key>Program</key>
    <string>/usr/sbin/frida-server</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/sbin/frida-server</string>
    </array>

To:

<key>Program</key>
    <string>/usr/sbin/frida-server</string>
    <key>ProgramArguments</key>
    <array>
        <string>/usr/sbin/frida-server -l 192.168.1.4</string>
    </array>
  1. Reboot device and activate your jb

@in7egral

<key>Program</key>
<string>/usr/sbin/frida-server</string>
<key>ProgramArguments</key>
<array>
    <string>/usr/sbin/frida-server -l 0.0.0.0</string>
</array>

or

<key>Program</key>
<string>/usr/sbin/frida-server</string>
<key>ProgramArguments</key>
<array>
    <string>/usr/sbin/frida-server -l 192.168.1.4</string>
</array>

Reboot device and activate jb
ssh [email protected]
ps -e | grep frida-server

408 ??         0:00.08 /usr/sbin/frida-server -l 192.168.1.4

connection failed

It is necessary to manually call /usr/sbin/frida-server -l 0.0.0.0 once.

connection success

Have no idea why this happens (it maybe be due to services startup sequence). But at least you can run it manually and this works.

P.S. It doesn't matter where frida-server is located - /usr/sbin or /usr/bin. But avoid to use '/var/' or '/tmp/' and all sub catalogs (due to sandbox policies).

@in7egral


COMMAND   PID USER   FD   TYPE             DEVICE SIZE/OFF NODE NAME
frida-ser 901 root    5u  IPv4 0x792515c1a9a3a581      0t0  TCP localhost:27042 (LISTEN)
frida-ser 909 root    6u  IPv4 0x792515c1aa799c31      0t0  TCP 192.168.1.4:27042 (LISTEN)

PID:901 launchd
PID:909 run it manually

I also had this issue and used the workaround by adding -l 0.0.0.0 when starting frida-server. Does someone know why it does not work without this parameter? A fix would be nice.

@in7egral @baptx @ooszero
I think we can solve this issue via the next way.

  1. use launchctl unload -w /Library/LaunchDaemons/re.frida.server.plist command to stop the process.

  2. Then modity file "/Library/LaunchDaemons/re.frida.server.plist" from
    <key>Program</key>
    <string>/usr/sbin/frida-server</string>
    <key>ProgramArguments</key>
    <array>
    <string>/usr/sbin/frida-server</string>
    </array>

to

<key>Program</key>
<string>/usr/sbin/frida-server</string>
<key>ProgramArguments</key>
<array>
<string>/usr/sbin/frida-server</string>
<string>-l</string>
<string>0.0.0.0</string>
</array>.

3.use launchctl load -w /Library/LaunchDaemons/re.frida.server.plist command to start the process.

hello world

Are you using any proxy in Android?
I had the same issue because i was using iptables on Android to redirect all traffict to burp suite. To exclude Frida traffic (ports 27042 and 27043) you must add the following rules to iptables (in the same order):
iptables -t nat -A OUTPUT -p tcp --dport 27042 -j REDIRECT --to-ports 27042
iptables -t nat -A OUTPUT -p tcp --dport 27043 -j REDIRECT --to-ports 27043
iptables -t nat -A OUTPUT -p tcp -j DNAT --to-destination IP_BURP:PORT_BURP

@xiaomiwang
Did you actually do it? I'm curious about the result. : )

can't locate frida-server on my Catalina. It's not part of frida-tools.

Was this page helpful?
0 / 5 - 0 ratings