It seems this crash is not produced by the RASP inside R2pay: <div class="highligh

for me <div class="highlight highlight-source-shell notranslate position-relative

R2Pay crashes on arm64 with "Bad access due to invalid address" about interruptor HOT 4 OPEN

enovella commented on June 30, 2024

R2Pay crashes on arm64 with "Bad access due to invalid address"

from interruptor.

Comments (4)

FrenchYeti commented on June 30, 2024

Yes, i tested and i had same issue. I didn't start to search the cause, but r2pay results are better when tracing starts when libnative is loading or when app started

It will trace all (but not follow fork/clone/ ... yet) when app is loaded :

Java.perform(()=> {

    Interruptor
        .newAgentTracer({
            exclude: {
                syscalls: ["clock_gettime"]
            }
        })
        .start();

});

It is also possible to do that:

 Interruptor
        .newAgentTracer({
            exclude: {
                syscalls: ["clock_gettime"]
            }
        })
        .startOnLoad(/libnative-lib/g);

from interruptor.

apkunpacker commented on June 30, 2024

for me

$ frida -H 127.0.0.1:1234 -f re.pwnme --codeshare FrenchYeti/android-arm64-strace --no-pause
     ____
    / _  |   Frida 15.1.14 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit                                                         . . . .
   . . . .   More info at https://frida.re/docs/home/
Spawned `re.pwnme`. Resuming main thread!
[Remote::re.pwnme]-> [STARTING TRACE] UID=0 Thread 31147
[/apex/com.android.runtime/lib64/bionic/libc.so +0xa74]   SVC :: 0x42   writev (  fd = 2  undefined   , const struct iovec *vec = 0x7fde3bc1b8 , unsigned long vlen = 0x2  )    > 0x2e
[/apex/com.android.runtime/lib64/bionic/libc.so +0x614]   SVC :: 0xc6   socket (  int = 0x1 , int = 0x80802 , int = 0x0  )    > 0x3e
[/apex/com.android.runtime/lib64/bionic/libc.so +0x2f4]   SVC :: 0xcb   connect (  int = 0x3e , struct sockaddr * = 0x7fde3bc0c0 , int = 0x6e  )    > 0x0
[/apex/com.android.runtime/lib64/bionic/libc.so +0xa74]   SVC :: 0x42   writev (  fd = 62  undefined   , const struct iovec *vec = 0x7fde3bc0c0 , unsigned long vlen = 0x6  )    > 0x3f
[/apex/com.android.runtime/lib64/bionic/libc.so +0x3bc]   SVC :: 0x39   close (  fd = 62  undefined    )    > 0x0
[/apex/com.android.runtime/lib64/bionic/libc.so +0xf94]   SVC :: 0xde   mmap (  start_addr = 0x0 , size = 0x46 , prot = PROT_READ | PROT_WRITE , flags = MAP_PRIVATE | MAP_ANONYMOUS , fd = -1 IGNORED   offset = 0x0  )    > 0x7916e39000
[/apex/com.android.runtime/lib64/bionic/libc.so +0xd4]   SVC :: 0xa7   prctl (  opt = PR_SET_VMA , unsigned long arg2 = 0x0 , unsigned long arg3 = 0x7916e39000 , unsigned long arg4 = 0x46 , unsigned long arg5 = 0x79168638da  )    > 0x0
[/apex/com.android.runtime/lib64/bionic/libc.so +0x554]   SVC :: 0x87   rt_sigprocmask (  int how = 0x2 , sigset_t *set = 0x7fde3bc5a0 , sigset_t *oset = 0x0 , size_t sigsetsize = 0x8  )    > 0x0
[/apex/com.android.runtime/lib64/bionic/libc.so +0x3bc]   SVC :: 0xac   getpid (  )    > 0x79ab
[/apex/com.android.runtime/lib64/bionic/libc.so +0x3bc]   SVC :: 0xb2   gettid (  )    > 0x79ab
[/apex/com.android.runtime/lib64/bionic/libc.so +0xcd4]   SVC :: 0xae   getuid (  )    > 0x28d2
Process terminated

from interruptor.

FrenchYeti commented on June 30, 2024

Ok, in my case i don't use "--no-pause"

from interruptor.

apkunpacker commented on June 30, 2024

Ok, in my case i don't use "--no-pause"

may be because i removed those rootbear checks from apk manually

from interruptor.

R2Pay crashes on arm64 with "Bad access due to invalid address" about interruptor HOT 4 OPEN

Comments (4)

Related Issues (12)

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent