Can't find Mono runtime when running in emulator #2
Comments
|
Hi, @tweidinger, did you make sure that the app is already running on the phone when you launch the frida script? If that doesn't work, then I'd list the mapped modules and see if mono is indeed present... Maybe the image name is different. |
|
Hey @alxbl thanks for the quick answer. I will check the mapped modules and look for similar named modules. |
|
I did check and could not find a running mono module. Is there a step I am missing? |
|
Hmm, there are indeed no mono libraries at all in there. If you retargeted the solution for Pixel 3, is it possible that AOT compilation is now a default? Or maybe the behavior inside an emulator is different? Isn't the android emulator build compiling the code to x86 instead of ARM? (for performance reasons) |
|
Regarding the AOT I am not sure if this is affecting here, but I used the precompiled apk from this repo. I will build it from source and see if there is a difference. Checked the script with multiple xamarin apks and there was no runtime present. |
|
Yeah, I totally understand. We didn't test emulated devices, so this would be something new to investigate and implement. There's little hope of the pinning script working though if the Mono runtime isn't being used at all :( If you end up finding something, do let me know. If there is anything I can do to help, let me know as well. |
|
El problema es la compilación de su aplicativo revisa que tenga soporte para x86 en xamarin, de esa forma podrás usarlo en un emulador |
alxbl
changed the title
|
Here's a google translate of the previous comment for the record. It looks like important information regarding this issue.
|
|
Can't find Mono runtime! |
|
Can't find Mono runtime! with Genymotion |
|
@gunnrcrakr, @achmstein: as previously stated by @alxbl, if you run in an emulator the code is AOT compiled instead of JIT'ed using the mono runtime. This solution doesn't work on AOT compiled code. Bumping the issue will not help. Only someone willing to develop a solution would help. |
|
To add to what @obilodeau said, it's not actually clear so far whether this is due to AOT, or due to the x86 cross-compilation that most emulators use to improve performance. Both are technically possible, but I am indeed inclined to believe AOT is the cause. Since Xamarin appears to be phasing out the .NET HTTP Client in favour of the platform's built-in client, Universal pinning bypasses for the Java HttpClient might work on newer Mono applications. The only case remaining is AOT which uses the .NET HTTPClient, which will require to find the native method through RE and patching that using a custom Frida script. |
|
Can you tell me what exactly platform can use this script? And what is AOT? |
|
it is necessary to compile for x86 to work on emulators. |
Compile what ? |
|
the application developed in xamarin must be compiled in x86 the dlls |
|
AOT is Ahead-of-Time compilation, where the .NET code is fully (or partially) compiled to native code before the application is packaged. Once this happens there is no trace of .NET or Mono assemblies left in the package, which means the functions cannot be hooked unless their native counterparts can be found. We haven't implemented that as it was an area of future work. What works right now should be any application that loads the Mono runtime at launch (meaning that the .NET bytecode still exists and hasn't been precompiled into native code) What was initially reported in this issue is that the emulators seem to AOT compile, or otherwise compile in a way that makes the mono runtime unavailable. If possible, I'd recommend trying on a rooted android phone with a release build of the application you want to test. |
|
Excuse me if I do not understand my English is not good, it is required to build the app for x86 architecture, I leave the link |
|
This should work without any issues: Wait for the application to be loaded completely before running the frida script. That should resolve the issue: frida -U -f com.example.applicationAfter the application spawns with frida attached, pass the following to load the SSL unpinning file: [Android Emulator 5554::com.example.application ]-> %load xamarin-unpin.jsAlternatively, modify the .js file to add a timeout of 1-2 seconds before loading it. I've tested the script in Android Studio Emulator as well, works fine with the way described above. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi, I just wanted to replicate/try your repo.
I did run all described steps.
I was expecting the same output as in the example but got:
I am not sure how to fix this or where to investigate the cause.
More context:
Host system: Arch 5.4.x
Guest system: Emulated Pixel 3a (API 24) Frida 12.8.20
frida-ps is working and the server shows no error when pushed.
The text was updated successfully, but these errors were encountered: