Frida 6.1 Released ∞
release
oleavr
Some time ago @s1341 ported Frida to QNX, and just a few weeks back he was running into memory footprint issues when using Frida on embedded ARM devices. This was right after he contributed pull-requests porting Frida to linux-arm. We started realizing that it might be time for a new JavaScript runtime, and agreed that Duktape seemed like a great fit for our needs.
This runtime has now landed, all tests are passing, and it even beats our V8 runtime on the measured overhead for a call to a hooked function with an empty onEnter/onLeave callback. To give you an idea:
…/interceptor_on_enter_performance: V8 min=2 max=31 avg=2 OK
…/interceptor_on_enter_performance: DUK min=1 max=2 avg=1 OK(Numbers are in microseconds, measured on a 4 GHz i7 running OS X 10.11.2.)
Anyway, even if that comparison isn’t entirely fair, as we do some clever recycling and copy-on-write tricks that we don’t yet do in our V8 runtime, this new runtime is already quite impressive. It also allows us to run on really tiny devices, and the performance difference between a roaring JIT-powered monster like V8 and a pure interpreter might not really matter for most users of Frida.
So starting with this release we are also including this brand new runtime
in all of our prebuilt binaries so you can try it out and tell us how it works
for you. It only adds a few hundred kilobytes of footprint, which is nothing
compared to the 6 MB that V8 adds per architecture slice. Please try it out
by passing --disable-jit to the CLI tools, or calling session.disable_jit()
before the first call to session.create_script().
Considering that this new runtime also solves some issues that would require a
lot of work to fix in our JavaScriptCore runtime, like ignoring calls from
background threads and avoid poisoning the app’s heap, we decided to get rid
of that runtime and switch to this new Duktape-based runtime on OSes where V8
cannot currently run, like on iOS 9. We feature-detect this at runtime, so you
still get to use V8 on iOS 8 like before – unless you explicitly --disable-jit
as just mentioned.
So in closing, here’s a summary of the changes:
6.1.0:
- core: replace the JavaScriptCore runtime with its successor built on Duktape
- core: add disable_jit() to allow users to try out the new Duktape engine
- core: fix crash on Linux when injecting into processes where pthread_create has never been called/bound yet
- core: add support for linux-armhf (e.g. Raspberry Pi)
- python: add disable_jit() to Session
- node: add disableJit() to Session
- CLI tools: add –disable-jit switch
- frida-repl: upgrade to latest prompt-toolkit
- frida-trace: fix crash when attempting to trace partially resolved imports
- frida-trace: stick to ES5 in the generated handlers for Duktape compatibility
6.1.1:
- core: fix synchronization logic and error-handling bugs in the Duktape runtime
6.1.2:
- core: fix Android regression resulting in crash on inject
- core: fix Python 3.x build regression
- clr: add DisableJit() to Session
6.1.3:
- core: give the iOS frida-helper all the entitlements that the Preferences app has, so system session scripts can read and write system configuration
- core: changes to support AppContainer ACL on temporary directory/files within
- node: fix pid check so it allows attaching to the system session
6.1.4:
- core: implement spawn() for console binaries on iOS
- core: improve support for hooking low-level OS APIs
- core: fix mapper issues preventing us from injecting into Mac processes where libraries frida-agent depends are not yet loaded
- core: make InvocationContext available to replaced functions also
6.1.5:
- core: add support for generator functions in scripts generated by frida-load
- frida-repl: fix race condition resulting in hang
- frida-repl: fix spurious error message on exit
Enjoy!