Frida 12.10 Released ∞release
This time we have some exciting news for Java developers and reversers: frida-java-bridge now supports the HotSpot JVM. This means our Java runtime bridge is no longer exclusively an Android feature. Huge thanks to Razvan Sima for this amazing addition.
The timing couldn’t have been any better either, as we recently also added Java.enumerateMethods(query), a brand new API for efficiently locating methods matching a given query. We made sure to also implement this for the HotSpot JVM.
The query is specified as
"class!method", with globs permitted. It may also be
/ and one or more modifiers:
i: Case-insensitive matching.
s: Include method signatures, so e.g.
"putInt(java.lang.String, int): void". Handy to match on argument and return types, such as
"*!*: boolean/s"to match all methods that return a boolean.
u: User-defined classes only, ignoring system classes.
Which might output something like:
We’ve also enhanced frida-trace to support Java method tracing:
This was just released as part of frida-tools 8.0 – which you may grab
pip3 install -U frida-tools
We’ve also been working hard on quality improvements across the board. One good example is Stalker for 32-bit ARM, which now works a lot better on Android. It is also a lot faster, in part because of a bug resulting in Thumb blocks being recompiled over and over. We have also implemented one of the adaptive optimizations that the other Stalker backends make use of, and this alone typically amounts to a ~5x performance improvement.
So that should cover the highlights – but if you’re curious about the details I’d highly recommend reading the changelog below.
Changes in 12.10.0
- Java: Add support for HotSpot JVM. Uses JVMTI to enumerate classes and choose objects. Method interception works if the JVM library has symbols (default with JDK on macOS). Tested on macOS with java 8, 11, 13, 14. Thanks @0xraaz!
- Java: Fix non-return from _getUsedClass(), where calling Java.use() twice without using Java.perform() would result in _getUsedClass() getting stuck in an infinite sleep loop. Thanks @0xraaz!
- Java: Fix $alloc(), which got broken by the refactoring a while back.
- ObjC: Add Block.declare() to be able to work with blocks without signature metadata.
- ObjC: Fix ObjC pointer handling regression introduced in 12.9.8.
Changes in 12.10.1
- Java: Allow ClassFactory.get(null), for convenience when using enumerateMethods().
- Java: Restore the JVM method adjustment logic, which got accidentally dropped from the pull-request. Thanks @0xraaz!
Changes in 12.10.2
- Fix handling of long symbol names on i/macOS. Thanks @mrmacete!
- Java: Fix JVM interception issues for static/final methods. Thanks @0xraaz!
- Fix Stalker ARM handling of Thumb-2 “mov pc, <reg>”.
- Fix Stalker ARM handling of volatile VFP registers.
Changes in 12.10.3
- Fix device removal wiring in the Fruity backend. Thanks @mrmacete!
- Avoid clobbering R9 in ArmWriter.put_branch_address().
- Add ThumbWriter.can_branch_directly_between().
- Add ThumbWriter.put_branch_address().
- Improve ThumbRelocator to handle ADR.
- Fix Stalker ARM block corruption.
- Fix Stalker ARM block recycling logic for Thumb blocks.
- Add missing Stalker ARM continuation logic, to support long basic blocks.
- Implement Stalker ARM backpatching logic to improve performance, typically 5x.
Changes in 12.10.4
- Fix encoding of Module.name in the V8 runtime. Thanks @mrmacete!