frida-ps: Failed to enumerate applications: cannot read property 'getInstalledApplications' of null

[pellaeon]

When I execute:

frida-ps -D XXXXXX -a

It will always return:

Failed to enumerate applications: cannot read property 'getInstalledApplications' of null

When using the python binding, it is the same. Source code:

def start_hook():                                                                                                                                                                                                 
    device = frida.get_usb_device(timeout=5)                                                                                                                                                                      
    pprint.pprint(device.enumerate_applications())               

Returns message:

$ python main.py
Traceback (most recent call last):
  File "main.py", line 39, in <module>
    start_hook()
  File "main.py", line 17, in start_hook
    pprint.pprint(device.enumerate_applications())
  File "/home/user/projects/aaa/venv/lib/python3.6/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/home/user/projects/aaa/venv/lib/python3.6/site-packages/frida/core.py", line 97, in enumerate_applications
    return self._impl.enumerate_applications()
frida.NotSupportedError: cannot read property 'getInstalledApplications' of null

When running, I made sure there is only one USB device:

$ frida-ls-devices 
Id                Type    Name        
----------------  ------  ------------
local             local   Local System
XXXXXXXX  usb     YYYYYY    
tcp               remote  Local TCP   

It seems that the problem exists within this file https://github.com/frida/frida-core/blob/master/src/linux/agent/system-server.js . So I tried to load it manually with:

frida -D XXXXX -l system-server.js system_server

Note that in system-server.js I had to replace enumerateApplications with enumerateapplications.

And then call it with test.py:

import codecs
import frida

def on_message(message, data):
    if message['type'] == 'send':
        print(message['payload'])
    elif message['type'] == 'error':
        print(message['stack'])

device = frida.get_usb_device(timeout=5)
session = device.attach('system_server')
print(device)
print(session)
with codecs.open('./system-server.js', 'r', 'utf-8') as f:
    source = f.read()
script = session.create_script(source)
script.on('message', on_message)
script.load()
print(script.exports.enumerateapplications())
session.detach()

With this I was able to obtain the installed application list.

I was not able to debug it further because I don't know how to modify system-server.js and build a new frida that embeds the modified system-server.js. If I'm able to modify it then I will be able to debug this problem further by printing values in system-server.js then check, etc.

A little more background to this is that, I was originally trying to spawn application using device.spawn(app_package_name) in the python binding, but because of this problem, I can only attach but not spawn the app.

I would be grateful if you can fix this problem (if you already know how), or just give me some direction on how to further trace the issue. Many thanks!

[pellaeon]

System information:

$ pip list
Package        Version   
-------------- ----------
certifi        2019.11.28
chardet        3.0.4     
click          7.1.1     
colorama       0.4.3     
Flask          1.1.1     
frida          12.8.16   
frida-tools    7.2.0     
idna           2.9       
itsdangerous   1.1.0     
Jinja2         2.11.1    
MarkupSafe     1.1.1     
pip            20.0.2    
pprint         0.1       
prompt-toolkit 3.0.4     
Pygments       2.6.1     
requests       2.23.0    
setuptools     46.1.1    
urllib3        1.25.8    
wcwidth        0.1.9     
Werkzeug       1.0.0     
wheel          0.34.2    

Python 3.6.9 on Ubuntu 18.04.4 LTS

$ uname -a
Linux AAA 5.3.0-42-generic #34~18.04.1-Ubuntu SMP Fri Feb 28 13:42:26 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

[pellaeon]

I am using https://github.com/ViRb3/magisk-frida . I just found that:
If I run this on the phone:

$ adb shell
AAA:/ $ su
AAA:/ # killall frida-server
AAA:/ # /system/xbin/frida-server -D

I can get installed applications list normally, and spawn applications normally.

[oleavr]

Are you sure that your module is up-to-date? Just fixed a bug that resulted in things failing if frida-server was started from a boot script where LD_LIBRARY_PATH was set to contain 64-bit libraries. (Which is the case on Android 10.)

[pellaeon]

I tried removing the magisk frida module and install it back to get the latest version, it still shows the same behavior as my original report. Magisk frida version: 12.8.17-1

[im1ex]

I have same issues with latest magisk module and command frida-ps -U -a

Workaround with minor changes:

su
ps -A | grep frida
kill -9 <frida-server PID>
/bin/frida-server -D

[haohaolee]

Same issue here on Android Pie with my Oneplus 3
Installed with the latest Magisk Frida

frida-server --version
12.8.20

[4val0v]

I have same issues with the latest magisk module (14.2.3-1)
Android 8.1

Found what caused this problem:

• The problem appears after enabling pin/fingerprint locking and rebooting
  [i] The phone also starts up strangely, after requesting the pin code, the bootloader appears again

[4val0v]

@oleavr Most likely the problem is due to the use of Secure Start-up

[enovella]

Detected the same issue on Android 12 Beta 5 with a Magisk module which has a Magisk-Frida idea as well. Trying to delay a bit the Frida launching a bit. I'll share more news when get it.

[enovella]

It seemed to be an issue with Magisk-Frida. Although there was a potential fix for it, I provided a safer workaround: ViRb3/magisk-frida#18