Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Barebone] Unable to attach to Cortex-R82AE (AVH) #506

Open
Manouchehri opened this issue Mar 14, 2024 · 0 comments
Open

[Barebone] Unable to attach to Cortex-R82AE (AVH) #506

Manouchehri opened this issue Mar 14, 2024 · 0 comments

Comments

@Manouchehri
Copy link
Contributor

When using Arm Virtual Hardware (AVH) with a Cortex-R82AE device, Frida isn't able to attach.

dave@mbp ~ % FRIDA_BAREBONE_ADDRESS="localhost:4000" frida -D barebone -p 0
     ____
    / _  |   Frida 16.1.1 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to GDB Remote Stub (id=barebone)
Failed to attach: invalid register name: TCR_EL1

dave@mbp ~ % FRIDA_BAREBONE_ADDRESS="localhost:4000" frida -D barebone -p 0
     ____
    / _  |   Frida 16.2.1 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to GDB Remote Stub (id=barebone)
Failed to attach: invalid TG1 value

lldb works fine.

dave@mbp ~ % lldb --one-line "gdb-remote localhost:4000"
(lldb) gdb-remote localhost:4000
Process 1 stopped
* thread #1, stop reason = signal SIGINT
    frame #0: 0x000000000021508c
->  0x21508c: adrp   x23, 205
    0x215090: add    x2, x23, #0x548
    0x215094: ldr    w19, [x0, x1]
    0x215098: str    x2, [sp, #0x88]
Target 0: (No executable module.) stopped.
(lldb) register read
general:
        x0 = 0x00000000002e1330
        x1 = 0x0000000000000000
        x2 = 0x000000000000001f
        x3 = 0x0000000000000000
        x4 = 0x0000000000000000
        x5 = 0x000000000028a000
        x6 = 0x0000000000318bc8
        x7 = 0x0000000000000012
        x8 = 0x0000000000000014
        x9 = 0x0000000000000012
       x10 = 0x000000000146c310
       x11 = 0x0000000000000032
       x12 = 0x0000000000310f40
       x13 = 0x000000000030cf40
       x14 = 0x0000000068fbcea8
       x15 = 0x00000000002e1308
       x16 = 0xffffffffffffffff
       x17 = 0xffffffffffffffff
       x18 = 0xffffffffffffffff
       x19 = 0x0000000000000000
       x20 = 0x0000000000318bc8
       x21 = 0x00000000002e0140
       x22 = 0x00000000002e5380
       x23 = 0x0000000000318778
       x24 = 0x0000000000000000
       x25 = 0x0000000000318bc8
       x26 = 0x00000000002e1330
       x27 = 0x00000000002e5380
       x28 = 0x0000000000000000
       x29 = 0x000000007fb3ab30
       x30 = 0x0000000000252fb4
        sp = 0x0000000000000000
        pc = 0x000000000021508c
      cpsr = 0x80000049
      fpsr = 0x00000000
      fpcr = 0x00000000
32 registers were unavailable.
(lldb) bt
* thread #1, stop reason = signal SIGINT
  * frame #0: 0x000000000021508c
    frame #1: 0x000000007ff80214
    frame #2: 0x000000007ff815d8
    frame #3: 0x000000007ff80fac
    frame #4: 0x000000007ff95ce8
    frame #5: 0x000000007ff8fa34
    frame #6: 0x000000007ff8fcf8
    frame #7: 0x000000007ff8f314
    frame #8: 0x000000007ff8f808
    frame #9: 0x000000007ff8fcf8
    frame #10: 0x000000007ff8f2d4
    frame #11: 0x000000007ff94fec
    frame #12: 0x000000007ff95ce8
    frame #13: 0x000000007ff8fa34
    frame #14: 0x000000007ff8fcf8
    frame #15: 0x000000007ff8f314
    frame #16: 0x000000007ff8f808
    frame #17: 0x000000007ff8fcf8
    frame #18: 0x000000007ff8f2d4
    frame #19: 0x000000007ff9507c
    frame #20: 0x000000007ff95ce8
    frame #21: 0x000000007ff8fa34
    frame #22: 0x000000007ff8f6f4
    frame #23: 0x000000007ff8f6f4
    frame #24: 0x000000007ff8fcf8
    frame #25: 0x000000007ff8f2d4
    frame #26: 0x000000007ff9507c
    frame #27: 0x000000007ff95ce8
    frame #28: 0x000000007ff8fa34
    frame #29: 0x000000007ff8f6f4
    frame #30: 0x000000007ff8fcf8
    frame #31: 0x000000007ff8f2d4
    frame #32: 0x000000007ff9507c
    frame #33: 0x000000007ff95ce8
    frame #34: 0x000000007ff8fa34
    frame #35: 0x000000007ff8f6f4
    frame #36: 0x000000007ff8f6f4
    frame #37: 0x000000007ff8fcf8
    frame #38: 0x000000007ff8f2d4
    frame #39: 0x000000007ff9507c
    frame #40: 0x000000007ff95ce8
    frame #41: 0x000000007ff8fa34
    frame #42: 0x000000007ff8f6f4
    frame #43: 0x000000007ff8fcf8
    frame #44: 0x000000007ff8f2d4
    frame #45: 0x000000007ff9507c
    frame #46: 0x000000007ff95ce8
    frame #47: 0x000000007ff8fa34
    frame #48: 0x000000007ff8fcf8
    frame #49: 0x000000007ff8f2d4
    frame #50: 0x000000007ff9507c
    frame #51: 0x000000007ff95ce8
    frame #52: 0x000000007ff8fa34
    frame #53: 0x000000007ff8fcf8
    frame #54: 0x000000007ff8f314
    frame #55: 0x000000007ff8f808
    frame #56: 0x000000007ff8f6f4
    frame #57: 0x000000007ff8fcf8
    frame #58: 0x000000007ff8f2d4
    frame #59: 0x000000007ff9507c
    frame #60: 0x000000007ff95ce8
    frame #61: 0x000000007ff8fa34
    frame #62: 0x000000007ff8fcf8
    frame #63: 0x000000007ff8f2d4
    frame #64: 0x000000007ff8e160
    frame #65: 0x000000007ff90890
    frame #66: 0x000000007ff90b48
    frame #67: 0x000000007ff7fe54
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Manouchehri