4

I'am trying to trace down with Frida v16.0.11 (frida-trace) all calls to exported functions from "libssl.so" (Android, 32bit). But turns out that Frida is unable to hook some functions. One part of these functions Frida just skips because can't set a hook (asks user to send a bug report). The other part of these functions just crashes Frida everytime. All of them look pretty much the same, e.g:

.text:0001D862                 LDR             R2, [R0,#0x6C]
.text:0001D864                 ORRS            R1, R2
.text:0001D866                 STR             R1, [R0,#0x6C]
.text:0001D868                 MOV             R0, R1
.text:0001D86A                 BX              LR

This is SSL_set_mode function, which is in BoringSSL sources looks like:

uint32_t SSL_set_mode(SSL *ssl, uint32_t mode) {
  ssl->mode |= mode;
  return ssl->mode;
}

"Normal" functions with default prologue etc (e.g SSL_read) hook fine.

  1. Am I missing something in Frida docs or there are some limitations in Frida (if so then where I can read about them)?
  2. If I missing something then what is a proper way (if any) to hook such functions?

Thanks.

Cyb
  • 41
  • 2
  • I would try more recent and older frida versions for to 15.x if they behave differently. Make sure to use the same server and client version. It some times happens that functions of frida are bugged in certain frida versions. – Robert Apr 23 '23 at 16:27
  • @Robert, I checked against several versions 15.x and 16.x but result is the same. – Cyb Apr 24 '23 at 11:01

0 Answers0