Internal-agent unable to find copied methods in java/lang/Thread on Android 16

[o5x]

Frida-server / gadget is unable to find copied methods in java/lang/Thread on latest Android 16 Release.

Setup details :

• Frida: 17.5.1
• frida-server: frida-server-17.5.1-android-x86_64 (Locally compiled with custom SELinux database fixed format issue described in New sepolicy binary format in Android 16 QPR2 #1199)
• Device: Pixel 6 (Emulator)
• OS version: Android 16 QPR2, API 36.1
• Build Number sdk_gphone64_x86_64-userdebug 16 BP41.250916.009.A1 14246511 dev-keys

The error is not specific to frida-server but also happens on frida-gadget as it is due to the common android.js script.

emu64xa:/data/local/tmp # ./frida-server                                                                                                                                                                                                                     
{"type":"error","description":"Error: Unable to find copied methods in java/lang/Thread; please file a bug","stack":"Error: Unable to find copied methods in java/lang/Thread; please file a bug\n    at /internal-agent.js:1:47232\n    at Ie.perform (/internal-agent.js:1:25891)\n    at Gn (/internal-agent.js:1:45951)\n    at Md (/internal-agent.js:1827:1640)\n    at Uo (/internal-agent.js:1827:1258)\n    at Function.build (/internal-agent.js:1827:85)\n    at t._make (/internal-agent.js:1828:18234)\n    at t.use (/internal-agent.js:1828:17033)\n    at /internal-agent.js:1837:6963\n    at Ie.perform (/internal-agent.js:1:25891)","fileName":"/internal-agent.js","lineNumber":1,"columnNumber":47232}

Formatted output:

Error: Unable to find copied methods in java/lang/Thread; please file a bug
    at /internal-agent.js:1:47232
    at Ie.perform (/internal-agent.js:1:25891)
    at Gn (/internal-agent.js:1:45951)
    at Md (/internal-agent.js:1827:1640)
    at Uo (/internal-agent.js:1827:1258)
    at Function.build (/internal-agent.js:1827:85)
    at t._make (/internal-agent.js:1828:18234)
    at t.use (/internal-agent.js:1828:17033)
    at /internal-agent.js:1837:6963
    at Ie.perform (/internal-agent.js:1:25891)

The code responsible for the error:

let offsetCopiedMethods = -1;
const methodsArray = readArtArray(object, offsetMethods, mInfo.artArrayLengthSize);
const methodsArraySize = methodsArray.length;
for (let offset = offsetMethods; offset !== MAX_OFFSET; offset += 4) {
  if (object.add(offset).readU16() === methodsArraySize) {
    offsetCopiedMethods = offset;
    break;
  }
}
if (offsetCopiedMethods === -1) {
  throw new Error('Unable to find copied methods in java/lang/Thread; please file a bug');
}

[nubuntu]

android 15 too, 17.7.3

[oleavr]

Make sure your frida-tools is up-to-date. This code is no longer bundled with Frida itself, so upgrading it won't help.

[nubuntu]

Make sure your frida-tools is up-to-date. This code is no longer bundled with Frida itself, so upgrading it won't help.

lol, I’m so dumb… how did I forget that 🤦‍♂️, big thanks, you’re a lifesaver 😭