Reuse persistent ADB tunnel logic in Frida Android integration

Author: pimterry

src/interceptors/android/adb-commands.ts

@@ -522,4 +522,72 @@ export async function startActivity(
             });
         }
     }
+}
+
+const adbTunnelIds: { [id: string]: NodeJS.Timeout } = {};
+
+export function closeReverseTunnel(
+    adbClient: Adb.DeviceClient,
+    localPort: number | string,
+    remotePort: number | string,
+) {
+    const id = `${adbClient.serial}:${localPort}->${remotePort}`;
+    const tunnelInterval = adbTunnelIds[id];
+    if (!tunnelInterval) return;
+
+    // This ensures the interval maintaining the tunnel stops:
+    clearInterval(tunnelInterval);
+    delete adbTunnelIds[id];
+}
+
+export async function createPersistentReverseTunnel(
+    adbClient: Adb.DeviceClient,
+    localPort: number,
+    remotePort: number,
+    options: {
+        maxFailures: number,
+        delay: number
+    } = { maxFailures: 5, delay: 2000 } // 10 seconds total
+) {
+    const id = `${adbClient.serial}:${localPort}->${remotePort}`;
+
+    await adbClient.reverse('tcp:' + localPort, 'tcp:' + remotePort);
+
+    // This tunnel can break in quite a few days, notably when connecting/disconnecting
+    // from the VPN app with a wifi connection, or when ADB is restarted, when using flaky
+    // cables, or switching ADB into root mode, etc etc. This is a problem!
+
+    // To handle this, we constantly reinforce the tunnel while HTTP Toolkit is running &
+    // the device is connected, until it actually persistently fails.
+
+    // If tunnel is already being maintained elsewhere, no need to repeat (although we
+    // do re-create it above, just in case there's any flakiness at this exact moment)
+    if (adbTunnelIds[id]) return;
+
+    let tunnelConnectFailures = 0;
+
+    const tunnelCheckInterval = adbTunnelIds[id] = setInterval(async () => {
+        if (adbTunnelIds[id] !== tunnelCheckInterval) {
+            clearInterval(tunnelCheckInterval);
+            return;
+        }
+
+        try {
+            // Repeated calls to do this do nothing if the tunnel is already in place
+            await adbClient.reverse('tcp:' + remotePort, 'tcp:' + localPort);
+            tunnelConnectFailures = 0;
+        } catch (e) {
+            tunnelConnectFailures += 1;
+            console.log(`${id} ADB tunnel failed`, isErrorLike(e) ? e.message : e);
+
+            if (tunnelConnectFailures >= options.maxFailures) {
+                // After 10 seconds disconnected, give up
+                console.warn(`${id} tunnel disconnected`);
+
+                delete adbTunnelIds[id];
+                clearInterval(tunnelCheckInterval);
+            }
+        }
+    }, options.delay);
+    tunnelCheckInterval.unref(); // Don't let this block shutdown
 }

src/interceptors/android/android-adb-interceptor.ts

@@ -19,7 +19,9 @@ import {
     hasCertInstalled,
     bringToFront,
     setChromeFlags,
-    startActivity
+    startActivity,
+    createPersistentReverseTunnel,
+    closeReverseTunnel
 } from './adb-commands';
 import { streamLatestApk, clearAllApks } from './fetch-apk';
 import { parseCert, getCertificateFingerprint, getCertificateSubjectHash } from '../../certificates';
@@ -108,7 +110,8 @@ export class AndroidAdbInterceptor implements Interceptor {
         };
         const intentData = urlSafeBase64(JSON.stringify(setupParams));
 
-        await deviceClient.reverse('tcp:' + proxyPort, 'tcp:' + proxyPort).catch(() => {});
+        await createPersistentReverseTunnel(deviceClient, proxyPort, proxyPort)
+            .catch(() => {}); // If we can't tunnel that's OK - we'll use wifi/etc instead
 
         // Use ADB to launch the app with the proxy details
         await startActivity(deviceClient, {
@@ -118,41 +121,8 @@ export class AndroidAdbInterceptor implements Interceptor {
         });
 
         this.deviceProxyMapping[proxyPort] = this.deviceProxyMapping[proxyPort] || [];
-
         if (!this.deviceProxyMapping[proxyPort].includes(options.deviceId)) {
             this.deviceProxyMapping[proxyPort].push(options.deviceId);
-
-            let tunnelConnectFailures = 0;
-
-            // The reverse tunnel can break when connecting/disconnecting from the VPN. This is a problem! It can
-            // also break in other cases, e.g. when ADB is restarted for some reason. To handle this, we constantly
-            // reinforce the tunnel while HTTP Toolkit is running & the device is connected.
-            const tunnelCheckInterval = setInterval(async () => {
-                if (this.deviceProxyMapping[proxyPort].includes(options.deviceId)) {
-                    try {
-                        await deviceClient.reverse('tcp:' + proxyPort, 'tcp:' + proxyPort)
-                        tunnelConnectFailures = 0;
-                    } catch (e) {
-                        tunnelConnectFailures += 1;
-                        console.log(`${options.deviceId} ADB tunnel failed`,
-                            isErrorLike(e) ? e.message : e
-                        );
-
-                        if (tunnelConnectFailures >= 5) {
-                            // After 10 seconds disconnected, give up
-                            console.log(`${options.deviceId} disconnected, dropping the ADB tunnel`);
-                            this.deviceProxyMapping[proxyPort] = this.deviceProxyMapping[proxyPort]
-                                .filter(id => id !== options.deviceId);
-                            clearInterval(tunnelCheckInterval);
-                        }
-                    }
-                } else {
-                    // Deactivation at shutdown will clear the proxy data, and so clear this interval
-                    // will automatically shut down.
-                    clearInterval(tunnelCheckInterval);
-                }
-            }, 2000);
-            tunnelCheckInterval.unref(); // Don't let this block shutdown
         }
     }
 
@@ -174,6 +144,8 @@ export class AndroidAdbInterceptor implements Interceptor {
                     wait: true,
                     action: 'tech.httptoolkit.android.DEACTIVATE'
                 });
+
+                closeReverseTunnel(deviceClient, port, port);
             })
         );
     }

src/interceptors/frida/frida-android-integration.ts

@@ -1,7 +1,7 @@
 import { Client as AdbClient, DeviceClient } from '@devicefarmer/adbkit';
 import * as FridaJs from 'frida-js';
 
-import { getConnectedDevices, getRootCommand, isProbablyRooted } from '../android/adb-commands';
+import { createPersistentReverseTunnel, getConnectedDevices, getRootCommand, isProbablyRooted } from '../android/adb-commands';
 import { waitUntil } from '../../util/promise';
 import { buildAndroidFridaScript } from './frida-scripts';
 import {
@@ -169,7 +169,8 @@ export async function interceptAndroidFridaTarget(
 ) {
     const deviceClient = adbClient.getDevice(hostId);
 
-    await deviceClient.reverse('tcp:' + proxyPort, 'tcp:' + proxyPort);
+    await createPersistentReverseTunnel(deviceClient, proxyPort, proxyPort)
+        .catch(() => {}); // If we can't tunnel that's OK - we'll use wifi/etc instead
 
     // Try alt port first (preferred and more likely to work - it's ours)
     const fridaStream = await deviceClient.openTcp(FRIDA_ALTERNATE_PORT)