Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate problems with the iPhone on iOS 15 #22

Closed
baltpeter opened this issue Mar 9, 2023 · 13 comments
Closed

Investigate problems with the iPhone on iOS 15 #22

baltpeter opened this issue Mar 9, 2023 · 13 comments
Assignees
@baltpeter
Labels
research

Comments

@baltpeter
Copy link
Member

The other iPhone (black, iOS 15.6.1) also has a problem (cf. #12): It doesn't like Frida injected in SpringBoard (which we're doing a lot appstraction).

Injecting works, and I can do pure JS stuff just fine. But as soon as I try to access anything under ObjC (you know, a fairly important feature), SpringBoard crashes.

❯ frida -U SpringBoard
     ____
    / _  |   Frida 16.0.8 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to iOS Device (id=982db8d6e3c4db2cbc22f263400334351196f286)
                                                                                
[iOS Device::SpringBoard ]-> 1+1
2
[iOS Device::SpringBoard ]-> ObjC.Process terminated
[iOS Device::SpringBoard ]-> ObjC.

Thank you for using Frida!
@zner0L
Copy link

zner0L commented Mar 21, 2023

I think I just into that problem as well on my iPhone 6S on 15.7.2, Frida and SpringBoard both crashed while trying to set the proxy using appstraction.

@zner0L zner0L mentioned this issue Mar 21, 2023
Merged
@zner0L
Copy link

zner0L commented Mar 21, 2023

I looked at one crash report for SpringBoard and sadly they don't seem very helpful. CrashReporter reports as an exception:

  "exception" : {"codes":"0x0000000000000000, 0x0000000000000000","rawCodes":[0,0],"type":"EXC_CRASH","signal":"SIGKILL"},

Which doesn't say much. Here is a full crash log at /User/Library/Logs/CrashReporter/SpringBoard-<datetime>.ips:

{"app_name":"SpringBoard","timestamp":"2023-03-21 18:28:44.00 +0100","app_version":"1.0","slice_uuid":"663b1c29-abeb-3159-b566-87dfba738a5e","build_version":"50","platform":2,"bundleID":"com.apple.springboard","share_with_app_devs":0,"is_first_party":1,"bug_type":"309","os_version":"iPhone OS 15.7.2 (19H218)","incident_id":"B7ECF210-E9B4-462E-B80B-4435D0B82610","name":"SpringBoard"}
{
  "uptime" : 540,
  "procLaunch" : "2023-03-21 18:21:08.8804 +0100",
  "procRole" : "Foreground",
  "version" : 2,
  "userID" : 501,
  "deployVersion" : 210,
  "modelCode" : "iPhone8,1",
  "procStartAbsTime" : 2198059962,
  "coalitionID" : 69,
  "osVersion" : {
    "isEmbedded" : true,
    "train" : "iPhone OS 15.7.2",
    "releaseType" : "User",
    "build" : "19H218"
  },
  "captureTime" : "2023-03-21 18:28:43.5686 +0100",
  "incident" : "B7ECF210-E9B4-462E-B80B-4435D0B82610",
  "bug_type" : "309",
  "pid" : 308,
  "procExitAbsTime" : 13109559196,
  "cpuType" : "ARM-64",
  "procName" : "SpringBoard",
  "procPath" : "\/System\/Library\/CoreServices\/SpringBoard.app\/SpringBoard",
  "bundleInfo" : {"CFBundleShortVersionString":"1.0","CFBundleVersion":"50","CFBundleIdentifier":"com.apple.springboard"},
  "storeInfo" : {"deviceIdentifierForVendor":"960B73E5-9AB4-4F2C-90DA-955D6D90176D"},
  "parentProc" : "launchd",
  "parentPid" : 1,
  "coalitionName" : "com.apple.springboard",
  "crashReporterKey" : "190e085155fd7d24fb32c29e2ec7470fec08b8d8",
  "basebandVersion" : "9.61.00",
  "isCorpse" : 1,
  "exception" : {"codes":"0x0000000000000000, 0x0000000000000000","rawCodes":[0,0],"type":"EXC_CRASH","signal":"SIGKILL"},
  "termination" : {"namespace":"SANDBOX","flags":66,"code":1},
  "faultingThread" : 0,
  "threads" : [{"triggered":true,"id":3884,"threadState":{"x":[{"value":268451845},{"value":117442566},{"value":0},{"value":3072},{"value":3843},{"value":4294967295},{"value":0},{"value":10767303488},{"value":4294966207},{"value":117442822},{"value":14478548904889286878},{"value":768620671494},{"value":11496730},{"value":24000000},{"value":25288767438848},{"value":0},{"value":18446744073709551585},{"value":1},{"value":0},{"value":0},{"value":4294967295},{"value":3843},{"value":3072},{"value":6089680128},{"value":117442566},{"value":0},{"value":117442566},{"value":3843},{"value":3843}],"flavor":"ARM_THREAD_STATE64","lr":{"value":7458566268},"cpsr":{"value":1610612736},"fp":{"value":6089679744},"sp":{"value":6089679664},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":7458564780,"matchesCrashFrame":1},"far":{"value":0}},"queue":"com.apple.main-thread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":6536,"symbol":"GSEventRunModal","symbolLocation":160,"imageIndex":2},{"imageOffset":5134984,"symbol":"-[UIApplication _run]","symbolLocation":1080,"imageIndex":3},{"imageOffset":2617288,"symbol":"UIApplicationMain","symbolLocation":336,"imageIndex":3},{"imageOffset":874260,"symbol":"SBSystemAppMain","symbolLocation":6476,"imageIndex":4},{"imageOffset":99536,"symbol":"start","symbolLocation":444,"imageIndex":5}]},{"id":3932,"frames":[{"imageOffset":6452,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":6}]},{"id":3935,"name":"com.apple.uikit.eventfetch-thread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":97964,"symbol":"-[NSRunLoop(NSRunLoop) runMode:beforeDate:]","symbolLocation":232,"imageIndex":7},{"imageOffset":356304,"symbol":"-[NSRunLoop(NSRunLoop) runUntilDate:]","symbolLocation":88,"imageIndex":7},{"imageOffset":4607732,"symbol":"-[UIEventFetcher threadMain]","symbolLocation":512,"imageIndex":3},{"imageOffset":412636,"symbol":"__NSThread__start__","symbolLocation":792,"imageIndex":7},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":3948,"name":"com.apple.CoreMotion.MotionThread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":627520,"symbol":"CFRunLoopRun","symbolLocation":60,"imageIndex":1},{"imageOffset":76464,"imageIndex":8},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":3961,"name":"SBWiFiManager callback thread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":97964,"symbol":"-[NSRunLoop(NSRunLoop) runMode:beforeDate:]","symbolLocation":232,"imageIndex":7},{"imageOffset":99872,"symbol":"-[NSRunLoop(NSRunLoop) run]","symbolLocation":88,"imageIndex":7},{"imageOffset":2115620,"symbol":"-[SBWiFiManager _runManagerCallbackThread]","symbolLocation":264,"imageIndex":4},{"imageOffset":412636,"symbol":"__NSThread__start__","symbolLocation":792,"imageIndex":7},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":3963,"name":"CommonUtilities-WiFi-Thread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":627520,"symbol":"CFRunLoopRun","symbolLocation":60,"imageIndex":1},{"imageOffset":60136,"imageIndex":9},{"imageOffset":412636,"symbol":"__NSThread__start__","symbolLocation":792,"imageIndex":7},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":3977,"name":"WFWiFiStateMonitor callback thread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":97964,"symbol":"-[NSRunLoop(NSRunLoop) runMode:beforeDate:]","symbolLocation":232,"imageIndex":7},{"imageOffset":99872,"symbol":"-[NSRunLoop(NSRunLoop) run]","symbolLocation":88,"imageIndex":7},{"imageOffset":395656,"symbol":"-[WFWiFiStateMonitor _runManagerCallbackThread]","symbolLocation":276,"imageIndex":10},{"imageOffset":412636,"symbol":"__NSThread__start__","symbolLocation":792,"imageIndex":7},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":3978,"name":"WFPersonalHotspotStateMonitor callback thread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":97964,"symbol":"-[NSRunLoop(NSRunLoop) runMode:beforeDate:]","symbolLocation":232,"imageIndex":7},{"imageOffset":99872,"symbol":"-[NSRunLoop(NSRunLoop) run]","symbolLocation":88,"imageIndex":7},{"imageOffset":468336,"symbol":"-[WFPersonalHotspotStateMonitor _runManagerCallbackThread]","symbolLocation":444,"imageIndex":10},{"imageOffset":412636,"symbol":"__NSThread__start__","symbolLocation":792,"imageIndex":7},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":3997,"name":"AVAudioSession Notify Thread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":25720,"symbol":"CADeprecated::GenericRunLoopThread::Entry(void*)","symbolLocation":156,"imageIndex":11},{"imageOffset":63432,"symbol":"CADeprecated::CAPThread::Entry(CADeprecated::CAPThread*)","symbolLocation":88,"imageIndex":11},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":4002,"name":"com.apple.UIKit.inProcessAnimationManager","frames":[{"imageOffset":2792,"symbol":"semaphore_wait_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":18784,"symbol":"_dispatch_sema4_wait$VARIANT$mp","symbolLocation":24,"imageIndex":12},{"imageOffset":20400,"symbol":"_dispatch_semaphore_wait_slow","symbolLocation":148,"imageIndex":12},{"imageOffset":2776484,"symbol":"__66-[UIViewInProcessAnimationManager startAdvancingAnimationManager:]_block_invoke_3","symbolLocation":188,"imageIndex":3},{"imageOffset":412636,"symbol":"__NSThread__start__","symbolLocation":792,"imageIndex":7},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":5787,"frames":[{"imageOffset":6452,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":6}]},{"id":6415,"frames":[{"imageOffset":6452,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":6}]},{"id":6492,"frames":[{"imageOffset":8852,"symbol":"kevent","symbolLocation":8,"imageIndex":0},{"imageOffset":4685895048,"imageIndex":13},{"imageOffset":4685892156,"imageIndex":13},{"imageOffset":4685892624,"imageIndex":13},{"imageOffset":4684890492,"imageIndex":13},{"imageOffset":4684776060,"imageIndex":13},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":6493,"name":"pool-spawner","frames":[{"imageOffset":5252,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":0},{"imageOffset":39892,"symbol":"_pthread_cond_wait$VARIANT$mp","symbolLocation":1240,"imageIndex":6},{"imageOffset":4686034668,"imageIndex":13},{"imageOffset":4685816172,"imageIndex":13},{"imageOffset":4685955284,"imageIndex":13},{"imageOffset":4685951232,"imageIndex":13},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":6494,"name":"gmain","frames":[{"imageOffset":8852,"symbol":"kevent","symbolLocation":8,"imageIndex":0},{"imageOffset":4685895048,"imageIndex":13},{"imageOffset":4685892156,"imageIndex":13},{"imageOffset":4685892288,"imageIndex":13},{"imageOffset":4685895960,"imageIndex":13},{"imageOffset":4685951232,"imageIndex":13},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":6495,"name":"gum-exceptor-worker","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":4686459344,"imageIndex":13},{"imageOffset":4685951232,"imageIndex":13},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":6496,"name":"pool-frida","frames":[{"imageOffset":5252,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":0},{"imageOffset":39936,"symbol":"_pthread_cond_wait$VARIANT$mp","symbolLocation":1284,"imageIndex":6},{"imageOffset":4686034936,"imageIndex":13},{"imageOffset":4685816160,"imageIndex":13},{"imageOffset":4685816260,"imageIndex":13},{"imageOffset":4685954820,"imageIndex":13},{"imageOffset":4685951232,"imageIndex":13},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":6497,"name":"gdbus","frames":[{"imageOffset":8852,"symbol":"kevent","symbolLocation":8,"imageIndex":0},{"imageOffset":4685895048,"imageIndex":13},{"imageOffset":4685892156,"imageIndex":13},{"imageOffset":4685892624,"imageIndex":13},{"imageOffset":4685613056,"imageIndex":13},{"imageOffset":4685951232,"imageIndex":13},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":6498,"name":"gum-js-loop","frames":[{"imageOffset":4686439976,"imageIndex":13},{"imageOffset":4686370468,"imageIndex":13},{"imageOffset":4685693792,"imageIndex":13},{"imageOffset":4685693444,"imageIndex":13},{"imageOffset":4685692620,"imageIndex":13},{"imageOffset":4686363516,"imageIndex":13},{"imageOffset":4686470384,"imageIndex":13},{"imageOffset":4686447868,"imageIndex":13},{"imageOffset":4686470208,"imageIndex":13},{"imageOffset":4686469984,"imageIndex":13},{"imageOffset":4686449504,"imageIndex":13},{"imageOffset":4686690536,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4687079800,"imageIndex":13},{"imageOffset":4687008064,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4687206324,"imageIndex":13},{"imageOffset":4686968068,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687026140,"imageIndex":13},{"imageOffset":4687007528,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4686983812,"imageIndex":13},{"imageOffset":4687030224,"imageIndex":13},{"imageOffset":4686605560,"imageIndex":13},{"imageOffset":4686626172,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4686983812,"imageIndex":13},{"imageOffset":4686985092,"imageIndex":13},{"imageOffset":4687010140,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4686983812,"imageIndex":13},{"imageOffset":4687030224,"imageIndex":13},{"imageOffset":4687054180,"imageIndex":13},{"imageOffset":4687030352,"imageIndex":13},{"imageOffset":4687079988,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4687079800,"imageIndex":13},{"imageOffset":4686968068,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4686623724,"imageIndex":13},{"imageOffset":4686623972,"imageIndex":13},{"imageOffset":4686622884,"imageIndex":13},{"imageOffset":4686577924,"imageIndex":13},{"imageOffset":4685891672,"imageIndex":13},{"imageOffset":4685892192,"imageIndex":13},{"imageOffset":4685892624,"imageIndex":13},{"imageOffset":4686577704,"imageIndex":13},{"imageOffset":4685951232,"imageIndex":13},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]}],
  "usedImages" : [
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 7458562048,
    "size" : 212992,
    "uuid" : "d8df34cd-b962-3edf-8266-5c8ca8e666d4",
    "path" : "\/usr\/lib\/system\/libsystem_kernel.dylib",
    "name" : "libsystem_kernel.dylib"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 6475796480,
    "size" : 4448256,
    "uuid" : "55c76f8e-bcc9-3a4c-9f62-16eac0ba8ab8",
    "path" : "\/System\/Library\/Frameworks\/CoreFoundation.framework\/CoreFoundation",
    "name" : "CoreFoundation"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 7024381952,
    "size" : 36864,
    "uuid" : "8f5bd2c4-f5d5-358e-82bd-1b2259a5c050",
    "path" : "\/System\/Library\/PrivateFrameworks\/GraphicsServices.framework\/GraphicsServices",
    "name" : "GraphicsServices"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 6512738304,
    "size" : 24756224,
    "uuid" : "697c7d5c-9761-36e9-8e0f-200035bf3f39",
    "path" : "\/System\/Library\/PrivateFrameworks\/UIKitCore.framework\/UIKitCore",
    "name" : "UIKitCore"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 7299055616,
    "size" : 10190848,
    "uuid" : "2ff7d1e2-599c-3603-9e72-8cdede55b077",
    "path" : "\/System\/Library\/PrivateFrameworks\/SpringBoard.framework\/SpringBoard",
    "name" : "SpringBoard"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 4378443776,
    "size" : 344064,
    "uuid" : "0cbdc5eb-f32e-397b-842c-8d0498ad8fcb",
    "path" : "\/usr\/lib\/dyld",
    "name" : "dyld"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 8007364608,
    "size" : 69632,
    "uuid" : "3788805a-951c-3809-b49f-5af16fe50f0d",
    "path" : "\/usr\/lib\/system\/libsystem_pthread.dylib",
    "name" : "libsystem_pthread.dylib"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 6499995648,
    "size" : 3035136,
    "uuid" : "3f1763e1-10b6-3144-b223-e031482cbf46",
    "path" : "\/System\/Library\/Frameworks\/Foundation.framework\/Foundation",
    "name" : "Foundation"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 6686384128,
    "size" : 3112960,
    "uuid" : "89584898-a43d-33b5-abdc-0029bb54d0fb",
    "path" : "\/System\/Library\/Frameworks\/CoreMotion.framework\/CoreMotion",
    "name" : "CoreMotion"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 6758309888,
    "size" : 118784,
    "uuid" : "98f64960-178f-3455-a9e9-61921252c9ab",
    "path" : "\/System\/Library\/PrivateFrameworks\/CommonUtilities.framework\/CommonUtilities",
    "name" : "CommonUtilities"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 7512567808,
    "size" : 868352,
    "uuid" : "dff029f0-9618-3336-b39b-b78165a907d5",
    "path" : "\/System\/Library\/PrivateFrameworks\/WiFiKit.framework\/WiFiKit",
    "name" : "WiFiKit"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 6624440320,
    "size" : 167936,
    "uuid" : "1b474f88-2a3f-39e0-b843-e6623d7b6ac1",
    "path" : "\/System\/Library\/PrivateFrameworks\/AudioSession.framework\/AudioSession",
    "name" : "AudioSession"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 6472581120,
    "size" : 536576,
    "uuid" : "34ef3925-0303-30bf-9946-ad99311620dd",
    "path" : "\/usr\/lib\/system\/libdispatch.dylib",
    "name" : "libdispatch.dylib"
  },
  {
    "size" : 0,
    "source" : "A",
    "base" : 0,
    "uuid" : "00000000-0000-0000-0000-000000000000"
  }
],
  "sharedCache" : {
  "base" : 6472253440,
  "size" : 2323447808,
  "uuid" : "ef4e0679-1d91-3b1f-8b68-aef6b8fff52a"
},
  "vmSummary" : "ReadOnly portion of Libraries: Total=1.0G resident=0K(0%) swapped_out_or_unallocated=1.0G(100%)\nWritable regions: Total=571.7M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=571.7M(100%)\n\n                                VIRTUAL   REGION \nREGION TYPE                        SIZE    COUNT (non-coalesced) \n===========                     =======  ======= \nAccelerate framework               128K        1 \nActivity Tracing                   256K        1 \nCG raster data                    1728K       47 \nColorSync                          448K       25 \nCoreAnimation                     1200K       52 \nCoreUI image data                  128K        1 \nFoundation                          16K        1 \nImage IO                           176K        9 \nKernel Alloc Once                   32K        1 \nMALLOC                           553.7M       65 \nMALLOC guard page                  128K        8 \nMemory Tag 255                    18.6M       14 \nSQLite page cache                  960K       15 \nSTACK GUARD                        304K       19 \nStack                             10.5M       19 \nVM_ALLOCATE                       4320K       53 \n__CTF                               756        1 \n__DATA                            32.4M     1060 \n__DATA_CONST                      92.5M     1077 \n__DATA_DIRTY                      3896K      881 \n__FONT_DATA                          4K        1 \n__LINKEDIT                       186.4M       14 \n__OBJC_RO                         91.9M        1 \n__OBJC_RW                         3520K        1 \n__TEXT                           885.2M     1100 \n__UNICODE                          592K        1 \ndyld private memory               1024K        1 \nmapped file                      228.3M       98 \nshared memory                       64K        4 \n===========                     =======  ======= \nTOTAL                              2.1G     4571 \n",
  "legacyInfo" : {
  "threadTriggered" : {
    "queue" : "com.apple.main-thread"
  }
},
  "trialInfo" : {
  "rollouts" : [
    {
      "rolloutId" : "61301e3a61217b3110231469",
      "factorPackIds" : {
        "SIRI_FIND_MY_CONFIGURATION_FILES" : "6348493aa52bb16adc4e4d06"
      },
      "deploymentId" : 240000023
    },
    {
      "rolloutId" : "60f8ddccefea4203d95cbeef",
      "factorPackIds" : {

      },
      "deploymentId" : 240000021
    }
  ],
  "experiments" : [

  ]
}
}

@zner0L
Copy link

zner0L commented Mar 21, 2023

Also, injecting Frida into other apps seems to work just fine, even system apps such as Preferences works alright. Maybe we should just pick a different app to inject frida into? Or is there anything particular about SpringBoard we need?

@baltpeter
Copy link
Member Author

Or is there anything particular about SpringBoard we need?

No, it's just conveniently always there. Maybe there's another process that's also always running and has the right privileges? Or, I guess, we could also start Preferences1, inject, stop Preferences.

Footnotes

  1. Though that has two problems: The annoying different name of the app between iOS 15 and 16, and the fact that we're using Frida injected into SpringBoard to start apps…

@zner0L
Copy link

zner0L commented Mar 21, 2023

Unrelated: I found that rocketd is crashing every 10 seconds when frida is running (or rather, a new crash log is created every 10 seconds). Running ldid -s /usr/libexec/rocketd fixed that, but it didn't solve the problem.

@zner0L
Copy link

zner0L commented Mar 21, 2023

Maybe SpringBoard also crashes because of code signing issues? The Crash logs say it is killed. Though, for other apps, the logs say SIGKILL - CODESIGNING.

@zner0L
Copy link

zner0L commented Mar 21, 2023
edited
Loading

the fact that we're using Frida injected into SpringBoard to start apps…

Well, frida.spawn() works on iOS 15, it seems, and since we would have to write version specific code anyway, we could just use that I guess?

@baltpeter
Copy link
Member Author

Um… I just tried this again and it didn't crash this time…

@baltpeter
Copy link
Member Author

Yep. examples/ios-device.ts ran without issues.

I guess, I'll try rebooting the phone to see whether it still works then.

@baltpeter
Copy link
Member Author

baltpeter commented Mar 27, 2023
edited
Loading

Still works after a reboot and rejailbreak.

There was a Frida release the day after I posted this issue. Maybe that solved the problem?
@zner0L What Frida version are you on? And if you're not already on 16.0.11, does that solve the problem?

@zner0L
Copy link

zner0L commented Mar 28, 2023

I updated frida to 16.0.11 and it did fix it!

@baltpeter
Copy link
Member Author

Awesome, so we can close this issue with a README update.

@baltpeter baltpeter self-assigned this Mar 28, 2023
baltpeter added a commit to tweaselORG/appstraction that referenced this issue Mar 28, 2023
@baltpeter
Fixes tweaselORG/meta#22: Note that we need Frida >= 16.0.11 on iOS
4c8ba9d
@zner0L
Copy link

zner0L commented May 22, 2023
edited
Loading

There are problems with palera1n 2.0.0 beta 6 on iOS 15.7.5, the error 256 occurs when trying to install Sileo. Apparently this is a known issue: https://github.com/palera1n/palera1n/releases/tag/v2.0.0-beta.6.2

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@baltpeter baltpeter

Labels
research
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@baltpeter @zner0L