0x3c3e
commented
4 years ago @bensh you can try to start the app with frida -Uf com.[team_name].[app_name], app will hang, and at that moment you can dump it using frida-ios-dump.
Open bensh opened 4 years ago
0x3c3e
commented
4 years ago @bensh you can try to start the app with frida -Uf com.[team_name].[app_name], app will hang, and at that moment you can dump it using frida-ios-dump.
bensh
commented
4 years ago That got further than previously but then crashed at the 'Generating xxxxx.ipa' stage
0x3c3e
commented
4 years ago @bensh that's odd, it might crash, but .ipa will be generated anyway.
nfriedly
commented
3 years ago I needed to dump a handful of apps, and I hit this on the majority of them. com.lowes.mobile.consumer.iphone.lowes worked fine and I was able to extract the .ipa, but these all failed the same way as the OP's:
com.grubhub.searchcom.tovala.Tovalacom.sephora.sephoramobileEdit: looking back through the logs, I didn't actually get any "Start Dump ..." or "whatever.fid ..." lines, just the initial "dlopen whatever.dylib success." and "Load whatever.framework success.". I put the full output at https://gist.github.com/nfriedly/653595b54128faf9b076af54dca14ff4#file-dump-failures-txt
I tried launching with frida -Uf in one terminal and then running dump.py in another, but that didn't seem to work for any of them for me - I didn't even make it to the 'Generating xxxxx.ipa' stage :(
For example, in one tab I had
master:~/src/frida-ios-dump$ frida -Uf com.tovala.Tovala
____
/ _ | Frida 14.1.3 - A world-class dynamic instrumentation toolkit
| (_| |
> _ | Commands:
/_/ |_| help -> Displays the help system
. . . . object? -> Display information about 'object'
. . . . exit/quit -> Exit
. . . .
. . . . More info at https://www.frida.re/docs/home/
Spawned `com.tovala.Tovala`. Use %resume to let the main thread start executing!And the app would start on the phone. And then in the second terminal tab I would run:
master:~/src/frida-ios-dump$ python3 dump.py "com.tovala.Tovala"
Start the target app com.tovala.Tovala
Dumping Tovala to /var/folders/gx/lk2wkx6n465f1qkqhg1xb18w0000gp/TThe app would then immediately close, and the second tab would hang there. The first one would output a big crash report, I put the full output at https://gist.github.com/nfriedly/653595b54128faf9b076af54dca14ff4#file-frida-crash-txt
I feel like I'm a bit over my head here, but I'm hoping that the extra info will help someone figure out what's going on.
I'm on Frida v14.1.3 on macOS 10.15.7, and Frida for pre-A12 devices 14.1.3 on iOS 14.2 on an iPhone 7+.
Update: I was able to use https://github.com/KJCracks/Clutch to dump grubhub and sephora. It failed on tovala though :/
nvzqz
commented
3 years ago After investigating @nfriedly's issue (we work together), I realized that this issue can only be reproduced for apps that were installed via Configurator. Apps installed from the App Store had no issue.
Ideally this should work for all Configurator-installed apps since all assets are retained when extracting those (for apps that this tool works for). Otherwise, our workaround is to swap in assets from an encrypted app that was gotten through Configurator locally (pre-installation).
nerozhao
commented
3 years ago You can catch the dlopen exception like this:
nrudnyk
commented
3 years ago @nvzqz thanks, you saved my day by mentioning that it's because apps were installed via Configurator. hopefully that's get's resolved
Frida has recently been updated to 14, which has broken this script. It seems to dump certain files, but then freezes