search

ChiChou / bagbak

Yet another frida based iOS dumpdecrypted. Also decrypts app extensions
MIT License
1.24k stars 197 forks source link

Unable to dump apps on Apple Security research device #129

Closed cfossace closed 2 months ago

cfossace commented 1 year ago

There is an error dumping the app.

➜ bagbak -U my.app.testing.triggerdebug.testing-app [info] pulling app bundle from device, please be patient

[info] app bundle downloaded node:internal/process/promises:288 triggerUncaughtException(err, true / fromPromise /); ^

[Error: ENOENT: no such file or directory, scandir '/var/folders/rr/n_90hxwd49gc5n3nwyrw6qdr0000gp/T/bagbak/my.app.testing.triggerdebug.testing-app/Payload/testing app.app'] { errno: -2, code: 'ENOENT', syscall: 'scandir', path: '/var/folders/rr/n_90hxwd49gc5n3nwyrw6qdr0000gp/T/bagbak/my.app.testing.triggerdebug.testing-app/Payload/testing app.app' }

Node.js v18.18.2

To Reproduce Steps to reproduce the behavior:

bagbak -U my.app.testing.triggerdebug.testing-app

Expected behavior I expect it to dump the decrypted app, but it seems like there is a problem.

Desktop (please complete the following information):

ChiChou commented 1 year ago

I can't find this bundle id. Are you side-loading it?

cfossace commented 1 year ago

Oh yeah sorry I was doing this with a test app. To confirm though, no apps work at all. They all get this same error :(

cfossace commented 1 year ago

It seems like frida-ios-dump has the exact same error, so I can't tell if it is maybe something Frida-side? https://github.com/AloneMonkey/frida-ios-dump/issues/180

ChiChou commented 1 year ago

To side load an app, the app must be already decrypted. It makes no sense to "decrypt" again. What do you wanna implement?

ChiChou commented 1 year ago

I don't think it has anything to do with frida. Your ipa must have some broken symbolic link inside

cfossace commented 1 year ago

No I can't dump any apps with frida. I am not sideloading apps, I am dumping app store apps. I was just testing the dumping with a sideloaded app to see if that would help, but that didn't work either.

ChiChou commented 1 year ago

No I can't dump any apps with frida. I am not sideloading apps, I am dumping app store apps. I was just testing the dumping with a sideloaded app to see if that would help, but that didn't work either.

but same error for store apps?

cfossace commented 1 year ago

Yeah, even App Store apps get the same error. It seems like all apps are having this problem :(