Fails Decryption with "Service does not support the specified action"

minzique commented 1 month ago

Fails to decrypt the spotify binary with the following error:

: bagbak ; node ./bin/bagbak.js Spotify -d --raw -f
remote root /private/var/containers/Bundle/Application/2E071E5F-4780-4227-99A2-84A90A697225/Spotify.app
copy to .
[info] pulling app bundle from device, please be patient
[info] downloaded 740 files and 232 folders
[info] app bundle downloaded
extensions [
  {
    id: 'com.spotify.client.widgetnowplaying',
    path: '/private/var/containers/Bundle/Application/2E071E5F-4780-4227-99A2-84A90A697225/Spotify.app/PlugIns/WidgetExtension.appex',
    exec: 'WidgetExtension',
    abs: '/private/var/containers/Bundle/Application/2E071E5F-4780-4227-99A2-84A90A697225/Spotify.app/PlugIns/WidgetExtension.appex/WidgetExtension'
  },
  {
    id: 'com.spotify.client.notificationcontent',
    path: '/private/var/containers/Bundle/Application/2E071E5F-4780-4227-99A2-84A90A697225/Spotify.app/PlugIns/NotificationContentExtension.appex',
    exec: 'NotificationContentExtension',
    abs: '/private/var/containers/Bundle/Application/2E071E5F-4780-4227-99A2-84A90A697225/Spotify.app/PlugIns/NotificationContentExtension.appex/NotificationContentExtension'
  },
  {
    id: 'com.spotify.client.notification',
    path: '/private/var/containers/Bundle/Application/2E071E5F-4780-4227-99A2-84A90A697225/Spotify.app/PlugIns/NotificationServiceExtension.appex',
    exec: 'NotificationServiceExtension',
    abs: '/private/var/containers/Bundle/Application/2E071E5F-4780-4227-99A2-84A90A697225/Spotify.app/PlugIns/NotificationServiceExtension.appex/NotificationServiceExtension'
  },
  {
    id: 'com.spotify.client.intents',
    path: '/private/var/containers/Bundle/Application/2E071E5F-4780-4227-99A2-84A90A697225/Spotify.app/PlugIns/IntentsExtension.appex',
    exec: 'IntentsExtension',
    abs: '/private/var/containers/Bundle/Application/2E071E5F-4780-4227-99A2-84A90A697225/Spotify.app/PlugIns/IntentsExtension.appex/IntentsExtension'
  }
]
main app binary /private/var/containers/Bundle/Application/2E071E5F-4780-4227-99A2-84A90A697225/Spotify.app/Spotify
scope for PlugIns/IntentsExtension.appex/IntentsExtension is com.spotify.client.intents
scope for PlugIns/NotificationContentExtension.appex/NotificationContentExtension is com.spotify.client.notificationcontent
scope for PlugIns/NotificationServiceExtension.appex/NotificationServiceExtension is com.spotify.client.notification
scope for PlugIns/WidgetExtension.appex/WidgetExtension is com.spotify.client.widgetnowplaying
scope for Spotify is main app
grouped by extensions Map(4) {
  'com.spotify.client.widgetnowplaying' => {
    'PlugIns/WidgetExtension.appex/WidgetExtension': {
      path: 'Spotify.app/PlugIns/WidgetExtension.appex/WidgetExtension',
      type: 2,
      encryptInfo: [Object],
      encCmdOffset: 4336
    }
  },
  'com.spotify.client.notificationcontent' => {
    'PlugIns/NotificationContentExtension.appex/NotificationContentExtension': {
      path: 'Spotify.app/PlugIns/NotificationContentExtension.appex/NotificationContentExtension',
      type: 2,
      encryptInfo: [Object],
      encCmdOffset: 3296
    }
  },
  'com.spotify.client.notification' => {
    'PlugIns/NotificationServiceExtension.appex/NotificationServiceExtension': {
      path: 'Spotify.app/PlugIns/NotificationServiceExtension.appex/NotificationServiceExtension',
      type: 2,
      encryptInfo: [Object],
      encCmdOffset: 3296
    }
  },
  'com.spotify.client.intents' => {
    'PlugIns/IntentsExtension.appex/IntentsExtension': {
      path: 'Spotify.app/PlugIns/IntentsExtension.appex/IntentsExtension',
      type: 2,
      encryptInfo: [Object],
      encCmdOffset: 3456
    }
  }
}
binaries for main app {
  Spotify: {
    path: 'Spotify.app/Spotify',
    type: 2,
    encryptInfo: { offset: 196608, size: 4096, id: 1 },
    encCmdOffset: 5376
  }
}
spawned app pid => 11100
pid => 11100
retry 0 [Error: Module not found at "/usr/lib/libSystem.B.dylib"]
session => Session { pid: 11100 }
[script log] info decrypt Spotify
msg {
  type: 'send',
  payload: { event: 'begin', name: 'Spotify', fatOffset: 0 }
} null
[decrypt] Spotify
patch >> Spotify.app/Spotify
[script log] info module => Spotify 0x1043cc000 131383296
[script log] info encrypted => 196608 4096
msg {
  type: 'send',
  payload: { event: 'trunk', fileOffset: 196608, name: 'Spotify' }
} <Buffer c0 03 5f d6 f6 03 00 aa f5 3b 40 f9 b5 01 00 b4 a8 22 00 91 09 fd 5f c8 2a 05 00 d1 0a fd 0b c8 ab ff ff 35 e9 00 00 b5 a8 02 40 f9 08 09 40 f9 e0 03 ... 4046 more bytes>
msg {
  type: 'send',
  payload: { event: 'trunk', fileOffset: 5384, name: 'Spotify' }
} <Buffer 00 00 00 00 00 00 00 00 00 00 00 00>
msg { type: 'send', payload: { event: 'end', name: 'Spotify' } } null
result => true
session detached application-requested null
node:internal/process/promises:288
            triggerUncaughtException(err, true /* fromPromise */);
            ^

Error: Error Domain=OSLaunchdErrorDomain Code=137 "Service does not support the specified action" UserInfo={NSLocalizedFailureReason=Service does not support the specified action}
    at throwsNSError (/script1.js:62)
    at <anonymous> (/script1.js:151)
    at apply (native)
    at <anonymous> (frida/runtime/message-dispatcher.js:13)
    at c (frida/runtime/message-dispatcher.js:23) {
  fileName: '/script1.js',
  lineNumber: 62
}

Node.js v18.17.0

Running on macos 13.2.1, and a A13 device on iOS 16.1.1 with Dopamine. Frida version 16.2.1

: bagbak ; uname -a
Darwin ryzenb0x.local 22.3.0 Darwin Kernel Version 22.3.0: Mon Jan 30 20:42:11 PST 2023; root:xnu-8792.81.3~2/RELEASE_X86_64 x86_64

: bagbak ; ssh iphone uname -a
Darwin iPhone 22.1.0 Darwin Kernel Version 22.1.0: Thu Oct  6 19:32:38 PDT 2022; root:xnu-8792.42.7~1/RELEASE_ARM64_T8030 iPhone12,1 arm Darwin

iPhone:~ mobile% frida-server --version
16.2.1

ChiChou commented 1 month ago

I tried on 8.9.76 com.spotify.client Spotify and it works well. Did you update the tool to latest v4.0.1?

gujjuboy10x00 commented 2 weeks ago

[info] pulling app bundle from device, please be patient /opt/homebrew/lib/node_modules/bagbak/node_modules/ssh2/lib/client.js:863 const err = new Error('All configured authentication methods failed');

ChiChou commented 2 weeks ago

[info] pulling app bundle from device, please be patient

/opt/homebrew/lib/node_modules/bagbak/node_modules/ssh2/lib/client.js:863
    const err = new Error('All configured authentication methods failed');

Check your SSH credentials

ChiChou / bagbak

Fails Decryption with "Service does not support the specified action" #151