Closed esoteric-programmer closed 11 months ago
ChiChou
commented
4 years ago bagbak could suspend the main thread of the app during dumping, but I'm not sure if this is possible with frida.
Implemented here: https://github.com/ChiChou/bagbak/blob/44d11c6/agent/threads.ts#L13
ChiChou
commented
4 years ago For aggressive jailbreak detection like this, I'm planning to migrate to mremap_encrypted approach by FlexDecrypt which doesn't need to run the app at all.
esoteric-programmer
commented
4 years ago bagbak could suspend the main thread of the app during dumping, but I'm not sure if this is possible with frida.
Implemented here: https://github.com/ChiChou/bagbak/blob/44d11c6/agent/threads.ts#L13
Oh, and the app managed to quit during dumping nonetheless. Impressive, I wonder how the devs of the app managed to implement that.
esoteric-programmer
commented
4 years ago For aggressive jailbreak detection like this, I'm planning to migrate to
mremap_encryptedapproach by FlexDecrypt which doesn't need to run the app at all.
I didn't know flexdecrypt. Thank you for your answer. You already helped me a lot. It would be great if bagbak could support decryption like this.
ChiChou
commented
11 months ago This is outdated, close now
bagbak is a very nice tool. To make it even better for me, I would appreciate if it were possible to resume dumping in the case that the process has been canceled or aborted in an earlier run.
The reason for this feature request is that I try to dump an application that has a very aggressive jailbreak detection. Using advanced anti-jailbreak-detection tools, I managed to get the application run for about 10 seconds (without anti-jb-detection tools, the app exists within a few milliseconds!), allowing bagbak to dump roughly 20% of the app. If I could repeat the process multiple times in order to dump the entire application, this would be great.
Alternatively, bagbak could suspend the main thread of the app during dumping, but I'm not sure if this is possible with frida.