Closed und3fined closed 1 year ago
ChiChou
commented
1 year ago What do you mean "attach to process name maybe not work"?
Your patch is actually introducing a bug, if there is any other app name that ends with pkd. Even if you replace it with ===, it would make no difference with the original implementation
ChiChou
commented
1 year ago The only scenario I could think of to break attach is that pkd is currently not running. The right solution is to spawn launchctl kickstart with the right parameters, or use frida to prewarm it through XPC
und3fined
commented
1 year ago Thanks for reply, but with i can't attach via dev.attach('pkd').
I check process with ps aux | grep pkd. It running
I'll try prewarm it through XPC
und3fined
commented
1 year ago And, maybe need more way run launch plugin. I'm stuck at NSExtension.extensionWithIdentifier_error_(identifier, NULL);
My device: iP8 - iOS 16.3.1 and bakera1n rootful
ChiChou
commented
1 year ago I don't have a jailbreak environment that is higher than iOS 14 at the moment. In the past, frida was not able to spawn an extension process directly due to XPC framework limits. Somehow now it looks possible to pause them during early initialization.
Can you confirm that this strategy is working for you?
frida -U -f /var/mobile/XXXXXXXIf it works, we don't need this pkd workaround anymore
und3fined
commented
1 year ago Manually get the extension's executable path
It's worked there, but need --pause params
My command:
frida -U -f /var/containers/Bundle/Application/46C9B7B0-A895-440C-AB03-F329D124F191/Twitter.app/PlugIns/ShareExtension.appex/ShareExtension --pauseThat's nice. We can switch
und3fined
commented
1 year ago @ChiChou : success 🎉
ChiChou
commented
1 year ago Maybe next week I'll write a version without pkd patch
und3fined
commented
1 year ago Thanks for reply and your suggest. I complete my script for private use
Attach to process name maybe not work. I find
pkdpid and direct attach to it.