Failed to dump a page - issue with appex + arm64

[bensh]

General information

• iOS: 11.2.5
• App: com.logmein.rescue
• App name: Rescue - from LogMeIn Rescue + Mobile - https://apps.apple.com/gb/app/rescue-mobile/id661269562
• Command: clutch -d 9

Clutch was latest version, and signed with entitlements from the Git source.

Log

root# Clutch -d 9
Zipping Rescue.app
ASLR slide: 0x1009c8000
Dumping <Rescue> (arm64)
Patched cryptid (64bit segment)
Failed to dump a page :(
Error: Failed to dump <Rescue> with arch arm64

2019-08-02 09:02:48.622 Clutch[4414:504447] failed operation :(
2019-08-02 09:02:48.622 Clutch[4414:504447] application <NSOperationQueue: 0x102fb9800>{name = 'NSOperationQueue 0x102fb9800'}
Error: Failed to dump <Rescue>

2019-08-02 09:02:48.622 Clutch[4414:504447] failed operation :(
2019-08-02 09:02:48.622 Clutch[4414:504447] application <NSOperationQueue: 0x102fb9800>{name = 'NSOperationQueue 0x102fb9800'}
Error: Could not obtain mach port, either the process is dead (codesign error?) or entitlements were not properly signed!

Error: Failed to dump <RescueDeviceView> with arch arm64

2019-08-02 09:02:48.623 Clutch[4414:504452] failed operation :(
2019-08-02 09:02:48.623 Clutch[4414:504452] application <NSOperationQueue: 0x102fb8a30>{name = 'NSOperationQueue 0x102fb8a30'}
Error: Failed to dump <RescueDeviceView>

2019-08-02 09:02:48.623 Clutch[4414:504452] failed operation :(
2019-08-02 09:02:48.630 Clutch[4414:504452] application <NSOperationQueue: 0x102fb8a30>{name = 'NSOperationQueue 0x102fb8a30'}
Dumping <ZSWTaggedString> arm64
Successfully dumped framework ZSWTaggedString!
Child exited with status 0
Dumping <RescueCoreInternal> arm64
Dumping <RescueBroadcast> arm64
Successfully dumped framework RescueBroadcast!
Child exited with status 0
Successfully dumped framework RescueCoreInternal!
Child exited with status 0
Zipping RescueCoreInternal.framework
Zipping ZSWTaggedString.framework
Zipping RescueBroadcast.framework
Zipping RescueDeviceView.appex
FAILED: <Rescue bundleID: com.logmein.rescue>
Finished dumping com.logmein.rescue in 2.7 seconds

---

[865102930]

I've got the same issues when I upgraded Mac to 10.15

[bensh]

Just experienced this error again iOS 10.0.2 Clutch 2.0.4

Error: Failed to dump with arch arm64

Dumping <SocketRocket> arm64
Successfully dumped framework SocketRocket!
Child exited with status 0
Error: Failed to dlopen /var/containers/Bundle/Application/0154FDBF-884C-4EB2-A01A-1F175441E7C0/BTBC.app/Frameworks/UtilsiOS.framework/UtilsiOS dlopen(/var/containers/Bundle/Application/0154FDBF-884C-4EB2-A01A-1F175441E7C0/BTBC.app/Frameworks/UtilsiOS.framework/UtilsiOS, 1): Library not loaded: @rpath/libswiftCore.dylib
  Referenced from: /var/containers/Bundle/Application/0154FDBF-884C-4EB2-A01A-1F175441E7C0/BTBC.app/Frameworks/UtilsiOS.framework/UtilsiOS
  Reason: image not found

Failed to dump framework UtilsiOS :(
Child exited with status 512
Error: Failed to dump <UtilsiOS> with arch arm64

2020-01-16 16:24:05.844 Clutch[5019:151448] failed operation :(
2020-01-16 16:24:05.845 Clutch[5019:151448] application <NSOperationQueue: 0x159d7bdb0>{name = 'NSOperationQueue 0x159d7bdb0'}
**Error: Failed to dump <UtilsiOS>**

2020-01-16 16:24:05.846 Clutch[5019:151448] failed operation :(
2020-01-16 16:24:05.846 Clutch[5019:151448] application <NSOperationQueue: 0x159d7bdb0>{name = 'NSOperationQueue 0x159d7bdb0'}

ASLR slide: 0x100004000
Dumping <BTBC> (arm64)
Patched cryptid (64bit segment)
Writing new checksum
Zipping SocketRocket.framework
Zipping UtilsiOS.framework
FAILED: <BTBC bundleID: com.btbc>
Finished dumping com.btbc in 8.0 seconds

It turns out that the class BSKeychain is implemented in both the UtilsiOS framework and the BTBC app binary, perhaps this is where Clutch is getting confused and therefore breaks?