search

Lessica / TrollRecorder

(i18n/CLI) Not the first, but the best phone call recorder with TrollStore.
GNU Affero General Public License v3.0
1.7k stars 80 forks source link

randomly can't start recording (like it happened really really random but frequently) #74

Closed 4rtz1z closed 5 months ago

4rtz1z commented 5 months ago

Describe the bug been using TR from the first TS thru the latest JB, but in the last updates (i'm not sure from which one), the problem is happening more frequently, sometimes it happens after a respring, or a userspace reboot, or re-jailbreak, or completely random after idling.

(kinda annoying when this happened while getting a call)

this time i finally try looking the log from Antoine (attachment below)

To Reproduce Steps to reproduce the behavior:

  1. Can't really know how to reproduce it
  2. but when it happened it just happened (video below)

Expected behavior should be start recording (attachment number 3)

Screenshots

  1. Can't start recording (not only manually start but auto record is failed to launch too, i couldn't get the log while it failed record a whatsapp call)

https://github.com/Lessica/TrollRecorder/assets/15857763/49560fba-6eb4-403d-9ca5-ab40656f8df0

  1. the error log IMG_6961

  2. should be like this

https://github.com/Lessica/TrollRecorder/assets/15857763/de11f282-1edf-44fb-8b2f-aac35cb36237

Please complete the following information:

Additional context

Lessica commented 5 months ago

It seems like a jailbreak issue.
@opa334 once mentioned the issue in this post. But I still don’t have any chance to solve it.

Lessica commented 5 months ago

I’ve written a drop-in replacement for NSTask. I will try to use that in the next version of TrollRecorder JB. But I’m not sure if it will be fixed. Try it later.

4rtz1z commented 5 months ago

I’ve written a drop-in replacement for NSTask. I will try to use that in the next version of TrollRecorder JB.

Hope everything went well, looking forward to it !

opa334 commented 5 months ago

@Lessica there is no need to make a drop in replacement, just dlopen /usr/lib/systemhook.dylib (with RTLD_NOLOAD), dlsym dopamine_fix_NSTask and call it if it exists

Lessica commented 5 months ago

@Lessica there is no need to make a drop in replacement, just dlopen /usr/lib/systemhook.dylib (with RTLD_NOLOAD), dlsym dopamine_fix_NSTask and call it if it exists

Wow thank you VERY MUCH! I will try it.

Lessica commented 5 months ago

@4rtz1z Try v1.12.0

4rtz1z commented 5 months ago

@4rtz1z Try v1.12.0

i'll test it and report back

4rtz1z commented 5 months ago

@Lessica it failed to start, i've tried respring, reboot, rejailbreak

IMG_6963

got this log too 2024/06/15 20:18:13:446 GetPrimaryBundlePath: Failed to get container URL, error = Error Domain=MCMErrorDomain Code=21 "(null)"

log attached from Logs folder TRCallMonitor.zip

Lessica commented 5 months ago

That’s not a key error log. Attach crash logs.

Lessica commented 5 months ago

This issue has been reported fixed on iOS 15.1/15.4.1/15.6.1/16.2/16.4.1/16.5.1 on Dopamine 2.0.11/2.1.4/2.1.5/2.1.7, submit another issue if you see another error. Or, re-open this issue if you see the same error on other jailbreaks.

4rtz1z commented 5 months ago

That’s not a key error log. Attach crash logs.

ah sorry because that's the only thing that i got, I always got the setup failed using v1.12.0

the only thing showed under settings - analytics data is this "uptime" : 1200, "procRole" : "Unspecified", "version" : 2, "userID" : 0, "deployVersion" : 210, "modelCode" : "iPhone14,3", "coalitionID" : 1856, "osVersion" : { "isEmbedded" : true, "train" : "iPhone OS 16.5", "releaseType" : "User", "build" : "20F66" }, "captureTime" : "2024-06-16 13:00:26.6442 +0700", "incident" : "947EE743-65EC-4787-B86D-F072B04909BC", "pid" : 3225, "cpuType" : "ARM-64", "roots_installed" : 0, "bug_type" : "385", "procLaunch" : "2024-06-16 13:00:24.8984 +0700", "procStartAbsTime" : 29507435054, "procExitAbsTime" : 29549318324, "procName" : "TRCallMonitor", "procPath" : "\/private\/preboot\/6F5BBBE41E30A250BFFC61F467E385A92280C33D63D82A559968757C2B9D1C4F43FE09537F774590B1834D474E0FE221\/dopamine-ngwV6X\/procursus\/Applications\/TRApp.app\/TRCallMonitor", "parentProc" : "launchd", "parentPid" : 1, "coalitionName" : "wiki.qaq.trservices", "crashReporterKey" : "945b3898f1ba1484f608fdb1ea4886c7966d48ef", "wasUnlockedSinceBoot" : 1, "isLocked" : 0, "systemID" : "00008110-00091858222A801E", "codeName" : "D64AP", "throttleTimeout" : 5, "codeSigningID" : "wiki.qaq.trapp", "codeSigningTeamID" : "", "codeSigningFlags" : 838868993, "codeSigningValidationCategory" : 1, "codeSigningTrustLevel" : 0, "basebandVersion" : "2.70.01", "exception" : {"codes":"0x6400000009000006, 0x0000000000000000","message":" (Limit 6 MB) Crossed High Water Mark","rawCodes":[7205759403943788550,0],"type":"EXC_RESOURCE","subtype":"MEMORY"}, "termination" : {"namespace":"JETSAM","flags":2,"code":7}, "faultingThread" : 1,

4rtz1z commented 5 months ago

krashkop, cr4shed didn't pickup any crashlog from TR. and from systemlog, i got only

got this log too 2024/06/15 20:18:13:446 GetPrimaryBundlePath: Failed to get container URL, error = Error Domain=MCMErrorDomain Code=21 "(null)"

and bunch of these

...saving pasteboard failed with error: Error Domain=PBErrorDomain Code=11 "The pasteboard name com.apple.UIKit.pboard.general is not valid." UserInfo={NSLocalizedDescription=The pasteboard name com.apple.UIKit.pboard.general is not valid.}

IMG_6973

help me please

Lessica commented 5 months ago

It seems the fix of NSTask is increasing the memory usage and triggering Jetsam events (Out-Of-Memory). Discuss this problem in #76.

4rtz1z commented 5 months ago

It seems the fix of NSTask is increasing the memory usage and triggering Jetsam events (Out-Of-Memory). Discuss this problem in #76.

got it, hope this could be fixed

Lessica commented 5 months ago

@opa334

I’ve tried and tested your solution. Here is the result:

This solution is great and definitely working. Thank you for your help. But I still have some questions…

Question 1

What’s the side effect if I use RTLD_LAZY in my daemon process? The systemhook.dylib will be loaded into the daemon. Does it make all tweaks to be loaded into my daemon?

Question 2

It seems to use more RAM and make Jetsam Kills (over 6M) in this case. Is it possible to bypass Jetsam using memorystatus_control in Dopamine?

Lessica commented 5 months ago

Well, I've read the related source code in Dopamine. That's a reliable fix but increases the resident memory usage by ~10M.
I just have to call memorystatus_control before that fix.

Anyway, here is my own implementation of NSTask in Swift: https://gist.github.com/Lessica/c281536f0671ac19746fbfea476bb7cc

opa334 commented 5 months ago

@opa334

I’ve tried and tested your solution. Here is the result:

  • If I use RTLD_NOLOAD to open systemhook.dylib in my daemon process (managed by launchctl), it failed to find symbol dopamine_fix_NSTask.
  • If I use RTLD_LAZY, the symbol exists and the problem gets fixed. (This is what I am doing now.)

This solution is great and definitely working. Thank you for your help. But I still have some questions…

Question 1

What’s the side effect if I use RTLD_LAZY in my daemon process? The systemhook.dylib will be loaded into the daemon. Does it make all tweaks to be loaded into my daemon?

Question 2

It seems to use more RAM and make Jetsam Kills (over 6M) in this case. Is it possible to bypass Jetsam using memorystatus_control in Dopamine?

why is systemhook not being loaded into your daemon? are you setting the safe mode flags in it's plist? In this case, setting DISABLE_TWEAKS=1 might be preferred as this will weaken jetsam, load systemhook but not load any tweaks.

Lessica commented 5 months ago

@opa334 I’ve tried and tested your solution. Here is the result:

  • If I use RTLD_NOLOAD to open systemhook.dylib in my daemon process (managed by launchctl), it failed to find symbol dopamine_fix_NSTask.
  • If I use RTLD_LAZY, the symbol exists and the problem gets fixed. (This is what I am doing now.)

This solution is great and definitely working. Thank you for your help. But I still have some questions…

Question 1

What’s the side effect if I use RTLD_LAZY in my daemon process? The systemhook.dylib will be loaded into the daemon. Does it make all tweaks to be loaded into my daemon?

Question 2

It seems to use more RAM and make Jetsam Kills (over 6M) in this case. Is it possible to bypass Jetsam using memorystatus_control in Dopamine?

why is systemhook not being loaded into your daemon? are you setting the safe mode flags in it's plist? In this case, setting DISABLE_TWEAKS=1 might be preferred as this will weaken jetsam, load systemhook but not load any tweaks.

Yes. I have _MSSafeMode=1 and DYLD_INSERT_LIBRARIES= in my LaunchDaemon plist (historical reason lol).
Now I will change it to DISABLE_TWEAKS=1 and try to use RTLD_NOLOAD again.

Lessica commented 5 months ago

This is a daemon:

memorystatus_control(MEMORYSTATUS_CMD_SET_JETSAM_TASK_LIMIT, getpid(), 0, NULL, 0);

With entitlements:

<key>com.apple.private.kernel.jetsam</key>
<true/>
<key>com.apple.private.memorystatus</key>
<true/>

Is it the right way to bypass Jetsam? lol

opa334 commented 5 months ago

This is a daemon:

memorystatus_control(MEMORYSTATUS_CMD_SET_JETSAM_TASK_LIMIT, getpid(), 0, NULL, 0);

With entitlements:

<key>com.apple.private.kernel.jetsam</key>
<true/>
<key>com.apple.private.memorystatus</key>
<true/>

Is it the right way to bypass Jetsam? lol

The jailbreak will already weaken jetsam for you if you don't set _MSSafeMode. Also note that NSTask itself is not the issue, if you don't have systemhook loaded, you are not guaranteed to be able to spawn other binaries at all, not even with posix_spawn.

Lessica commented 5 months ago

Well. Hurried myself removing _MSSafeMode. 😭