Lessica
commented
1 month ago It seems like a jailbreak issue.
@opa334 once mentioned the issue in this post. But I still don’t have any chance to solve it.
Closed 4rtz1z closed 1 month ago
Lessica
commented
1 month ago It seems like a jailbreak issue.
@opa334 once mentioned the issue in this post. But I still don’t have any chance to solve it.
Lessica
commented
1 month ago I’ve written a drop-in replacement for NSTask. I will try to use that in the next version of TrollRecorder JB. But I’m not sure if it will be fixed. Try it later.
4rtz1z
commented
1 month ago I’ve written a drop-in replacement for
NSTask. I will try to use that in the next version of TrollRecorder JB.
Hope everything went well, looking forward to it !
opa334
commented
1 month ago @Lessica there is no need to make a drop in replacement, just dlopen /usr/lib/systemhook.dylib (with RTLD_NOLOAD), dlsym dopamine_fix_NSTask and call it if it exists
Lessica
commented
1 month ago @Lessica there is no need to make a drop in replacement, just dlopen
/usr/lib/systemhook.dylib(withRTLD_NOLOAD), dlsymdopamine_fix_NSTaskand call it if it exists
Wow thank you VERY MUCH! I will try it.
4rtz1z
commented
1 month ago @Lessica it failed to start, i've tried respring, reboot, rejailbreak
got this log too
2024/06/15 20:18:13:446 GetPrimaryBundlePath: Failed to get container URL, error = Error Domain=MCMErrorDomain Code=21 "(null)"
log attached from Logs folder TRCallMonitor.zip
Lessica
commented
1 month ago That’s not a key error log. Attach crash logs.
Lessica
commented
1 month ago This issue has been reported fixed on iOS 15.1/15.4.1/15.6.1/16.2/16.4.1/16.5.1 on Dopamine 2.0.11/2.1.4/2.1.5/2.1.7, submit another issue if you see another error. Or, re-open this issue if you see the same error on other jailbreaks.
4rtz1z
commented
1 month ago That’s not a key error log. Attach crash logs.
ah sorry because that's the only thing that i got, I always got the setup failed using v1.12.0
the only thing showed under settings - analytics data is this
"uptime" : 1200, "procRole" : "Unspecified", "version" : 2, "userID" : 0, "deployVersion" : 210, "modelCode" : "iPhone14,3", "coalitionID" : 1856, "osVersion" : { "isEmbedded" : true, "train" : "iPhone OS 16.5", "releaseType" : "User", "build" : "20F66" }, "captureTime" : "2024-06-16 13:00:26.6442 +0700", "incident" : "947EE743-65EC-4787-B86D-F072B04909BC", "pid" : 3225, "cpuType" : "ARM-64", "roots_installed" : 0, "bug_type" : "385", "procLaunch" : "2024-06-16 13:00:24.8984 +0700", "procStartAbsTime" : 29507435054, "procExitAbsTime" : 29549318324, "procName" : "TRCallMonitor", "procPath" : "\/private\/preboot\/6F5BBBE41E30A250BFFC61F467E385A92280C33D63D82A559968757C2B9D1C4F43FE09537F774590B1834D474E0FE221\/dopamine-ngwV6X\/procursus\/Applications\/TRApp.app\/TRCallMonitor", "parentProc" : "launchd", "parentPid" : 1, "coalitionName" : "wiki.qaq.trservices", "crashReporterKey" : "945b3898f1ba1484f608fdb1ea4886c7966d48ef", "wasUnlockedSinceBoot" : 1, "isLocked" : 0, "systemID" : "00008110-00091858222A801E", "codeName" : "D64AP", "throttleTimeout" : 5, "codeSigningID" : "wiki.qaq.trapp", "codeSigningTeamID" : "", "codeSigningFlags" : 838868993, "codeSigningValidationCategory" : 1, "codeSigningTrustLevel" : 0, "basebandVersion" : "2.70.01", "exception" : {"codes":"0x6400000009000006, 0x0000000000000000","message":" (Limit 6 MB) Crossed High Water Mark","rawCodes":[7205759403943788550,0],"type":"EXC_RESOURCE","subtype":"MEMORY"}, "termination" : {"namespace":"JETSAM","flags":2,"code":7}, "faultingThread" : 1,
4rtz1z
commented
1 month ago krashkop, cr4shed didn't pickup any crashlog from TR. and from systemlog, i got only
got this log too
2024/06/15 20:18:13:446 GetPrimaryBundlePath: Failed to get container URL, error = Error Domain=MCMErrorDomain Code=21 "(null)"
and bunch of these
...saving pasteboard failed with error: Error Domain=PBErrorDomain Code=11 "The pasteboard name com.apple.UIKit.pboard.general is not valid." UserInfo={NSLocalizedDescription=The pasteboard name com.apple.UIKit.pboard.general is not valid.}
help me please
Lessica
commented
1 month ago It seems the fix of NSTask is increasing the memory usage and triggering Jetsam events (Out-Of-Memory). Discuss this problem in #76.
4rtz1z
commented
1 month ago It seems the fix of
NSTaskis increasing the memory usage and triggering Jetsam events (Out-Of-Memory). Discuss this problem in #76.
got it, hope this could be fixed
Lessica
commented
1 month ago @opa334
I’ve tried and tested your solution. Here is the result:
RTLD_NOLOAD to open systemhook.dylib in my daemon process (managed by launchctl), it failed to find symbol dopamine_fix_NSTask.RTLD_LAZY, the symbol exists and the problem gets fixed. (This is what I am doing now.)This solution is great and definitely working. Thank you for your help. But I still have some questions…
What’s the side effect if I use RTLD_LAZY in my daemon process? The systemhook.dylib will be loaded into the daemon. Does it make all tweaks to be loaded into my daemon?
It seems to use more RAM and make Jetsam Kills (over 6M) in this case. Is it possible to bypass Jetsam using memorystatus_control in Dopamine?
Lessica
commented
1 month ago Well, I've read the related source code in Dopamine. That's a reliable fix but increases the resident memory usage by ~10M.
I just have to call memorystatus_control before that fix.
Anyway, here is my own implementation of NSTask in Swift: https://gist.github.com/Lessica/c281536f0671ac19746fbfea476bb7cc
opa334
commented
1 month ago @opa334
I’ve tried and tested your solution. Here is the result:
- If I use
RTLD_NOLOADto opensystemhook.dylibin my daemon process (managed by launchctl), it failed to find symboldopamine_fix_NSTask.- If I use
RTLD_LAZY, the symbol exists and the problem gets fixed. (This is what I am doing now.)This solution is great and definitely working. Thank you for your help. But I still have some questions…
Question 1
What’s the side effect if I use
RTLD_LAZYin my daemon process? Thesystemhook.dylibwill be loaded into the daemon. Does it make all tweaks to be loaded into my daemon?Question 2
It seems to use more RAM and make Jetsam Kills (over 6M) in this case. Is it possible to bypass Jetsam using
memorystatus_controlin Dopamine?
why is systemhook not being loaded into your daemon? are you setting the safe mode flags in it's plist? In this case, setting DISABLE_TWEAKS=1 might be preferred as this will weaken jetsam, load systemhook but not load any tweaks.
Lessica
commented
1 month ago @opa334 I’ve tried and tested your solution. Here is the result:
- If I use
RTLD_NOLOADto opensystemhook.dylibin my daemon process (managed by launchctl), it failed to find symboldopamine_fix_NSTask.- If I use
RTLD_LAZY, the symbol exists and the problem gets fixed. (This is what I am doing now.)This solution is great and definitely working. Thank you for your help. But I still have some questions…
Question 1
What’s the side effect if I use
RTLD_LAZYin my daemon process? Thesystemhook.dylibwill be loaded into the daemon. Does it make all tweaks to be loaded into my daemon?Question 2
It seems to use more RAM and make Jetsam Kills (over 6M) in this case. Is it possible to bypass Jetsam using
memorystatus_controlin Dopamine?why is systemhook not being loaded into your daemon? are you setting the safe mode flags in it's plist? In this case, setting
DISABLE_TWEAKS=1might be preferred as this will weaken jetsam, load systemhook but not load any tweaks.
Yes. I have _MSSafeMode=1 and DYLD_INSERT_LIBRARIES= in my LaunchDaemon plist (historical reason lol).
Now I will change it to DISABLE_TWEAKS=1 and try to use RTLD_NOLOAD again.
Lessica
commented
1 month ago This is a daemon:
memorystatus_control(MEMORYSTATUS_CMD_SET_JETSAM_TASK_LIMIT, getpid(), 0, NULL, 0);With entitlements:
<key>com.apple.private.kernel.jetsam</key>
<true/>
<key>com.apple.private.memorystatus</key>
<true/>Is it the right way to bypass Jetsam? lol
opa334
commented
1 month ago This is a daemon:
memorystatus_control(MEMORYSTATUS_CMD_SET_JETSAM_TASK_LIMIT, getpid(), 0, NULL, 0);With entitlements:
<key>com.apple.private.kernel.jetsam</key> <true/> <key>com.apple.private.memorystatus</key> <true/>Is it the right way to bypass Jetsam? lol
The jailbreak will already weaken jetsam for you if you don't set _MSSafeMode. Also note that NSTask itself is not the issue, if you don't have systemhook loaded, you are not guaranteed to be able to spawn other binaries at all, not even with posix_spawn.
Lessica
commented
1 month ago Well. Hurried myself removing _MSSafeMode. 😭
Describe the bug been using TR from the first TS thru the latest JB, but in the last updates (i'm not sure from which one), the problem is happening more frequently, sometimes it happens after a respring, or a userspace reboot, or re-jailbreak, or completely random after idling.
(kinda annoying when this happened while getting a call)
this time i finally try looking the log from Antoine (attachment below)
To Reproduce Steps to reproduce the behavior:
Expected behavior should be start recording (attachment number 3)
Screenshots
https://github.com/Lessica/TrollRecorder/assets/15857763/49560fba-6eb4-403d-9ca5-ab40656f8df0
the error log
should be like this
https://github.com/Lessica/TrollRecorder/assets/15857763/de11f282-1edf-44fb-8b2f-aac35cb36237
Please complete the following information:
Additional context