as0ler
commented
2 years ago Is it happening with all your applications? Please give more feedback to see what's the root cause of it.
Thank you!
Closed d3ibis closed 2 years ago
as0ler
commented
2 years ago Is it happening with all your applications? Please give more feedback to see what's the root cause of it.
Thank you!
bt
commented
2 years ago I'm also experiencing this issue with a new installation. I tried with a couple apps.
iPhone 7 Plus, iOS 13.4.1, jailbroken with checkra1n.
d3ibis
commented
2 years ago Is it happening with all your applications? Please give more feedback to see what's the root cause of it.
Thank you!
Nothing to add actually, this is happening to all of my applications along with new installed ones.
I'm also like last conment, iPhone 7 (A10) with 14.4.2 iOS with Checkra1n
as0ler
commented
2 years ago Have you tried to spawn the app using r2frida? r2 frida://usb/launch//
As well, verify the bundle id is correct using r2flutch -l or frida-ps -U -i -a.
d3ibis
commented
2 years ago r2 frida://usb/launch//
getting same for spawning
[r] Cannot open 'frida://usb/launch//com.6alabat.cuisineapp'
Or when typing app name:
[r] Cannot open 'frida://usb/launch//talabat'
Also checked bundle id, with more than 1 app.
d3ibis
commented
2 years ago @as0ler Issues were fixed, re-installed radare2 using:
git clone https://github.com/radareorg/radare2
radare2/sys/install.shThen re-installed r2flutch using:
r2pm -ci r2flutch
All working now:
Issue closed!
d3ibis
commented
2 years ago I noticed apps with jailbreak detection (2 apps one is crashing and the other open web browser with crash to app) are not saved or decrypted, any workaround ?
Tried with other apps, worked flawlessly!
as0ler
commented
2 years ago there is no native support to bypass the controls for apps with jailbreak detection. You should analyze the app and bypass the checks with r2frida. Then, launching the app with early instrumentation using the script and attaching it to the process should be fine.
d3ibis
commented
2 years ago For now I'll use flexdecrypt for them on device...i thought i can decrypt them using r2flutch in order to analyze later.
Much appreciated & ThanQ.
as0ler
commented
2 years ago is flexdecrypt having support for this?
I'm thinking in adding support to bypass basic jb detections, so perhaps is coming sooner than later :)
d3ibis
commented
2 years ago flexdecrypt only decrypts main app binary and save it in specific folder on device, later on we can just copt it alone or do the whole process with ssh (tried it with 3 apps with jailbreak detection and decrypted the 3 of them in seconds).
For r2flutch, it is opening the app then app is crashing and process is terminated, flexdecrypt is dealing with main binary file directly.
as0ler
commented
2 years ago r2flutch is getting only the main app by default (without -i flag).
It's easy to add support to decrypt jb apps during early instrumentation, but you have to bypass the ios watchdog to avoid crashing the app by the os.
I will think on add this for future releases :)
Thank you for the feedback!
d3ibis
commented
2 years ago Here is flexdecrypt:
Waiting for ur updates <3 ThanQ!
For all applications...
Any suggestion ?