maximilianosinski
commented
6 months ago Closed maximilianosinski closed 5 months ago
maximilianosinski
commented
6 months ago 
charleywright
commented
6 months ago You have to give it the path to the Spotify file inside the IPA. Since an IPA is a glorified zip file you can decompress it which should give you this:
├── Payload
│ └── Spotify.app
│ ├── Spotify
│ └── <other files>
├── Spotify.ipaWhen you run the injector, you should use the path to the Spotify file inside the Payload/Spotify.app directory, for example if the IPA was decompressed into /tmp the command might look like this:
needle-injector --target ios --exec com.spotify.client --binary /tmp/Payload/Spotify.app/Spotifystill not working, getting some new errors, spotify is frozen also on the phone.
C:\Users\xxxx\Downloads\Jailbreak\spotify-analyze-v2-master\needle\injector\target\release>needle-injector.exe --target ios --exec com.spotify.client.SM36V8489A --binary C:\Users\xxxx\Downloads\Jailbreak\spotify-analyze-v2-master\needle\injector\target\release\Payload\Spotify.app\Spotify
Target: ios
Executable: com.spotify.client.SM36V8489A
Binary: \\?\C:\Users\xxxx\Downloads\Jailbreak\spotify-analyze-v2-master\needle\injector\target\release\Payload\Spotify.app\Spotify
Detected Mach-O image as 64-bit Little Endian
Found Mach-O file header for arm64 with 128 load commands
Skipping __PAGEZERO segment
Found Mach-O relocation 0x0000000000-0x0006f8c000 -> 0x0100000000-0x0106f8c000 [ __TEXT ] with 27 sections
Found Mach-O relocation 0x0006f8c000-0x00074f4000 -> 0x0106f8c000-0x01074f4000 [ __DATA_CONST ] with 14 sections
Found Mach-O relocation 0x00074f4000-0x0007f94000 -> 0x01074f4000-0x01082bc000 [ __DATA ] with 17 sections
Found Mach-O relocation 0x0007f94000-0x000835fbd0 -> 0x01082bc000-0x0108688000 [ __LINKEDIT ] with 0 sections
Found server public key at Spotify:0x0005d8d59c Offset: 0x0005d8d59c Address: 0x0105d8d59c
Found shannon constant at Spotify:0x000016db24 Offset: 0x000016db24 Address: 0x010016db24
Found shannon constant at Spotify:0x0000937ae8 Offset: 0x0000937ae8 Address: 0x0100937ae8
Found shannon constant at Spotify:0x0000a52638 Offset: 0x0000a52638 Address: 0x0100a52638
Found shannon constant at Spotify:0x0000bfb59c Offset: 0x0000bfb59c Address: 0x0100bfb59c
Found shannon constant at Spotify:0x0001711af0 Offset: 0x0001711af0 Address: 0x0101711af0
Found shannon constant at Spotify:0x0001711c34 Offset: 0x0001711c34 Address: 0x0101711c34
Found shannon constant at Spotify:0x0004019fa0 Offset: 0x0004019fa0 Address: 0x0104019fa0
Found function prologue at Spotify:0x0004019808 Offset: 0x0004019808 Address: 0x0104019808
Found function prologue at Spotify:0x0004019754 Offset: 0x0004019754 Address: 0x0104019754
Using offsets:
- shannon_offset1: 0x0004019808
- shannon_offset2: 0x0004019754
- server_public_key: 0x0005d8d59c
Found package.json at C:\Users\xxxx\Downloads\Jailbreak\spotify-analyze-v2-master\needle\package.json
Using script dir C:\Users\xxxx\Downloads\Jailbreak\spotify-analyze-v2-master\needle
v20.11.1
'yarn' is not recognized as an internal or external command,
operable program or batch file.
10.2.4
'yarn' is not recognized as an internal or external command,
operable program or batch file.
Running command `"node" "C:\\Users\\xxxx\\Downloads\\Jailbreak\\spotify-analyze-v2-master\\needle\\bootstrap.js" "--platform" "ios" "--exec" "com.spotify.client.SM36V8489A" "--" "serverKey=0x5d8d59c" "shnAddr1=0x4019808" "shnAddr2=0x4019754"`
Spawned process 10352
[STATUS] Injected into process. Got arguments:
{
"serverKey": "0x5d8d59c",
"shnAddr1": "0x4019808",
"shnAddr2": "0x4019754"
}
[STATUS] Hooking shannon functions
node:internal/process/promises:289
triggerUncaughtException(err, true /* fromPromise */);
^
Error: access violation accessing 0x993e19e10
at b (src/shannon.ts:31)
at h (src/shannon.ts:40)
at m (src/shannon.ts:79)
at d (src/backend/index.ts:26)
at u (src/backend/ios.ts:28)
at apply (native)
at <anonymous> (frida/runtime/message-dispatcher.js:13)
at c (frida/runtime/message-dispatcher.js:23) {
type: 'access-violation',
address: '0x199a64cf4',
memory: { operation: 'read', address: '0x993e19e10' },
context: {
pc: '0x199a64cf4',
sp: '0x16f2dbeb0',
nzcv: 0,
x0: '0x10a238b90',
x1: '0x10a2380d0',
x2: '0x4',
x3: '0x3e0ba1d4a8',
x4: '0x3d',
x5: '0x16f2dbef8',
x6: '0x16f2dbee0',
x7: '0x10b9c568c',
x8: '0x16f2dc020',
x9: '0x104f09808',
x10: '0x58',
x11: '0x10b8f00b4',
x12: '0x20',
x13: '0x3d75d9f993e19e03',
x14: '0x0',
x15: '0x993e19e00',
x16: '0x993e19e00',
x17: '0x1',
x18: '0x0',
x19: '0x0',
x20: '0x16f2dc020',
x21: '0x4',
x22: '0x0',
x23: '0x109ed3ab8',
x24: '0x0',
x25: '0x16f2dc000',
x26: '0x0',
x27: '0x3',
x28: '0x16f2dbff0',
fp: '0x16f2dbed0',
lr: '0x104f0980c',
q0: {},
q1: {},
q2: {},
q3: {},
q4: {},
q5: {},
q6: {},
q7: {},
q8: {},
q9: {},
q10: {},
q11: {},
q12: {},
q13: {},
q14: {},
q15: {},
q16: {},
q17: {},
q18: {},
q19: {},
q20: {},
q21: {},
q22: {},
q23: {},
q24: {},
q25: {},
q26: {},
q27: {},
q28: {},
q29: {},
q30: {},
q31: {},
d0: 0,
d1: 0,
d2: 0,
d3: 0,
d4: 0,
d5: 0,
d6: 0,
d7: 0,
d8: 0,
d9: 0,
d10: 0,
d11: 0,
d12: 0,
d13: 0,
d14: 0,
d15: 0,
d16: 0,
d17: 0,
d18: 0,
d19: 0,
d20: 0,
d21: 0,
d22: 0,
d23: 0,
d24: 0,
d25: 0,
d26: 0,
d27: 0,
d28: 0,
d29: 0,
d30: 0,
d31: 0,
s0: 0,
s1: 0,
s2: 0,
s3: 0,
s4: 0,
s5: 0,
s6: 0,
s7: 0,
s8: 0,
s9: 0,
s10: 0,
s11: 0,
s12: 0,
s13: 0,
s14: 0,
s15: 0,
s16: 0,
s17: 0,
s18: 0,
s19: 0,
s20: 0,
s21: 0,
s22: 0,
s23: 0,
s24: 0,
s25: 0,
s26: 0,
s27: 0,
s28: 0,
s29: 0,
s30: 0,
s31: 0
},
nativeContext: '0x0',
fileName: 'src/shannon.ts',
lineNumber: 31
}
Node.js v20.11.1