oleavr
commented
7 months ago Nice catch!! Thanks! :raised_hands:
Closed mrmacete closed 7 months ago
oleavr
commented
7 months ago Nice catch!! Thanks! :raised_hands:
This change is needed because since iOS 17, Xcode can load the
/private/preboot/Cryptexes/OS/usr/lib/libLogRedirect.dyliblibrary (there’s also a macOS counterpart:/System/Cryptexes/OS/usr/lib/libLogRedirect.dylib) which uses interposing for wrapping a bunch of commonly used (and commonly hooked) symbols.Since those libraries are not in the dyld cache, Frida was flagging them as non-system libraries, making Interceptor fail loudly (instead of silently) if no direct import grafts were found in the loaded binaries for those symbols.
This change adds a check for
/private/prebootprefix, and now the prefix check is in OR with the dyld cache one instead of being mutually exclusive.