search

frida / frida-gum

Cross-platform instrumentation and introspection library written in C
https://frida.re
Other
727 stars 240 forks source link

darwin: Fix sysroot on simulator #809

Closed ChiChou closed 1 month ago

ChiChou commented 1 month ago

The patch for https://github.com/frida/frida/issues/2763

frida has stoppped working on iOS simulators for months, getting module not found at "/usr/lib/libSystem.B.dylib" error. The root cause is the logic for getting sysroot stops working.

Had some discussion with @mrmacete yesterday at 0x41con. We talked about reading env remotely, but surprisingly found the current implementation has a cheat to simply detect the location of dyld_sim. However the assumtion that dyld_sim is the first loaded image is no longer true. We need one more loop to initialize sysroot before putting them to the lookup table.

Also I believe this is the correct patch for https://github.com/frida/frida-swift-bridge/pull/18

Kudos to Francesco for helping me to set up the latest env and understand the source! 🙌

ChiChou commented 1 month ago

This pull request has no test code yet. I wonder if it's possible for the CI to run the simulator..

ChiChou commented 1 month ago

Note that the module lookup logic is still problematic under other cases. Here are 2 examples:

  1. On macOS, turn off SIP and attach to WhatsApp Latest WhatsApp app seems working
  2. Some jailbreak users reported that it happens to their iOS too https://github.com/frida/frida/issues/2763#issuecomment-2186212537

They both throw the following exception, but the root cause should be different.

module not found at "/usr/lib/libSystem.B.dylib"

oleavr commented 1 month ago

Ooh, great catch! Thanks! 🙌