search

frida / frida-swift-bridge

Frida's finally getting Swifty
Apache License 2.0
122 stars 15 forks source link

Frida console: typing `Swift.` crashes the app process #8

Open jpstotz opened 1 year ago

jpstotz commented 1 year ago

Observed on iOS 14.2. Just typing on the Frida console: Swift. crashes the app. It happens on any pre-installed app that belongs to iOS (Messages, App Store, ...).

If I use Twitter app from App Store (I get v9.44 for iOS 14.2) I get a tiny bit further: It crashes after executing the command Swift.available.

frida -U Messages
     ____
    / _  |   Frida 16.0.10 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to Apple iPhone (id=00008020-0001695C2EC3002E)

[Apple iPhone::Messages ]-> Swift.Process crashed: SIGABRT

***
Incident Identifier: 38CF3D02-0417-4456-9147-3B47BE1AAEEE
CrashReporter Key:   595f1e4e8d21aa3eadc5f578b8a3de5870f9ef0f
Hardware Model:      iPhone11,8
Process:             MobileSMS [2174]
Path:                /Applications/MobileSMS.app/MobileSMS
Identifier:          com.apple.MobileSMS
Version:             6000 (14.0)
Code Type:           ARM-64 (Native)
Role:                Foreground
Parent Process:      launchd [1]
Coalition:           com.apple.MobileSMS [1038]

Date/Time:           2023-02-24 12:04:47.4189 +0100
Launch Time:         2023-02-24 12:04:24.1619 +0100
OS Version:          iPhone OS 14.2 (18B92)
Release Type:        User
Baseband Version:    3.01.01
Report Version:      104

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note:  EXC_CORPSE_NOTIFY
Triggered by Thread:  10
jpstotz commented 1 year ago

I tried to understand what is going wrong by identifying the code that makes the app crash. Therefore I checked out and built this project as described. Then tried to add console.log statements to the code to narrow down the problematic code part.

Unfortunately this Typescript project seems to be configured rather strange as there is no console.log available and I am not familiar with such projects to make it work :(

osown commented 1 year ago

Same here, after typing Swift. frida dies.

frida -U -f com.apple.mobilesafari
     ____
    / _  |   Frida 16.0.11 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to iOS Device (id=fe3ade8c294adf31dc08d43e3e069cffa288840a)
Spawned `com.apple.mobilesafari`. Resuming main thread!
[iOS Device::com.apple.mobilesafari ]-> Swift.Process terminated
[iOS Device::com.apple.mobilesafari ]-> Swift.

Thank you for using Frida!
NSEcho commented 1 year ago

This is due to using Module.unsureInitialized("CoreFoundation"), if there is no CoreFoundation loaded gum throws an error which crashes the app. This should probably be replaced with non-crashing code and at least make Swift.available return false.

taoyuliang commented 8 months ago

Same issue happens on Android. Process terminated once typing Java or Java.available. But this only happens to one specific apk, maybe there is some anti-frida/debugger machenism included(this apk has one .so file and used o-llvm, so it's hard to follow init_proc function which o-llvmed)

novitae commented 6 months ago

Also happening to me