search

frida / frida-tools

Frida CLI tools
Other
348 stars 97 forks source link

frida-ps segfaults for jailed iOS devices (but works for Android) #55

Open alisianoi opened 3 years ago

alisianoi commented 3 years ago

System information:

$ uname -a
Darwin <hostname> 20.5.0 Darwin Kernel Version 20.5.0: Sat May  8 05:10:33 PDT 2021; root:xnu-7195.121.3~9/RELEASE_X86_64 x86_64

Steps to reproduce:

  1. Prepare a fresh virtual environment for Frida tools:

    $ pyenv virtualenv 3.9.5 3.9.5-frida-tools
$ pyenv local 3.9.5-frida-tools
$ pip install --upgrade pip
$ pip install --upgrade setuptools
$ python --version
Python 3.9.5
$ pip list -v
Package    Version Location                                                                                 Installer
---------- ------- ---------------------------------------------------------------------------------------- ---------
pip        21.1.2  /Users/iosbuild/.pyenv/versions/3.9.5/envs/3.9.5-frida-tools/lib/python3.9/site-packages pip
setuptools 57.0.0  /Users/iosbuild/.pyenv/versions/3.9.5/envs/3.9.5-frida-tools/lib/python3.9/site-packages pip

  2. Install frida-tools

    $ pip install frida-tools
$ pyenv which frida-ls-devices
/Users/iosbuild/.pyenv/versions/3.9.5-frida-tools/bin/frida-ls-devices
$ pyenv which frida-ps
/Users/iosbuild/.pyenv/versions/3.9.5-frida-tools/bin/frida-ps

  3. Produce a segmentation fault:

    $ frida-ls-devices
Id                                        Type    Name        
----------------------------------------  ------  ------------
local                                     local   Local System
<serial-one-redacted>                     usb     Mi A3
<serial-two-redacted>                     usb     iPhone
$ firda-ps --device <serial-one-redacted>
<produces a list of processes>
$ frida-ps --device <serial-two-redacted>
Failed to enumerate processes: channel closed                           
zsh: segmentation fault  frida-ps --device <serial-two-redacted>

In the segmentation fault above, the "Failed to enumerate processes" sometimes is not visible, and only the segmentation fault message is there. I am also attaching a crash report from /Users/iosbuild/Library/Logs/DiagnosticReports/, which shows the crash happens in frida-main-loop.

Same segmentation fault occurs if I build Frida from source on that machine following these instructions.

$ ./build/frida-macos-x86_64/bin/frida-ps --device <serial-two-redacted>
Failed to enumerate processes: channel closed                           
zsh: segmentation fault  ./build/frida-macos-x86_64/bin/frida-ps --device <serial-two-redacted>

Finally, Frida worked on that machine one week ago (21st of May), so something changed either on the machine or for Frida in the last week.