search

nabla-c0d3 / ssl-kill-switch2

Blackbox tool to disable SSL certificate validation - including certificate pinning - within iOS and macOS applications.
Other
3.07k stars 466 forks source link

Keep crashing the securityuploadd on checkra1n 0.11.0 - iOS 13.7 #91

Closed avltree9798 closed 3 years ago

avltree9798 commented 4 years ago

Hi,

when SSL Kill Switch 2 is enabled, this keep securityuploadd crashing, and any other application with similar logs

Date: 9/25/20, 3:24 AM
Process: securityuploadd
Bundle id: (null)
Device: iPhone X, iOS 13.7

Exception type: EXC_BAD_INSTRUCTION (SIGILL)
Exception subtype: (null)
Exception codes: 0x0000000000000000, 0x0000000000000001
Culprit: Unknown

Triggered by thread: 3
Thread name: Dispatch queue: com.apple.network.connections
Call stack:
0   libboringssl.dylib              0x00000001bc8270c8 0x1bc7d3000 + 344264         // SSL_set_custom_verify
1   libboringssl.dylib              0x00000001bc837a70 0x1bc7d3000 + 412272         // boringssl_context_set_verify_mode
2   libboringssl.dylib              0x00000001bc7df16c 0x1bc7d3000 + 49516          // __boringssl_session_apply_protocol_options_block_invoke
3   libnetwork.dylib                0x00000001b9d91274 0x1b9b3d000 + 2441844        // nw_protocol_options_access_handle
4   libboringssl.dylib              0x00000001bc7de7c8 0x1bc7d3000 + 47048          // boringssl_session_apply_protocol_options
5   libboringssl.dylib              0x00000001bc7e58e0 0x1bc7d3000 + 76000          // nw_protocol_boringssl_connected
6   libusrtcp.dylib                 0x00000001bcc31214 0x1bcc13000 + 123412         // nw_protocol_tcp_wake_connected
7   libusrtcp.dylib                 0x00000001bcc58918 0x1bcc13000 + 284952         // tcp_input_available
8   libusrtcp.dylib                 0x00000001bcc207f8 0x1bcc13000 + 55288          // nw_protocol_tcp_input_available
9   libnetwork.dylib                0x00000001b9d241cc 0x1b9b3d000 + 1995212        // nw_channel_add_input_frames
10  libnetwork.dylib                0x00000001b9d23068 0x1b9b3d000 + 1990760        // nw_channel_update_input_source
11  libnetwork.dylib                0x00000001b9d2289c 0x1b9b3d000 + 1988764        // __nw_channel_create_block_invoke.22
12  libdispatch.dylib               0x00000001b75c3524 0x1b7568000 + 374052         // _dispatch_client_callout
13  libdispatch.dylib               0x00000001b759d274 0x1b7568000 + 217716         // _dispatch_continuation_pop$VARIANT$armv81
14  libdispatch.dylib               0x00000001b75ad410 0x1b7568000 + 283664         // _dispatch_source_invoke$VARIANT$armv81
15  libdispatch.dylib               0x00000001b75a25e8 0x1b7568000 + 239080         // _dispatch_workloop_invoke$VARIANT$armv81
16  libdispatch.dylib               0x00000001b75aa84c 0x1b7568000 + 272460         // _dispatch_workloop_worker_thread
17  libsystem_pthread.dylib         0x00000001b7614b74 0x1b7609000 + 47988          // _pthread_wqthread
18  libsystem_pthread.dylib         0x00000001b7617740 0x1b7609000 + 59200          // start_wqthread

Register values:
PC: 0x1b76d11ec         LR: 0x1b75952f4         CPSR: 0x80000000
x0: 0xe                 x1: 0x3b9a5c230000012b  x2: 0x3b9a5c23
x3: 0xfffffc088         x4: 0x1c07              x5: 0x0
x6: 0x0                 x7: 0x403               x8: 0x3b9a5c23
x9: 0xaaaaaaaaaaaaaaab  x10: 0x1b756a234        x11: 0x207dc2b41
x12: 0x207dc2b41        x13: 0x16               x14: 0x1
x15: 0x881              x16: 0xffffffffffffffda x17: 0x80
x18: 0x0                x19: 0x1                x20: 0x7a447667a
x21: 0x105514b60        x22: 0x3b9aca00         x23: 0x1054210d0
x24: 0x105507710        x25: 0x105514b20        x26: 0x10550deb0
x27: 0x105424510        x28: 0x0

Loaded images:
0: /usr/libexec/securityuploadd
1: /usr/lib/substrate/SubstrateBootstrap.dylib
2: /usr/lib/substrate/SubstrateInserter.dylib
3: /Library/MobileSubstrate/DynamicLibraries/SSLKillSwitch2.dylib
4: /usr/lib/substrate/SubstrateLoader.dylib
5: /Library/MobileSubstrate/DynamicLibraries/__Cr4shed.dylib
6: /usr/lib/libmryipc.dylib
7: /Library/Caches/cy-JFWRa0.dylib
8: /usr/lib/libsubstrate.dylib
9: /usr/lib/libstdc++.6.dylib
10: /usr/lib/system/libsystem_trace.dylib
11: /usr/lib/system/libxpc.dylib
12: /usr/lib/system/libsystem_blocks.dylib
13: /usr/lib/system/libsystem_c.dylib
14: /usr/lib/system/libdispatch.dylib
15: /usr/lib/system/libsystem_malloc.dylib
16: /usr/lib/system/libsystem_platform.dylib
17: /usr/lib/system/libsystem_pthread.dylib
18: /usr/lib/libobjc.A.dylib
19: /usr/lib/system/libcorecrypto.dylib
20: /usr/lib/libc++abi.dylib
21: /usr/lib/system/libsystem_kernel.dylib
22: /usr/lib/system/libdyld.dylib
23: /usr/lib/system/libsystem_darwin.dylib
24: /usr/lib/libc++.1.dylib
25: /usr/lib/system/libsystem_info.dylib
26: /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation
27: /System/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration
28: /System/Library/Frameworks/Foundation.framework/Foundation
29: /usr/lib/libCRFSuite.dylib
30: /System/Library/Frameworks/CoreServices.framework/CoreServices
31: /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libSparse.dylib
32: /System/Library/Frameworks/ImageIO.framework/ImageIO
33: /System/Library/PrivateFrameworks/ConstantClasses.framework/ConstantClasses
34: /System/Library/Frameworks/CoreText.framework/CoreText
35: /System/Library/Frameworks/Security.framework/Security
36: /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit
37: /usr/lib/libMobileGestalt.dylib
38: /usr/lib/libprotobuf.dylib
39: /usr/lib/libprotobuf-lite.dylib
40: /usr/lib/libicucore.A.dylib
41: /System/Library/PrivateFrameworks/CoreServicesInternal.framework/CoreServicesInternal
42: /System/Library/PrivateFrameworks/WirelessDiagnostics.framework/WirelessDiagnostics
43: /usr/lib/libAWDSupport.dylib
44: /System/Library/Frameworks/CoreAudio.framework/CoreAudio
45: /System/Library/Frameworks/CoreImage.framework/CoreImage
46: /usr/lib/libsqlite3.dylib
47: /System/Library/PrivateFrameworks/MobileKeyBag.framework/MobileKeyBag
48: /usr/lib/system/libsystem_notify.dylib
49: /System/Library/PrivateFrameworks/AppSupport.framework/AppSupport
50: /usr/lib/libnetwork.dylib
51: /System/Library/PrivateFrameworks/ManagedConfiguration.framework/ManagedConfiguration
52: /System/Library/PrivateFrameworks/CoreServicesStore.framework/CoreServicesStore
53: /System/Library/PrivateFrameworks/UserManagement.framework/UserManagement
54: /System/Library/PrivateFrameworks/ProtocolBuffer.framework/ProtocolBuffer
55: /System/Library/PrivateFrameworks/CommonUtilities.framework/CommonUtilities
56: /usr/lib/libenergytrace.dylib
57: /System/Library/PrivateFrameworks/RunningBoardServices.framework/RunningBoardServices
58: /System/Library/PrivateFrameworks/BaseBoard.framework/BaseBoard
59: /System/Library/Frameworks/Accounts.framework/Accounts
60: /System/Library/Frameworks/CFNetwork.framework/CFNetwork
61: /System/Library/PrivateFrameworks/AssertionServices.framework/AssertionServices
62: /System/Library/Frameworks/CoreTelephony.framework/CoreTelephony
63: /System/Library/PrivateFrameworks/AggregateDictionary.framework/AggregateDictionary
64: /usr/lib/system/libsystem_asl.dylib
65: /System/Library/Frameworks/CoreData.framework/CoreData
66: /System/Library/PrivateFrameworks/BoardServices.framework/BoardServices
67: /usr/lib/libboringssl.dylib
68: /usr/lib/system/libsystem_networkextension.dylib
69: /System/Library/PrivateFrameworks/CoreAnalytics.framework/CoreAnalytics
70: /System/Library/PrivateFrameworks/SpringBoardServices.framework/SpringBoardServices
71: /System/Library/PrivateFrameworks/FrontBoardServices.framework/FrontBoardServices
72: /System/Library/Frameworks/Network.framework/Network
73: /usr/lib/libusrtcp.dylib
74: /usr/lib/system/libsystem_symptoms.dylib
75: /System/Library/PrivateFrameworks/TCC.framework/TCC
76: /System/Library/PrivateFrameworks/IMFoundation.framework/IMFoundation
77: /System/Library/PrivateFrameworks/CoreUtils.framework/CoreUtils
78: /usr/lib/system/libsystem_containermanager.dylib
79: /System/Library/PrivateFrameworks/AppleAccount.framework/AppleAccount
80: /System/Library/PrivateFrameworks/ApplePushService.framework/ApplePushService
81: /System/Library/PrivateFrameworks/IDS.framework/IDS
82: /System/Library/PrivateFrameworks/IDSFoundation.framework/IDSFoundation
83: /usr/lib/libCTGreenTeaLogger.dylib
84: /System/Library/Frameworks/CoreMedia.framework/CoreMedia
85: /System/Library/PrivateFrameworks/BackBoardServices.framework/BackBoardServices
86: /System/Library/Frameworks/QuartzCore.framework/QuartzCore
87: /System/Library/PrivateFrameworks/ColorSync.framework/ColorSync
88: /System/Library/Frameworks/CoreGraphics.framework/CoreGraphics
89: /usr/lib/libAccessibility.dylib
90: /System/Library/PrivateFrameworks/AXCoreUtilities.framework/AXCoreUtilities
91: /System/Library/PrivateFrameworks/PowerLog.framework/PowerLog
92: /System/Library/Frameworks/IOSurface.framework/IOSurface
93: /System/Library/PrivateFrameworks/GraphicsServices.framework/GraphicsServices
94: /System/Library/PrivateFrameworks/MobileWiFi.framework/MobileWiFi
95: /System/Library/PrivateFrameworks/FontServices.framework/libGSFont.dylib
96: /System/Library/PrivateFrameworks/FontServices.framework/FontServices
97: /System/Library/PrivateFrameworks/FontServices.framework/libFontParser.dylib
98: /System/Library/Frameworks/Accelerate.framework/Frameworks/vImage.framework/vImage
99: /usr/lib/libAudioToolboxUtility.dylib
100: /System/Library/PrivateFrameworks/AuthKit.framework/AuthKit
101: /System/Library/PrivateFrameworks/CoreUI.framework/CoreUI
102: /System/Library/Frameworks/CoreVideo.framework/CoreVideo
103: /System/Library/PrivateFrameworks/AudioToolboxCore.framework/AudioToolboxCore
104: /System/Library/PrivateFrameworks/SetupAssistant.framework/SetupAssistant
105: /System/Library/PrivateFrameworks/PlugInKit.framework/PlugInKit
106: /System/Library/PrivateFrameworks/MediaExperience.framework/MediaExperience
107: /System/Library/PrivateFrameworks/CrashReporterSupport.framework/CrashReporterSupport
108: /usr/lib/system/libsystem_configuration.dylib
109: /usr/lib/liblangid.dylib
110: /usr/lib/libTelephonyUtilDynamic.dylib
111: /System/Library/PrivateFrameworks/IOMobileFramebuffer.framework/IOMobileFramebuffer
112: /usr/lib/libxml2.2.dylib
113: /System/Library/PrivateFrameworks/PersistentConnection.framework/PersistentConnection
114: /System/Library/PrivateFrameworks/CorePhoneNumbers.framework/CorePhoneNumbers
115: /System/Library/PrivateFrameworks/CoreSVG.framework/CoreSVG
116: /System/Library/PrivateFrameworks/MallocStackLogging.framework/MallocStackLogging
117: /System/Library/Frameworks/CoreBluetooth.framework/CoreBluetooth
118: /usr/lib/system/libsystem_sandbox.dylib
119: /System/Library/PrivateFrameworks/Rapport.framework/Rapport
120: /System/Library/PrivateFrameworks/OSAnalytics.framework/OSAnalytics
121: /System/Library/PrivateFrameworks/MobileInstallation.framework/MobileInstallation
122: /System/Library/Frameworks/Metal.framework/Metal
123: /System/Library/PrivateFrameworks/IOAccelerator.framework/IOAccelerator
124: /System/Library/Frameworks/MediaAccessibility.framework/MediaAccessibility
125: /usr/lib/system/libsystem_dnssd.dylib
126: /System/Library/Frameworks/VideoToolbox.framework/VideoToolbox
127: /System/Library/PrivateFrameworks/SymptomDiagnosticReporter.framework/SymptomDiagnosticReporter
128: /System/Library/PrivateFrameworks/IOSurfaceAccelerator.framework/IOSurfaceAccelerator
129: /System/Library/PrivateFrameworks/CoreFollowUp.framework/CoreFollowUp
130: /usr/lib/libcoretls.dylib
131: /usr/lib/libate.dylib
132: /System/Library/PrivateFrameworks/DataMigration.framework/DataMigration
133: /System/Library/PrivateFrameworks/WatchdogClient.framework/WatchdogClient
134: /System/Library/PrivateFrameworks/CPMS.framework/CPMS
135: /System/Library/PrivateFrameworks/MobileBackup.framework/MobileBackup
136: /System/Library/PrivateFrameworks/CoreTime.framework/CoreTime
137: /System/Library/PrivateFrameworks/AppConduit.framework/AppConduit
138: /System/Library/PrivateFrameworks/IntlPreferences.framework/IntlPreferences
139: /System/Library/PrivateFrameworks/CoreBrightness.framework/CoreBrightness
140: /usr/lib/libIOReport.dylib
141: /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libBNNS.dylib
142: /System/Library/Frameworks/LocalAuthentication.framework/LocalAuthentication
143: /System/Library/PrivateFrameworks/CaptiveNetwork.framework/CaptiveNetwork
144: /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libBLAS.dylib
145: /usr/lib/libtailspin.dylib
146: /System/Library/PrivateFrameworks/MobileIcons.framework/MobileIcons
147: /System/Library/PrivateFrameworks/CoreSymbolication.framework/CoreSymbolication
148: /System/Library/PrivateFrameworks/IdleTimerServices.framework/IdleTimerServices
149: /System/Library/PrivateFrameworks/LoggingSupport.framework/LoggingSupport
150: /System/Library/Frameworks/OpenGLES.framework/OpenGLES
151: /System/Library/Frameworks/OpenGLES.framework/libGFXShared.dylib
152: /System/Library/Frameworks/LocalAuthentication.framework/Support/SharedUtils.framework/SharedUtils
153: /System/Library/PrivateFrameworks/StreamingZip.framework/StreamingZip
154: /System/Library/PrivateFrameworks/Netrb.framework/Netrb
155: /System/Library/PrivateFrameworks/EAP8021X.framework/EAP8021X
156: /System/Library/PrivateFrameworks/OSAServicesClient.framework/OSAServicesClient
157: /System/Library/PrivateFrameworks/OAuth.framework/OAuth
158: /usr/lib/libarchive.2.dylib
159: /usr/lib/system/libsystem_coreservices.dylib
160: /usr/lib/libmis.dylib
161: /usr/lib/system/libcopyfile.dylib
162: /System/Library/PrivateFrameworks/AccountsDaemon.framework/AccountsDaemon
163: /System/Library/PrivateFrameworks/AppleIDSSOAuthentication.framework/AppleIDSSOAuthentication
164: /System/Library/PrivateFrameworks/Symbolication.framework/Symbolication
165: /System/Library/PrivateFrameworks/SignpostSupport.framework/SignpostSupport
166: /System/Library/PrivateFrameworks/SignpostCollection.framework/SignpostCollection
167: /System/Library/PrivateFrameworks/libEDR.framework/libEDR
168: /System/Library/PrivateFrameworks/caulk.framework/caulk
169: /System/Library/PrivateFrameworks/MobileSystemServices.framework/MobileSystemServices
170: /System/Library/PrivateFrameworks/HID.framework/HID
171: /System/Library/Frameworks/OpenGLES.framework/libGLImage.dylib
172: /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libSparseBLAS.dylib
173: /System/Library/PrivateFrameworks/Engram.framework/Engram
174: /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libLinearAlgebra.dylib
175: /System/Library/PrivateFrameworks/kperf.framework/kperf
176: /usr/lib/libpcap.A.dylib
177: /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libvDSP.dylib
178: /System/Library/PrivateFrameworks/SampleAnalysis.framework/SampleAnalysis
179: /System/Library/Frameworks/Accelerate.framework/Accelerate
180: /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libLAPACK.dylib
181: /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libQuadrature.dylib
182: /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/libvMisc.dylib
183: /System/Library/Frameworks/Accelerate.framework/Frameworks/vecLib.framework/vecLib
184: /System/Library/Frameworks/GSS.framework/GSS
185: /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSCore.framework/MPSCore
186: /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSImage.framework/MPSImage
187: /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSMatrix.framework/MPSMatrix
188: /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSNDArray.framework/MPSNDArray
189: /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSNeuralNetwork.framework/MPSNeuralNetwork
190: /System/Library/Frameworks/MetalPerformanceShaders.framework/Frameworks/MPSRayIntersector.framework/MPSRayIntersector
191: /System/Library/Frameworks/MetalPerformanceShaders.framework/MetalPerformanceShaders
192: /System/Library/Frameworks/MobileCoreServices.framework/MobileCoreServices
193: /System/Library/Frameworks/OpenGLES.framework/libCVMSPluginSupport.dylib
194: /System/Library/Frameworks/OpenGLES.framework/libCoreFSCache.dylib
195: /System/Library/Frameworks/OpenGLES.framework/libCoreVMClient.dylib
196: /System/Library/PrivateFrameworks/APFS.framework/APFS
197: /System/Library/PrivateFrameworks/ASEProcessing.framework/ASEProcessing
198: /System/Library/PrivateFrameworks/AccountSettings.framework/AccountSettings
199: /System/Library/PrivateFrameworks/AppleIDAuthSupport.framework/AppleIDAuthSupport
200: /System/Library/PrivateFrameworks/AppleJPEG.framework/AppleJPEG
201: /System/Library/PrivateFrameworks/AppleSauce.framework/AppleSauce
202: /System/Library/PrivateFrameworks/Bom.framework/Bom
203: /System/Library/PrivateFrameworks/CommonAuth.framework/CommonAuth
204: /System/Library/PrivateFrameworks/DeviceIdentity.framework/DeviceIdentity
205: /System/Library/PrivateFrameworks/FaceCore.framework/FaceCore
206: /System/Library/PrivateFrameworks/FontServices.framework/libGSFontCache.dylib
207: /System/Library/PrivateFrameworks/FontServices.framework/libhvf.dylib
208: /System/Library/PrivateFrameworks/GraphVisualizer.framework/GraphVisualizer
209: /System/Library/PrivateFrameworks/Heimdal.framework/Heimdal
210: /System/Library/PrivateFrameworks/InternationalSupport.framework/InternationalSupport
211: /System/Library/PrivateFrameworks/Marco.framework/Marco
212: /System/Library/PrivateFrameworks/MobileDeviceLink.framework/MobileDeviceLink
213: /System/Library/PrivateFrameworks/OTSVG.framework/OTSVG
214: /System/Library/PrivateFrameworks/PhoneNumbers.framework/PhoneNumbers
215: /System/Library/PrivateFrameworks/SetupAssistantSupport.framework/SetupAssistantSupport
216: /System/Library/PrivateFrameworks/TextureIO.framework/TextureIO
217: /System/Library/PrivateFrameworks/kperfdata.framework/kperfdata
218: /System/Library/PrivateFrameworks/ktrace.framework/ktrace
219: /usr/lib/libAWDSupportFramework.dylib
220: /usr/lib/libFosl_dynamic.dylib
221: /usr/lib/libSystem.B.dylib
222: /usr/lib/libapple_nghttp2.dylib
223: /usr/lib/libbsm.0.dylib
224: /usr/lib/libbz2.1.0.dylib
225: /usr/lib/libcharset.1.dylib
226: /usr/lib/libcompression.dylib
227: /usr/lib/libcoretls_cfhelpers.dylib
228: /usr/lib/libcupolicy.dylib
229: /usr/lib/libdscsym.dylib
230: /usr/lib/libheimdal-asn1.dylib
231: /usr/lib/libiconv.2.dylib
232: /usr/lib/liblockdown.dylib
233: /usr/lib/liblzma.5.dylib
234: /usr/lib/libncurses.5.4.dylib
235: /usr/lib/libresolv.9.dylib
236: /usr/lib/libtidy.A.dylib
237: /usr/lib/libutil.dylib
238: /usr/lib/libz.1.dylib
239: /usr/lib/system/libcache.dylib
240: /usr/lib/system/libcommonCrypto.dylib
241: /usr/lib/system/libcompiler_rt.dylib
242: /usr/lib/system/liblaunch.dylib
243: /usr/lib/system/libmacho.dylib
244: /usr/lib/system/libremovefile.dylib
245: /usr/lib/system/libsystem_featureflags.dylib
246: /usr/lib/system/libsystem_m.dylib
247: /usr/lib/system/libunwind.dylib
248: /System/Library/PrivateFrameworks/NanoRegistry.framework/NanoRegistry
249: /System/Library/PrivateFrameworks/NanoPreferencesSync.framework/NanoPreferencesSync
250: /System/Library/PrivateFrameworks/AppSSOCore.framework/AppSSOCore

{"ProcessBundleID":"","ProcessName":"securityuploadd","Culprit":"Unknown"}
liuxuan30 commented 4 years ago

you will need to check which function it crashed, with this trace it cannot tell too much