leonjza
commented
4 years ago I am not sure whats up, but my guess is it is architecture related. Want to try some of the official guides in the wiki perhaps?
Closed OevreFlataeker closed 4 years ago
leonjza
commented
4 years ago I am not sure whats up, but my guess is it is architecture related. Want to try some of the official guides in the wiki perhaps?
OevreFlataeker
commented
4 years ago Well - I was at first, but when it didnt work out I tried other howtos's as well. Basically I am getting the same error (shown above) also with the "official guides". Should I paste the whole logs here for further analysis?
leonjza
commented
4 years ago I think you are right in wanting to debug the code signing here. It seems to work ok for me locally, so not sure. :|
OevreFlataeker
commented
4 years ago Just learnt about this one. Could this be the issue?
`This is an issue with iOS 13.3.1. All dynamic frameworks being compiled to the newest release of iOS 13.3.1 are experiencing this issue when run on a personal provisioning profile/developer account. The solution, copied from jmagman from Github, is below.
You can:
Use a non-Personal Team provisioning profile (paid developer account). Run on the 13.3.1 simulator. Test on a real iOS device running 13.3 or lower. Install the beta profile on your test device and install iOS 13.4 beta 3. (Fixed) Wait for iOS 13.4 to be released. Hopefully this issue will be fixed soon.`
OevreFlataeker
commented
4 years ago It seems it is indeed related to 13.3.1! I just updated that old phone to 13.4.1 and I am no longer getting that error! Yaj!! But now:
[...] [ 60%] TakingInstallLock [ 65%] PreflightingApplication [ 65%] InstallingEmbeddedProfile [ 70%] VerifyingApplication [ 75%] CreatingContainer [ 80%] InstallingApplication [ 85%] PostflightingApplication [ 90%] SandboxingApplication [ 95%] GeneratingApplicationMap [100%] Installed package Payload/Pwn.app ------ Debug phase ------ Starting debug of 411ced1ef20dd3ae85e125f8dbd6635b58fe073f (N71mAP, iPhone 6s, iphoneos, arm64) a.k.a. 'Pwny' connected through USB... [ 0%] Looking up developer disk image [ 90%] Mounting developer disk image [ 95%] Developer disk image already mounted 2020-04-12 16:13:48.813 ios-deploy[8064:952135] [ !! ] Error 0xe8000022: The service is invalid. AMDeviceSecureStartService(device, CFSTR("com.apple.debugserver"), NULL, &con) bash-3.2$
Didn't have that one before? What am I missing now again?
OevreFlataeker
commented
4 years ago Seems today is update day... which will force me to upgrade to Catalina as well :-(
OevreFlataeker
commented
4 years ago After updating to Catalina as well as xcode 11.4. and rebuilding and redeploying my patched IPA, objection runs!
(lldb) command source -s 0 '/tmp/295BCDB9-4D9B-445B-84AF-81018F2A2A5D/fruitstrap-lldb-prep-cmds-411ced1ef20dd3ae85e125f8dbd6635b58fe073f' Executing commands in '/tmp/295BCDB9-4D9B-445B-84AF-81018F2A2A5D/fruitstrap-lldb-prep-cmds-411ced1ef20dd3ae85e125f8dbd6635b58fe073f'. (lldb) platform select remote-ios --sysroot '/Users/daubsi/Library/Developer/Xcode/iOS DeviceSupport/13.4.1 (17E262)/Symbols' Platform: remote-ios Connected: no SDK Path: "/Users/daubsi/Library/Developer/Xcode/iOS DeviceSupport/13.4.1 (17E262)/Symbols" (lldb) target create "/Users/daubsi/insert_dylib/Payload/Pwn.app" Current executable set to '/Users/daubsi/insert_dylib/Payload/Pwn.app' (arm64). (lldb) script fruitstrap_device_app="/private/var/containers/Bundle/Application/605F4E21-CE32-4E3A-BC06-515811F3ABB3/Pwn.app" (lldb) script fruitstrap_connect_url="connect://127.0.0.1:52441" (lldb) script fruitstrap_output_path="" (lldb) script fruitstrap_error_path="" (lldb) target modules search-paths add /usr "/Users/daubsi/Library/Developer/Xcode/iOS DeviceSupport/13.4.1 (17E262)/Symbols/usr" /System "/Users/daubsi/Library/Developer/Xcode/iOS DeviceSupport/13.4.1 (17E262)/Symbols/System" "/private/var/containers/Bundle/Application/605F4E21-CE32-4E3A-BC06-515811F3ABB3" "/Users/daubsi/insert_dylib/Payload" "/var/containers/Bundle/Application/605F4E21-CE32-4E3A-BC06-515811F3ABB3" "/Users/daubsi/insert_dylib/Payload" /Developer "/Users/daubsi/Library/Developer/Xcode/iOS DeviceSupport/13.4.1 (17E262)/Symbols/Developer" (lldb) command script import "/tmp/295BCDB9-4D9B-445B-84AF-81018F2A2A5D/fruitstrap_411ced1ef20dd3ae85e125f8dbd6635b58fe073f.py" (lldb) command script add -f fruitstrap_411ced1ef20dd3ae85e125f8dbd6635b58fe073f.connect_command connect (lldb) command script add -s asynchronous -f fruitstrap_411ced1ef20dd3ae85e125f8dbd6635b58fe073f.run_command run (lldb) command script add -s asynchronous -f fruitstrap_411ced1ef20dd3ae85e125f8dbd6635b58fe073f.autoexit_command autoexit (lldb) command script add -s asynchronous -f fruitstrap_411ced1ef20dd3ae85e125f8dbd6635b58fe073f.safequit_command safequit (lldb) connect (lldb) run success 2020-04-12 19:54:28.234841+0200 Pwn[533:81342] Frida: Listening on 127.0.0.1 TCP port 27042`
➜ insert_dylib git:(master) ✗ objection explore Using USB deviceiPhone`
Agent injected and responds ok!
_ _ _ _| ||| | ||| | . | . | | -| | | | . | | |__|| |||| ||||| ||(object)inject(ion) v1.9.1
Runtime Mobile Exploration
by: @leonjza from @sensepost[tab] for command suggestions de.bigigloo.Pwn on (iPhone: 13.4.1) [usb] #
`
:-D
I am using objection 1.9.1 and want to try out what I can do with my non JB iPhone 6s running IOS 13.3.1. I am far from being capable in iOS development, but I managed to deploy a self-signed app to the phone et al. (Using the free Apple Developer account).
Following up tutorials like https://www.secjuice.com/objection-frida-guide/ I got everything running until the app is started with ios-deploy. The problem I am facing is that the signature on FridaGadget.dylib is apparently considered invalid which stops the app from loading. My developer profile is trusted, I can start other apps I am test-deploying.
I've rerun the whole process and was also doing the whole signing process manually with the help of a friend and so far everything looks good.
codesign -v on the FridaGadget.dylibGives NO error, so it has a valid signature?I'm running out of ideas. Kindly lead me in the direction how to verify everything is ok or what I've been missing. Thank you.
While messing around with the whole patching/signing process I had a lot of "invalid entitlements" etc. errors, but I managed to solve all these in the mean time. Basically ios-deploy works exactly the same as the manual process.