[bug] Run commands & script, getting "process is not suspended"

[konsumer]

Describe the bug I am trying to run ios sslpinning disable and open a url on device (via a javascript) I want it to run in other scripts, so I can automate the process, so it should fire ssl disable, open url, then exit.

To Reproduce Steps to reproduce the behavior:

First I have a script ios_openstore.js:

function openURL (url) {
  var w = ObjC.classes.LSApplicationWorkspace.defaultWorkspace()
  var toOpen = ObjC.classes.NSURL.URLWithString_(url)
  return w.openSensitiveURL_withOptions_(toOpen, null)
}
openURL('https://apps.apple.com/us/app/pixel-starships/id321756558?mt=12')

If I run

objection --gadget 'com.apple.AppStore' explore -s 'ios sslpinning disable'

# then in repl
evaluate ios_openstore.js

It works, but it's not automatic (it keeps a repl open)

First thing I tried was echo commands into it:

echo -n "evaluate ios_openstore.js\n\n" | objection --gadget 'com.apple.AppStore' explore -s 'ios sslpinning disable'

I get a whole bunch of these errors, and it doesn't work (as above):

Unhandled exception in event loop:
  File "/home/konsumer/.local/lib/python3.8/site-packages/prompt_toolkit/application/application.py", line 840, in in_term
    await _do_wait_for_enter("Press ENTER to continue...")
  File "/home/konsumer/.local/lib/python3.8/site-packages/prompt_toolkit/application/application.py", line 1177, in _do_wait_for_enter
    await session.app.run_async()
  File "/home/konsumer/.local/lib/python3.8/site-packages/prompt_toolkit/application/application.py", line 781, in run_async
    return await _run_async2()
  File "/home/konsumer/.local/lib/python3.8/site-packages/prompt_toolkit/application/application.py", line 763, in _run_async2
    result = await _run_async()
  File "/home/konsumer/.local/lib/python3.8/site-packages/prompt_toolkit/application/application.py", line 704, in _run_async
    result = await f

Exception 
^[[27;1RPress ENTER to continue...Exiting...

Next I tried using --startup-script:

objection --gadget 'com.apple.AppStore' explore -s 'ios sslpinning disable' --startup-script ios_openstore.js

I get this error:

Using USB device `iOS Device`
Agent injected and responds ok!
Running a startup command... ios sslpinning disable
(agent) Hooking common framework methods
(agent) Found NSURLSession based classes. Hooking known pinning methods.
(agent) Hooking lower level SSL methods
(agent) Hooking lower level TLS methods
(agent) Hooking BoringSSL methods
(agent) Registering job jobhrrqk84h. Type: ios-sslpinning-disable
Importing and running startup script at: <_io.TextIOWrapper name='ios_openstore.js' mode='r' encoding='UTF-8'>
OK
Traceback (most recent call last):
  File "/home/konsumer/.local/bin/objection", line 8, in <module>
    sys.exit(cli())
  File "/usr/lib/python3/dist-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/home/konsumer/.local/lib/python3.8/site-packages/objection/console/cli.py", line 149, in explore
    response = agent.single(startup_script.read())
  File "/home/konsumer/.local/lib/python3.8/site-packages/objection/utils/agent.py", line 249, in single
    self.device.resume(self.spawned_pid)
  File "/home/konsumer/.local/lib/python3.8/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/home/konsumer/.local/lib/python3.8/site-packages/frida/core.py", line 148, in resume
    self._impl.resume(self._pid_of(target))
frida.InvalidOperationError: process is not suspended
Asking jobs to stop...
Unloading objection agent...

Next I tried using api hoping I could pipe the commands in using curl (then kill the objection process when finished):

objection --gadget 'com.apple.AppStore' api & 
OBJECTION=$$
sleep 4
curl http://127.0.0.1:8888/rpc/invoke/iosPinningDisable
sleep 4
curl -X POST -H "Content-Type: text/javascript" http://127.0.0.1:8888/script/runonce -d "@ios_openstore.js" 
# outputs {"message":"Script failed to run: process is not suspended"}
kill -9 $OBJECTION

So it looks like main prob is process is not suspended in a few cases.

Expected behavior

I expect there to be a way to run a script after ios sslpinning disable then exit.

Evidence / Logs / Screenshots

objection --debug --gadget 'com.apple.AppStore' explore -s 'ios sslpinning disable' --startup-script ios_openstore.js

output:

[debug] Agent path is: /home/konsumer/.local/lib/python3.8/site-packages/objection/agent.js
[debug] Injecting agent...
Using USB device `iOS Device`
[debug] Attempting to attach to process: `com.apple.AppStore`
[debug] Unable to find process: `com.apple.AppStore`, attempting spawn
[debug] PID `16095` spawned, attaching...
[debug] Resuming PID `16095`
Agent injected and responds ok!
Running a startup command... ios sslpinning disable
- [incoming message] ------------------
{
  "payload": "\u001b[90mHooking common framework methods\u001b[39m",
  "type": "send"
}
- [./incoming message] ----------------
(agent) Hooking common framework methods
- [incoming message] ------------------
{
  "payload": "\u001b[90mFound NSURLSession based classes. Hooking known pinning methods.\u001b[39m",
  "type": "send"
}
- [./incoming message] ----------------
(agent) Found NSURLSession based classes. Hooking known pinning methods.
- [incoming message] ------------------
{
  "payload": "\u001b[90mHooking lower level SSL methods\u001b[39m",
  "type": "send"
}
- [./incoming message] ----------------
(agent) Hooking lower level SSL methods
- [incoming message] ------------------
{
  "payload": "\u001b[90mHooking lower level TLS methods\u001b[39m",
  "type": "send"
}
- [./incoming message] ----------------
(agent) Hooking lower level TLS methods
- [incoming message] ------------------
{
  "payload": "\u001b[90mHooking BoringSSL methods\u001b[39m",
  "type": "send"
}
- [./incoming message] ----------------
(agent) Hooking BoringSSL methods
- [incoming message] ------------------
{
  "payload": "Registering job \u001b[94mlracvzqnu7f\u001b[39m. Type: \u001b[92mios-sslpinning-disable\u001b[39m",
  "type": "send"
}
- [./incoming message] ----------------
(agent) Registering job lracvzqnu7f. Type: ios-sslpinning-disable
Importing and running startup script at: <_io.TextIOWrapper name='ios_openstore.js' mode='r' encoding='UTF-8'>
OK
[debug] Resuming PID `16095`
Traceback (most recent call last):
  File "/home/konsumer/.local/bin/objection", line 8, in <module>
    sys.exit(cli())
  File "/usr/lib/python3/dist-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/home/konsumer/.local/lib/python3.8/site-packages/objection/console/cli.py", line 149, in explore
    response = agent.single(startup_script.read())
  File "/home/konsumer/.local/lib/python3.8/site-packages/objection/utils/agent.py", line 249, in single
    self.device.resume(self.spawned_pid)
  File "/home/konsumer/.local/lib/python3.8/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/home/konsumer/.local/lib/python3.8/site-packages/frida/core.py", line 148, in resume
    self._impl.resume(self._pid_of(target))
frida.InvalidOperationError: process is not suspended
Asking jobs to stop...
Unloading objection agent...
[debug] Calling unload()

Environment (please complete the following information):

• Device: iPhoneX
• OS iOS13
• Frida Version:(on computer: 12.11.17, on phone: 12.10.4)
  • Objection Version: 1.9.6

[leonjza]

Hey could you try -s 'import ios_openstore.js' instead?

[konsumer]

It will take me a bit to test. I was hoping updating frida would help, but that broke my jailbreak. If I can fix that, I'll test it.

[konsumer]

Just got it all re-jailbroken on frida-server 14.0.7, and ran

objection --gadget 'com.apple.AppStore' explore -s 'ios sslpinning disable' --startup-script ios_openstore.js

And I got another probably unrelated error:

Using USB device `iOS Device`

(frida:4550): Frida-CRITICAL **: 15:08:08.663: file ../../../frida-core/lib/interfaces/session.vala: line 167: uncaught error: GDBus.Error:org.freedesktop.DBus.Error.UnknownMethod: No such interface “re.frida.HostSession12” on object at path /re/frida/HostSession (g-dbus-error-quark, 19)
[1]    4550 segmentation fault (core dumped)  objection --gadget 'com.apple.AppStore' explore -s 'ios sslpinning disable'

Also tried with a simpler command that used to work and got same error:

objection --gadget 'com.apple.AppStore' explore

[konsumer]

Sorry for the noise. I updated frida to 14.0.7 (objection still at 1.9.6) on desktop, and got through that issue.

I ran this:

objection --gadget 'com.apple.AppStore' explore -s 'ios sslpinning disable' -s 'import ios_openstore.js'

and got same process is not suspended error

I also tried this, just to see if it would open a URL:

objection --gadget 'com.apple.AppStore' explore -s 'import ios_openstore.js'

and got same error

[konsumer]

I think I made progress

I did this (evaluate instead of import):

objection --gadget 'com.apple.AppStore' explore -s 'ios sslpinning disable' -s 'evaluate ios_openstore.js'

And it ran without error. It still held the repl open though. I tried running it a few times, and it looks like the ssl disable isn't going through before the url request (I get ssl error, but it works if I refresh)

I tried modifying the script, and it seemed to fix that:

function openURL (url) {
  var w = ObjC.classes.LSApplicationWorkspace.defaultWorkspace()
  var toOpen = ObjC.classes.NSURL.URLWithString_(url)
  return w.openSensitiveURL_withOptions_(toOpen, null)
}

setTimeout(() => openURL('https://apps.apple.com/us/app/pixel-starships/id321756558?mt=12'), 2000)

I ended up doing a & (to background) then a sleep then a kill and it seems to work. Is there a better way to make objection exit?

[konsumer]

If I try to script it, I get Operation not permitted:

objection --gadget 'com.apple.AppStore' explore -s 'ios sslpinning disable' -s 'evaluate ios_openstore.js' &
sleep 10
killall -9 objection

This is error:

./mitmautomate
Using USB device `iOS Device`
Agent injected and responds ok!
Warning: Input is not a terminal (fd=0).
Running a startup command... ios sslpinning disable
(agent) Hooking common framework methods
(agent) Found NSURLSession based classes. Hooking known pinning methods.
(agent) Hooking lower level SSL methods
(agent) Hooking lower level TLS methods
(agent) Hooking BoringSSL methods
(agent) Registering job 9539898125697. Type: ios-sslpinning-disable
Running a startup command... evaluate ios_openstore.js
JavaScript capture complete. Evaluating...

     _   _         _   _
 ___| |_|_|___ ___| |_|_|___ ___
| . | . | | -_|  _|  _| | . |   |
|___|___| |___|___|_| |_|___|_|_|
      |___|(object)inject(ion) v1.9.6

     Runtime Mobile Exploration
        by: @leonjza from @sensepost

[tab] for command suggestions
Traceback (most recent call last):
  File "/usr/lib/python3.8/asyncio/selector_events.py", line 259, in _add_reader
    key = self._selector.get_key(fd)
  File "/usr/lib/python3.8/selectors.py", line 192, in get_key
    raise KeyError("{!r} is not registered".format(fileobj)) from None
KeyError: '0 is not registered'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/home/konsumer/.local/bin/objection", line 8, in <module>
    sys.exit(cli())
  File "/usr/lib/python3/dist-packages/click/core.py", line 764, in __call__
    return self.main(*args, **kwargs)
  File "/usr/lib/python3/dist-packages/click/core.py", line 717, in main
    rv = self.invoke(ctx)
  File "/usr/lib/python3/dist-packages/click/core.py", line 1137, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/lib/python3/dist-packages/click/core.py", line 956, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/lib/python3/dist-packages/click/core.py", line 555, in invoke
    return callback(*args, **kwargs)
  File "/home/konsumer/.local/lib/python3.8/site-packages/objection/console/cli.py", line 206, in explore
    r.start_repl(quiet=quiet)
  File "/home/konsumer/.local/lib/python3.8/site-packages/objection/console/repl.py", line 355, in start_repl
    document = self.session.prompt(self.get_prompt_message())
  File "/home/konsumer/.local/lib/python3.8/site-packages/prompt_toolkit/shortcuts/prompt.py", line 1013, in prompt
    return self.app.run(set_exception_handler=set_exception_handler)
  File "/home/konsumer/.local/lib/python3.8/site-packages/prompt_toolkit/application/application.py", line 814, in run
    return loop.run_until_complete(
  File "/usr/lib/python3.8/asyncio/base_events.py", line 616, in run_until_complete
    return future.result()
  File "/home/konsumer/.local/lib/python3.8/site-packages/prompt_toolkit/application/application.py", line 781, in run_async
    return await _run_async2()
  File "/home/konsumer/.local/lib/python3.8/site-packages/prompt_toolkit/application/application.py", line 763, in _run_async2
    result = await _run_async()
  File "/home/konsumer/.local/lib/python3.8/site-packages/prompt_toolkit/application/application.py", line 694, in _run_async
    with self.input.raw_mode(), self.input.attach(
  File "/usr/lib/python3.8/contextlib.py", line 113, in __enter__
    return next(self.gen)
  File "/home/konsumer/.local/lib/python3.8/site-packages/prompt_toolkit/input/vt100.py", line 161, in _attached_input
    loop.add_reader(fd, callback)
  File "/usr/lib/python3.8/asyncio/selector_events.py", line 332, in add_reader
    return self._add_reader(fd, callback, *args)
  File "/usr/lib/python3.8/asyncio/selector_events.py", line 261, in _add_reader
    self._selector.register(fd, selectors.EVENT_READ,
  File "/usr/lib/python3.8/selectors.py", line 359, in register
    self._selector.register(key.fd, poller_events)
PermissionError: [Errno 1] Operation not permitted
Asking jobs to stop...
Unloading objection agent...
objection: no process found

[konsumer]

Also, piping "exit\n" into objection seems to do same thing where it spirals into an exception loop.

[ano251]

@konsumer do you succeeded to solve the issue?

[ano251]

@leonjza can you assist i stuck here?

iOS version: 13.6 Device: jb iPhone X

mao@maozika:~/ios$ frida -U -l bypass.js -f <> explore --no-pause

---

/ _  |   Frida 14.2.13 - A world-class dynamic instrumentation toolkit

| (_| |

| Commands: // |_| help -> Displays the help system . . . . object? -> Display information about 'object' . . . . exit/quit -> Exit . . . . . . . . More info at https://www.frida.re/docs/home/ Spawning reducted explore...
Injecting... Spawned reducted explore. Resuming main thread!
[iOS Device::com.uscc.myaccount]-> Exception in thread Thread-1: Traceback (most recent call last): File "/usr/lib/python3.6/threading.py", line 916, in _bootstrap_inner self.run() File "/usr/lib/python3.6/threading.py", line 864, in run self._target(*self._args, *self._kwargs) File "/home/mao/.local/lib/python3.6/site-packages/frida_tools/application.py", line 639, in _run work() File "/home/mao/.local/lib/python3.6/site-packages/frida_tools/repl.py", line 462, in self._reactor.schedule(lambda: self._resume()) File "/home/mao/.local/lib/python3.6/site-packages/frida_tools/application.py", line 255, in _resume self._device.resume(self._spawned_pid) File "/home/mao/.local/lib/python3.6/site-packages/frida/core.py", line 26, in wrapper return f(args, kwargs) File "/home/mao/.local/lib/python3.6/site-packages/frida/core.py", line 148, in resume self._impl.resume(self._pid_of(target)) frida.InvalidOperationError: process is not suspended**

Thank you in advance.

[gl4nce]

I got the same.

$ objection -g app.identifier.here explore

Using USB device `iPhone`
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.9/bin/objection", line 33, in <module>
    sys.exit(load_entry_point('objection==1.11.0', 'console_scripts', 'objection')())
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/objection/console/cli.py", line 114, in explore
    agent.inject()
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/objection/utils/agent.py", line 209, in inject
    self.device.resume(self.spawned_pid)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/frida/core.py", line 148, in resume
    self._impl.resume(self._pid_of(target))
frida.InvalidOperationError: process is not suspended

The app open and closes immediately. Tested on macOS 10.14.6, iOS 14.2. Happens on every app.

[gl4nce]

It works fine if using the process id (PID) instead of name or identifier.

[konsumer]

It works fine if using the process id (PID) instead of name or identifier.

I think my issue is different from what you are talking about.

I can start it fine with identifier, my issue is specifically with trying to spin up initial scripts. The app-store example needs to be started by name (not an already running PID) to do sslpinning disable, anyway.

[gl4nce]

Yes. Sorry for using your issue, but it could be related. Obviously there is an issue with using name or identifier. I found the same problem in some other issues.

[alertkor]

Anyone solved this issue?

Spawned `com.test`. Use %resume to let the main thread start executing!
[iPhone::com.test]-> %resume
[iPhone::com.test]-> Exception in thread Thread-1:
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/threading.py", line 917, in _bootstrap_inner
    self.run()
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/threading.py", line 865, in run
    self._target(*self._args, **self._kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/frida_tools/application.py", line 639, in _run
    work()
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/frida_tools/repl.py", line 464, in <lambda>
    self._reactor.schedule(lambda: self._resume())
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/frida_tools/application.py", line 255, in _resume
    self._device.resume(self._spawned_pid)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.7/lib/python3.7/site-packages/frida/core.py", line 148, in resume
    self._impl.resume(self._pid_of(target))
frida.InvalidOperationError: process is not suspended

✅ I solved this problem and realized Jailbreak version doesn't support with frida so i did downgrade the Jailbreak version.

[IPMegladon]

Stale issue, feel free to reopen.