error: failed to get the task for process xxx

[diptilenka]

• Please, fill in all of the sections in this template.
• Please read each section carefully. Each has a description of what information will help.
• Windows support is limited. There is a good chance that a pull request would help!
• The more information you give, the better.
• Remove this section when you are done.

Describe the bug A clear and concise description of what the bug is.

To Reproduce Steps to reproduce the behavior:

1. Run command '...'
   After https://github.com/sensepost/objection/wiki/Patching-iOS-Applications Then running the patched ios applications

ios-deploy --bundle Payload/*.app --debug -W --debug

2. Run command '...'

Similar issues Please link the issues in this repository that is similar to yours.

For example: #358, #229 etc.

Expected behavior A clear and concise description of what you expected to happen.

Evidence / Logs / Screenshots Any output from objection, such as stack traces or errors that occurred. Be sure to run objection with the --debug flag so that errors from the agent are verbose enough to debug. For example:

le.app/PkgInfo to device
[ 52%] CreatingStagingDirectory
[ 57%] ExtractingPackage
[ 60%] InspectingPackage
[ 60%] TakingInstallLock
[ 65%] PreflightingApplication
[ 65%] InstallingEmbeddedProfile
[ 70%] VerifyingApplication
[ 75%] CreatingContainer
[ 80%] InstallingApplication
[ 85%] PostflightingApplication
[ 90%] SandboxingApplication
[ 95%] GeneratingApplicationMap
[100%] Installed package Payload/Hyland Mobile.app
------ Debug phase ------
Starting debug of 00008020-000A15EC1E32002E (D331pAP, iPhone XS Max, iphoneos, arm64e) a.k.a. 'iPhone' connected through USB...
[  0%] Looking up developer disk image
[ 95%] Developer disk image mounted successfully
[100%] Connecting to remote debug server
-------------------------
(lldb) command source -s 0 '/tmp/6FDA7A23-CA14-4DD2-9CA9-709BD782D085/fruitstrap-lldb-prep-cmds-00008020_000A15EC1E32002E'
Executing commands in '/tmp/6FDA7A23-CA14-4DD2-9CA9-709BD782D085/fruitstrap-lldb-prep-cmds-00008020_000A15EC1E32002E'.
(lldb)     platform select remote-ios --sysroot '/Users/drlenka/Library/Developer/Xcode/iOS DeviceSupport/14.1 (18A8395) arm64e/Symbols'
  Platform: remote-ios
 Connected: no
  SDK Path: "/Users/xxxxxx/Library/Developer/Xcode/iOS DeviceSupport/14.1 (18A8395) arm64e/Symbols"
(lldb)     target create "/Users/xxxxxx/Documents/iOS Frida/final_file/Payload/Hyland Mobile.app"
Current executable set to '/Users/xxxxx/Documents/iOS Frida/final_file/Payload/Hyland Mobile.app' (arm64).
(lldb)     script fruitstrap_device_app="/private/var/containers/Bundle/Application/06304EE2-29F5-4AD6-8B20-B52DC54B2E29/Hyland Mobile.app"
(lldb)     script fruitstrap_connect_url="connect://127.0.0.1:51023"
(lldb)     script fruitstrap_output_path=""
(lldb)     script fruitstrap_error_path=""
(lldb)     target modules search-paths add /usr "/Users/xxxxx/Library/Developer/Xcode/iOS DeviceSupport/14.1 (18A8395) arm64e/Symbols/usr" /System "/Users/xxxx/Library/Developer/Xcode/iOS DeviceSupport/14.1 (18A8395) arm64e/Symbols/System" "/private/var/containers/Bundle/Application/06304EE2-29F5-4AD6-8B20-B52DC54B2E29" "/Users/xxxx/Documents/iOS Frida/final_file/Payload" "/var/containers/Bundle/Application/06304EE2-29F5-4AD6-8B20-B52DC54B2E29" "/Users/xxxx/Documents/iOS Frida/final_file/Payload" /Developer "/Users/xxx/Library/Developer/Xcode/iOS DeviceSupport/14.1 (18A8395) arm64e/Symbols/Developer"
(lldb)     command script import "/tmp/6FDA7A23-CA14-4DD2-9CA9-709BD782D085/fruitstrap_00008020_000A15EC1E32002E.py"
(lldb)     command script add -f fruitstrap_00008020_000A15EC1E32002E.connect_command connect
(lldb)     command script add -s asynchronous -f fruitstrap_00008020_000A15EC1E32002E.run_command run
(lldb)     command script add -s asynchronous -f fruitstrap_00008020_000A15EC1E32002E.autoexit_command autoexit
(lldb)     command script add -s asynchronous -f fruitstrap_00008020_000A15EC1E32002E.safequit_command safequit
(lldb)     connect
(lldb)     run
****error: failed to get the task for process 307****

Environment (please complete the following information):

• Device: [e.g. iPhone6] iPhone XS Max
• OS: [e.g. iOS8.1] 14.1
• Frida Version [e.g. 22] 14.0.5
  • Objection Version [e.g. 1.6.2] 1.9.6 -Xcode version:- 12.1

Application If possible, please attach the target application where you can reproduce this bug to the issue.

Additional context ios-deploy version :- 1.11.3

[diptilenka]

And also if i running Objection explore and it showing

objection explore
Using USB device `iPhone`
Traceback (most recent call last):
  File "/Library/Frameworks/Python.framework/Versions/3.9/bin/objection", line 33, in <module>
    sys.exit(load_entry_point('objection', 'console_scripts', 'objection')())
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 829, in __call__
    return self.main(*args, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 782, in main
    rv = self.invoke(ctx)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 1259, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 1066, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/click/core.py", line 610, in invoke
    return callback(*args, **kwargs)
  File "/Users/xxxx/Documents/ObjectionTool/objection/objection/console/cli.py", line 114, in explore
    agent.inject()
  File "/Users/xxxx/Documents/ObjectionTool/objection/objection/utils/agent.py", line 202, in inject
    session = self.get_session()
  File "/Users/xxxxx/Documents/ObjectionTool/objection/objection/utils/agent.py", line 166, in get_session
    self.spawned_pid = self.device.spawn(state_connection.gadget_name)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/frida/core.py", line 26, in wrapper
    return f(*args, **kwargs)
  File "/Library/Frameworks/Python.framework/Versions/3.9/lib/python3.9/site-packages/frida/core.py", line 140, in spawn
    return self._impl.spawn(program, argv, envp, env, cwd, stdio, aux_options)
**frida.InvalidArgumentError: unable to find app with bundle identifier “Gadget”**

And i f i run objection -g com.hackerdipti.democode explore

Using USB device `iPhone`
Unable to connect to the frida server: failed to get the task for process 466

Another question is does the identifier i have created should be matched same as per the original iPA?

[diptilenka]

@leonjza Plz have a look into it. am struggling to open patched app

[0x4ngK4n]

I think I might have a clue here... maybe try to follow the below steps if you are using a developer account & MacBook:

1. Use objection as objection patchipa -s -c [codesign] --skip-cleanup
2. Objection will give a temp folder name which has two IPA's :
   • [This IPA is only Frida injected and "NOT" codesigned]
   • <ipa name - frida-codesigned> [This IPA is frida injected "AND" codesigned]
3. Using the IPA file, sign it using iOS App Signer with "unchecking" the flag "No get-task-allow"
4. Now unzip and use iOS-deply as usual.

[diptilenka]

I think I might have a clue here... maybe try to follow the below steps if you are using a developer account & MacBook:

1. Use objection as objection patchipa -s -c [codesign] --skip-cleanup
2. Objection will give a temp folder name which has two IPA's :

• [This IPA is only Frida injected and "NOT" codesigned]
• <ipa name - frida-codesigned> [This IPA is frida injected "AND" codesigned]

1. Using the IPA file, sign it using iOS App Signer with "unchecking" the flag "No get-task-allow"
2. Now unzip and use iOS-deply as usual.

You are absolutely correct , now am able to open that app. Could you plz tell me how it changed compared to last behaviour . I think it solve my problem.

[0x4ngK4n]

First of all, there's smthing wrong with node-applesign module which is used to sign the patched IPA. Hence I recommended you to use iOS App Signer. The other thing is that the error message that you get suggests that another process (in this case Frida) is unable to hook to the patched application. This is actually a protection mechanism (set in the entitlement, referenced via get-task-allow) which disallows users to debug applications. If you were to upload your application for distribution over app store, this has to be turned on. However, in our case we want to instrument and hence attach to the application. Hence, unchecking the box 'No get-task-allow' in iOS App Signer.

[leonjza]

This is similar to #434 where some changes are needed. Closing this in favour of that ticket.