search

tweaselORG / meta

(Currently) only used for the issue tracker.
2 stars 0 forks source link

Investigate problems with the iPhone on iOS 15 #22

Closed baltpeter closed 1 year ago

baltpeter commented 1 year ago

The other iPhone (black, iOS 15.6.1) also has a problem (cf. #12): It doesn't like Frida injected in SpringBoard (which we're doing a lot appstraction).

Injecting works, and I can do pure JS stuff just fine. But as soon as I try to access anything under ObjC (you know, a fairly important feature), SpringBoard crashes.

❯ frida -U SpringBoard
     ____
    / _  |   Frida 16.0.8 - A world-class dynamic instrumentation toolkit
   | (_| |
    > _  |   Commands:
   /_/ |_|       help      -> Displays the help system
   . . . .       object?   -> Display information about 'object'
   . . . .       exit/quit -> Exit
   . . . .
   . . . .   More info at https://frida.re/docs/home/
   . . . .
   . . . .   Connected to iOS Device (id=982db8d6e3c4db2cbc22f263400334351196f286)

[iOS Device::SpringBoard ]-> 1+1
2
[iOS Device::SpringBoard ]-> ObjC.Process terminated
[iOS Device::SpringBoard ]-> ObjC.

Thank you for using Frida!
zner0L commented 1 year ago

I think I just into that problem as well on my iPhone 6S on 15.7.2, Frida and SpringBoard both crashed while trying to set the proxy using appstraction.

zner0L commented 1 year ago

I looked at one crash report for SpringBoard and sadly they don't seem very helpful. CrashReporter reports as an exception:

  "exception" : {"codes":"0x0000000000000000, 0x0000000000000000","rawCodes":[0,0],"type":"EXC_CRASH","signal":"SIGKILL"},

Which doesn't say much. Here is a full crash log at /User/Library/Logs/CrashReporter/SpringBoard-<datetime>.ips:

{"app_name":"SpringBoard","timestamp":"2023-03-21 18:28:44.00 +0100","app_version":"1.0","slice_uuid":"663b1c29-abeb-3159-b566-87dfba738a5e","build_version":"50","platform":2,"bundleID":"com.apple.springboard","share_with_app_devs":0,"is_first_party":1,"bug_type":"309","os_version":"iPhone OS 15.7.2 (19H218)","incident_id":"B7ECF210-E9B4-462E-B80B-4435D0B82610","name":"SpringBoard"}
{
  "uptime" : 540,
  "procLaunch" : "2023-03-21 18:21:08.8804 +0100",
  "procRole" : "Foreground",
  "version" : 2,
  "userID" : 501,
  "deployVersion" : 210,
  "modelCode" : "iPhone8,1",
  "procStartAbsTime" : 2198059962,
  "coalitionID" : 69,
  "osVersion" : {
    "isEmbedded" : true,
    "train" : "iPhone OS 15.7.2",
    "releaseType" : "User",
    "build" : "19H218"
  },
  "captureTime" : "2023-03-21 18:28:43.5686 +0100",
  "incident" : "B7ECF210-E9B4-462E-B80B-4435D0B82610",
  "bug_type" : "309",
  "pid" : 308,
  "procExitAbsTime" : 13109559196,
  "cpuType" : "ARM-64",
  "procName" : "SpringBoard",
  "procPath" : "\/System\/Library\/CoreServices\/SpringBoard.app\/SpringBoard",
  "bundleInfo" : {"CFBundleShortVersionString":"1.0","CFBundleVersion":"50","CFBundleIdentifier":"com.apple.springboard"},
  "storeInfo" : {"deviceIdentifierForVendor":"960B73E5-9AB4-4F2C-90DA-955D6D90176D"},
  "parentProc" : "launchd",
  "parentPid" : 1,
  "coalitionName" : "com.apple.springboard",
  "crashReporterKey" : "190e085155fd7d24fb32c29e2ec7470fec08b8d8",
  "basebandVersion" : "9.61.00",
  "isCorpse" : 1,
  "exception" : {"codes":"0x0000000000000000, 0x0000000000000000","rawCodes":[0,0],"type":"EXC_CRASH","signal":"SIGKILL"},
  "termination" : {"namespace":"SANDBOX","flags":66,"code":1},
  "faultingThread" : 0,
  "threads" : [{"triggered":true,"id":3884,"threadState":{"x":[{"value":268451845},{"value":117442566},{"value":0},{"value":3072},{"value":3843},{"value":4294967295},{"value":0},{"value":10767303488},{"value":4294966207},{"value":117442822},{"value":14478548904889286878},{"value":768620671494},{"value":11496730},{"value":24000000},{"value":25288767438848},{"value":0},{"value":18446744073709551585},{"value":1},{"value":0},{"value":0},{"value":4294967295},{"value":3843},{"value":3072},{"value":6089680128},{"value":117442566},{"value":0},{"value":117442566},{"value":3843},{"value":3843}],"flavor":"ARM_THREAD_STATE64","lr":{"value":7458566268},"cpsr":{"value":1610612736},"fp":{"value":6089679744},"sp":{"value":6089679664},"esr":{"value":1442840704,"description":" Address size fault"},"pc":{"value":7458564780,"matchesCrashFrame":1},"far":{"value":0}},"queue":"com.apple.main-thread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":6536,"symbol":"GSEventRunModal","symbolLocation":160,"imageIndex":2},{"imageOffset":5134984,"symbol":"-[UIApplication _run]","symbolLocation":1080,"imageIndex":3},{"imageOffset":2617288,"symbol":"UIApplicationMain","symbolLocation":336,"imageIndex":3},{"imageOffset":874260,"symbol":"SBSystemAppMain","symbolLocation":6476,"imageIndex":4},{"imageOffset":99536,"symbol":"start","symbolLocation":444,"imageIndex":5}]},{"id":3932,"frames":[{"imageOffset":6452,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":6}]},{"id":3935,"name":"com.apple.uikit.eventfetch-thread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":97964,"symbol":"-[NSRunLoop(NSRunLoop) runMode:beforeDate:]","symbolLocation":232,"imageIndex":7},{"imageOffset":356304,"symbol":"-[NSRunLoop(NSRunLoop) runUntilDate:]","symbolLocation":88,"imageIndex":7},{"imageOffset":4607732,"symbol":"-[UIEventFetcher threadMain]","symbolLocation":512,"imageIndex":3},{"imageOffset":412636,"symbol":"__NSThread__start__","symbolLocation":792,"imageIndex":7},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":3948,"name":"com.apple.CoreMotion.MotionThread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":627520,"symbol":"CFRunLoopRun","symbolLocation":60,"imageIndex":1},{"imageOffset":76464,"imageIndex":8},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":3961,"name":"SBWiFiManager callback thread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":97964,"symbol":"-[NSRunLoop(NSRunLoop) runMode:beforeDate:]","symbolLocation":232,"imageIndex":7},{"imageOffset":99872,"symbol":"-[NSRunLoop(NSRunLoop) run]","symbolLocation":88,"imageIndex":7},{"imageOffset":2115620,"symbol":"-[SBWiFiManager _runManagerCallbackThread]","symbolLocation":264,"imageIndex":4},{"imageOffset":412636,"symbol":"__NSThread__start__","symbolLocation":792,"imageIndex":7},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":3963,"name":"CommonUtilities-WiFi-Thread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":627520,"symbol":"CFRunLoopRun","symbolLocation":60,"imageIndex":1},{"imageOffset":60136,"imageIndex":9},{"imageOffset":412636,"symbol":"__NSThread__start__","symbolLocation":792,"imageIndex":7},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":3977,"name":"WFWiFiStateMonitor callback thread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":97964,"symbol":"-[NSRunLoop(NSRunLoop) runMode:beforeDate:]","symbolLocation":232,"imageIndex":7},{"imageOffset":99872,"symbol":"-[NSRunLoop(NSRunLoop) run]","symbolLocation":88,"imageIndex":7},{"imageOffset":395656,"symbol":"-[WFWiFiStateMonitor _runManagerCallbackThread]","symbolLocation":276,"imageIndex":10},{"imageOffset":412636,"symbol":"__NSThread__start__","symbolLocation":792,"imageIndex":7},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":3978,"name":"WFPersonalHotspotStateMonitor callback thread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":97964,"symbol":"-[NSRunLoop(NSRunLoop) runMode:beforeDate:]","symbolLocation":232,"imageIndex":7},{"imageOffset":99872,"symbol":"-[NSRunLoop(NSRunLoop) run]","symbolLocation":88,"imageIndex":7},{"imageOffset":468336,"symbol":"-[WFPersonalHotspotStateMonitor _runManagerCallbackThread]","symbolLocation":444,"imageIndex":10},{"imageOffset":412636,"symbol":"__NSThread__start__","symbolLocation":792,"imageIndex":7},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":3997,"name":"AVAudioSession Notify Thread","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":27848,"symbol":"__CFRunLoopServiceMachPort","symbolLocation":368,"imageIndex":1},{"imageOffset":45008,"symbol":"__CFRunLoopRun","symbolLocation":1160,"imageIndex":1},{"imageOffset":123284,"symbol":"CFRunLoopRunSpecific","symbolLocation":572,"imageIndex":1},{"imageOffset":25720,"symbol":"CADeprecated::GenericRunLoopThread::Entry(void*)","symbolLocation":156,"imageIndex":11},{"imageOffset":63432,"symbol":"CADeprecated::CAPThread::Entry(CADeprecated::CAPThread*)","symbolLocation":88,"imageIndex":11},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":4002,"name":"com.apple.UIKit.inProcessAnimationManager","frames":[{"imageOffset":2792,"symbol":"semaphore_wait_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":18784,"symbol":"_dispatch_sema4_wait$VARIANT$mp","symbolLocation":24,"imageIndex":12},{"imageOffset":20400,"symbol":"_dispatch_semaphore_wait_slow","symbolLocation":148,"imageIndex":12},{"imageOffset":2776484,"symbol":"__66-[UIViewInProcessAnimationManager startAdvancingAnimationManager:]_block_invoke_3","symbolLocation":188,"imageIndex":3},{"imageOffset":412636,"symbol":"__NSThread__start__","symbolLocation":792,"imageIndex":7},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":5787,"frames":[{"imageOffset":6452,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":6}]},{"id":6415,"frames":[{"imageOffset":6452,"symbol":"start_wqthread","symbolLocation":0,"imageIndex":6}]},{"id":6492,"frames":[{"imageOffset":8852,"symbol":"kevent","symbolLocation":8,"imageIndex":0},{"imageOffset":4685895048,"imageIndex":13},{"imageOffset":4685892156,"imageIndex":13},{"imageOffset":4685892624,"imageIndex":13},{"imageOffset":4684890492,"imageIndex":13},{"imageOffset":4684776060,"imageIndex":13},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":6493,"name":"pool-spawner","frames":[{"imageOffset":5252,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":0},{"imageOffset":39892,"symbol":"_pthread_cond_wait$VARIANT$mp","symbolLocation":1240,"imageIndex":6},{"imageOffset":4686034668,"imageIndex":13},{"imageOffset":4685816172,"imageIndex":13},{"imageOffset":4685955284,"imageIndex":13},{"imageOffset":4685951232,"imageIndex":13},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":6494,"name":"gmain","frames":[{"imageOffset":8852,"symbol":"kevent","symbolLocation":8,"imageIndex":0},{"imageOffset":4685895048,"imageIndex":13},{"imageOffset":4685892156,"imageIndex":13},{"imageOffset":4685892288,"imageIndex":13},{"imageOffset":4685895960,"imageIndex":13},{"imageOffset":4685951232,"imageIndex":13},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":6495,"name":"gum-exceptor-worker","frames":[{"imageOffset":2732,"symbol":"mach_msg_trap","symbolLocation":8,"imageIndex":0},{"imageOffset":4220,"symbol":"mach_msg","symbolLocation":72,"imageIndex":0},{"imageOffset":4686459344,"imageIndex":13},{"imageOffset":4685951232,"imageIndex":13},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":6496,"name":"pool-frida","frames":[{"imageOffset":5252,"symbol":"__psynch_cvwait","symbolLocation":8,"imageIndex":0},{"imageOffset":39936,"symbol":"_pthread_cond_wait$VARIANT$mp","symbolLocation":1284,"imageIndex":6},{"imageOffset":4686034936,"imageIndex":13},{"imageOffset":4685816160,"imageIndex":13},{"imageOffset":4685816260,"imageIndex":13},{"imageOffset":4685954820,"imageIndex":13},{"imageOffset":4685951232,"imageIndex":13},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":6497,"name":"gdbus","frames":[{"imageOffset":8852,"symbol":"kevent","symbolLocation":8,"imageIndex":0},{"imageOffset":4685895048,"imageIndex":13},{"imageOffset":4685892156,"imageIndex":13},{"imageOffset":4685892624,"imageIndex":13},{"imageOffset":4685613056,"imageIndex":13},{"imageOffset":4685951232,"imageIndex":13},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]},{"id":6498,"name":"gum-js-loop","frames":[{"imageOffset":4686439976,"imageIndex":13},{"imageOffset":4686370468,"imageIndex":13},{"imageOffset":4685693792,"imageIndex":13},{"imageOffset":4685693444,"imageIndex":13},{"imageOffset":4685692620,"imageIndex":13},{"imageOffset":4686363516,"imageIndex":13},{"imageOffset":4686470384,"imageIndex":13},{"imageOffset":4686447868,"imageIndex":13},{"imageOffset":4686470208,"imageIndex":13},{"imageOffset":4686469984,"imageIndex":13},{"imageOffset":4686449504,"imageIndex":13},{"imageOffset":4686690536,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4687079800,"imageIndex":13},{"imageOffset":4687008064,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4687206324,"imageIndex":13},{"imageOffset":4686968068,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687026140,"imageIndex":13},{"imageOffset":4687007528,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4686983812,"imageIndex":13},{"imageOffset":4687030224,"imageIndex":13},{"imageOffset":4686605560,"imageIndex":13},{"imageOffset":4686626172,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4686983812,"imageIndex":13},{"imageOffset":4686985092,"imageIndex":13},{"imageOffset":4687010140,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4686983812,"imageIndex":13},{"imageOffset":4687030224,"imageIndex":13},{"imageOffset":4687054180,"imageIndex":13},{"imageOffset":4687030352,"imageIndex":13},{"imageOffset":4687079988,"imageIndex":13},{"imageOffset":4686967796,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4687079800,"imageIndex":13},{"imageOffset":4686968068,"imageIndex":13},{"imageOffset":4687003832,"imageIndex":13},{"imageOffset":4687007708,"imageIndex":13},{"imageOffset":4687007340,"imageIndex":13},{"imageOffset":4687003272,"imageIndex":13},{"imageOffset":4686623724,"imageIndex":13},{"imageOffset":4686623972,"imageIndex":13},{"imageOffset":4686622884,"imageIndex":13},{"imageOffset":4686577924,"imageIndex":13},{"imageOffset":4685891672,"imageIndex":13},{"imageOffset":4685892192,"imageIndex":13},{"imageOffset":4685892624,"imageIndex":13},{"imageOffset":4686577704,"imageIndex":13},{"imageOffset":4685951232,"imageIndex":13},{"imageOffset":13128,"symbol":"_pthread_start","symbolLocation":116,"imageIndex":6},{"imageOffset":6472,"symbol":"thread_start","symbolLocation":8,"imageIndex":6}]}],
  "usedImages" : [
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 7458562048,
    "size" : 212992,
    "uuid" : "d8df34cd-b962-3edf-8266-5c8ca8e666d4",
    "path" : "\/usr\/lib\/system\/libsystem_kernel.dylib",
    "name" : "libsystem_kernel.dylib"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 6475796480,
    "size" : 4448256,
    "uuid" : "55c76f8e-bcc9-3a4c-9f62-16eac0ba8ab8",
    "path" : "\/System\/Library\/Frameworks\/CoreFoundation.framework\/CoreFoundation",
    "name" : "CoreFoundation"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 7024381952,
    "size" : 36864,
    "uuid" : "8f5bd2c4-f5d5-358e-82bd-1b2259a5c050",
    "path" : "\/System\/Library\/PrivateFrameworks\/GraphicsServices.framework\/GraphicsServices",
    "name" : "GraphicsServices"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 6512738304,
    "size" : 24756224,
    "uuid" : "697c7d5c-9761-36e9-8e0f-200035bf3f39",
    "path" : "\/System\/Library\/PrivateFrameworks\/UIKitCore.framework\/UIKitCore",
    "name" : "UIKitCore"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 7299055616,
    "size" : 10190848,
    "uuid" : "2ff7d1e2-599c-3603-9e72-8cdede55b077",
    "path" : "\/System\/Library\/PrivateFrameworks\/SpringBoard.framework\/SpringBoard",
    "name" : "SpringBoard"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 4378443776,
    "size" : 344064,
    "uuid" : "0cbdc5eb-f32e-397b-842c-8d0498ad8fcb",
    "path" : "\/usr\/lib\/dyld",
    "name" : "dyld"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 8007364608,
    "size" : 69632,
    "uuid" : "3788805a-951c-3809-b49f-5af16fe50f0d",
    "path" : "\/usr\/lib\/system\/libsystem_pthread.dylib",
    "name" : "libsystem_pthread.dylib"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 6499995648,
    "size" : 3035136,
    "uuid" : "3f1763e1-10b6-3144-b223-e031482cbf46",
    "path" : "\/System\/Library\/Frameworks\/Foundation.framework\/Foundation",
    "name" : "Foundation"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 6686384128,
    "size" : 3112960,
    "uuid" : "89584898-a43d-33b5-abdc-0029bb54d0fb",
    "path" : "\/System\/Library\/Frameworks\/CoreMotion.framework\/CoreMotion",
    "name" : "CoreMotion"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 6758309888,
    "size" : 118784,
    "uuid" : "98f64960-178f-3455-a9e9-61921252c9ab",
    "path" : "\/System\/Library\/PrivateFrameworks\/CommonUtilities.framework\/CommonUtilities",
    "name" : "CommonUtilities"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 7512567808,
    "size" : 868352,
    "uuid" : "dff029f0-9618-3336-b39b-b78165a907d5",
    "path" : "\/System\/Library\/PrivateFrameworks\/WiFiKit.framework\/WiFiKit",
    "name" : "WiFiKit"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 6624440320,
    "size" : 167936,
    "uuid" : "1b474f88-2a3f-39e0-b843-e6623d7b6ac1",
    "path" : "\/System\/Library\/PrivateFrameworks\/AudioSession.framework\/AudioSession",
    "name" : "AudioSession"
  },
  {
    "source" : "P",
    "arch" : "arm64",
    "base" : 6472581120,
    "size" : 536576,
    "uuid" : "34ef3925-0303-30bf-9946-ad99311620dd",
    "path" : "\/usr\/lib\/system\/libdispatch.dylib",
    "name" : "libdispatch.dylib"
  },
  {
    "size" : 0,
    "source" : "A",
    "base" : 0,
    "uuid" : "00000000-0000-0000-0000-000000000000"
  }
],
  "sharedCache" : {
  "base" : 6472253440,
  "size" : 2323447808,
  "uuid" : "ef4e0679-1d91-3b1f-8b68-aef6b8fff52a"
},
  "vmSummary" : "ReadOnly portion of Libraries: Total=1.0G resident=0K(0%) swapped_out_or_unallocated=1.0G(100%)\nWritable regions: Total=571.7M written=0K(0%) resident=0K(0%) swapped_out=0K(0%) unallocated=571.7M(100%)\n\n                                VIRTUAL   REGION \nREGION TYPE                        SIZE    COUNT (non-coalesced) \n===========                     =======  ======= \nAccelerate framework               128K        1 \nActivity Tracing                   256K        1 \nCG raster data                    1728K       47 \nColorSync                          448K       25 \nCoreAnimation                     1200K       52 \nCoreUI image data                  128K        1 \nFoundation                          16K        1 \nImage IO                           176K        9 \nKernel Alloc Once                   32K        1 \nMALLOC                           553.7M       65 \nMALLOC guard page                  128K        8 \nMemory Tag 255                    18.6M       14 \nSQLite page cache                  960K       15 \nSTACK GUARD                        304K       19 \nStack                             10.5M       19 \nVM_ALLOCATE                       4320K       53 \n__CTF                               756        1 \n__DATA                            32.4M     1060 \n__DATA_CONST                      92.5M     1077 \n__DATA_DIRTY                      3896K      881 \n__FONT_DATA                          4K        1 \n__LINKEDIT                       186.4M       14 \n__OBJC_RO                         91.9M        1 \n__OBJC_RW                         3520K        1 \n__TEXT                           885.2M     1100 \n__UNICODE                          592K        1 \ndyld private memory               1024K        1 \nmapped file                      228.3M       98 \nshared memory                       64K        4 \n===========                     =======  ======= \nTOTAL                              2.1G     4571 \n",
  "legacyInfo" : {
  "threadTriggered" : {
    "queue" : "com.apple.main-thread"
  }
},
  "trialInfo" : {
  "rollouts" : [
    {
      "rolloutId" : "61301e3a61217b3110231469",
      "factorPackIds" : {
        "SIRI_FIND_MY_CONFIGURATION_FILES" : "6348493aa52bb16adc4e4d06"
      },
      "deploymentId" : 240000023
    },
    {
      "rolloutId" : "60f8ddccefea4203d95cbeef",
      "factorPackIds" : {

      },
      "deploymentId" : 240000021
    }
  ],
  "experiments" : [

  ]
}
}
zner0L commented 1 year ago

Also, injecting Frida into other apps seems to work just fine, even system apps such as Preferences works alright. Maybe we should just pick a different app to inject frida into? Or is there anything particular about SpringBoard we need?

baltpeter commented 1 year ago

Or is there anything particular about SpringBoard we need?

No, it's just conveniently always there. Maybe there's another process that's also always running and has the right privileges? Or, I guess, we could also start Preferences[^1], inject, stop Preferences.

[^1]: Though that has two problems: The annoying different name of the app between iOS 15 and 16, and the fact that we're using Frida injected into SpringBoard to start apps…

zner0L commented 1 year ago

Unrelated: I found that rocketd is crashing every 10 seconds when frida is running (or rather, a new crash log is created every 10 seconds). Running ldid -s /usr/libexec/rocketd fixed that, but it didn't solve the problem.

zner0L commented 1 year ago

Maybe SpringBoard also crashes because of code signing issues? The Crash logs say it is killed. Though, for other apps, the logs say SIGKILL - CODESIGNING.

zner0L commented 1 year ago

the fact that we're using Frida injected into SpringBoard to start apps…

Well, frida.spawn() works on iOS 15, it seems, and since we would have to write version specific code anyway, we could just use that I guess?

baltpeter commented 1 year ago

Um… I just tried this again and it didn't crash this time…

baltpeter commented 1 year ago

Yep. examples/ios-device.ts ran without issues.

I guess, I'll try rebooting the phone to see whether it still works then.

baltpeter commented 1 year ago

Still works after a reboot and rejailbreak.

There was a Frida release the day after I posted this issue. Maybe that solved the problem?
@zner0L What Frida version are you on? And if you're not already on 16.0.11, does that solve the problem?

zner0L commented 1 year ago

I updated frida to 16.0.11 and it did fix it!

baltpeter commented 1 year ago

Awesome, so we can close this issue with a README update.

zner0L commented 1 year ago

There are problems with palera1n 2.0.0 beta 6 on iOS 15.7.5, the error 256 occurs when trying to install Sileo. Apparently this is a known issue: https://github.com/palera1n/palera1n/releases/tag/v2.0.0-beta.6.2