SUMMARY: PR | srd_tools-24.100.3 at #41

[xsscx]

Re: Update srd_tools to srd_tools-24.100.3 at https://github.com/apple/security-research-device/pull/41#

Crash Report for Darwin Cryptex Management Interface Version 2.0.0: Tue Jan 25 23:53:01 PST 2022;

X86_64

=====================================
SRD Cryptex Troubleshooter Log Info
=====================================
Fri Jan 28 09:37:36 EST 2022
Darwin mini.local 21.3.0 Darwin Kernel Version 21.3.0: Wed Jan  5 21:37:58 PST 2022; root:xnu-8019.80.24~20/RELEASE_X86_64 x86_64
Apple clang version 13.0.0 (clang-1300.0.29.30)
Target: x86_64-apple-darwin21.3.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
Darwin Cryptex Management Interface Version 2.0.0: Tue Jan 25 23:53:01 PST 2022; root:libcryptex_executables-170.100.20~29/cryptexctl/WEN_ETA_X86_64
machdep.cpu.brand: 0
machdep.cpu.brand_string: Intel(R) Core(TM) i7-8700B CPU @ 3.20GHz
System Integrity Protection status: disabled.
cryptexctl: flags = [none]
cryptexctl: will re-exec: /usr/local/bin/cryptexctl.research
cryptexctl.research: path = /usr/local/bin/cryptexctl.research
MobileDevice version = 1368.60.4
cryptexctl.research: argv[_main] =
cryptexctl.research:   [0] = cryptexctl
cryptexctl.research:   [1] = -v2
cryptexctl.research:   [2] = -d2
cryptexctl.research:   [3] = install
cryptexctl.research:   [4] = --variant=research
cryptexctl.research:   [5] = --persist
cryptexctl.research:   [6] = --print-info
cryptexctl.research:   [7] = ./com.example.cryptex.cxbd.signed```

For X86_64, a quick check indates that this new cryptexctl binary being run via:

make clean
make
make install

Results in:

Process:               cryptexctl.research [32239]
Path:                  /usr/local/bin/cryptexctl.research
Identifier:            cryptexctl.research
Version:               ???
Code Type:             X86-64 (Native)
Date/Time:             2022-01-28 09:33:11.5166 -0500
OS Version:            macOS 12.2 (21D49)
Report Version:        12
Bridge OS Version:     6.2 (19P744)
System Integrity Protection: disabled
Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000010
Exception Codes:       0x0000000000000001, 0x0000000000000010
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process:   exc handler [32239]

VM Region Info: 0x10 is not in any region.  Bytes before following region: 4416004080
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                      10736e000-1073b6000    [  288K] r-x/r-x SM=COW  ...xctl.research

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   cryptexctl.research                    0x10737f079 0x10736e000 + 69753
1   cryptexctl.research                    0x10737ebe2 0x10736e000 + 68578
2   libsystem_darwin.dylib              0x7ff8199c37df os_subcommand_main + 671
3   cryptexctl.research                    0x10738bdc0 0x10736e000 + 122304
4   dyld                                   0x111cd94fe start + 462

Thread 1:
0   libsystem_pthread.dylib             0x7ff81738bfec start_wqthread + 0

Thread 2:
0   libsystem_pthread.dylib             0x7ff81738bfec start_wqthread + 0

Thread 0 crashed with X86 Thread State (64-bit):
  rax: 0x0000000000000000  rbx: 0x00006000030bc480  rcx: 0x0000000100001480  rdx: 0x00007ff7b8b915e0
  rdi: 0x00006000030bc480  rsi: 0x00007ff7b8b91110  rbp: 0x00007ff7b8b91540  rsp: 0x00007ff7b8b91110
   r8: 0x00006000010b0600   r9: 0x00007ff859ff2e40  r10: 0x0000000000000018  r11: 0x81389640e70ffd72
  r12: 0x00007ffa598c4c60  r13: 0x00006000030bc480  r14: 0x00007ff7b8b915e0  r15: 0x0000000000000000
  rip: 0x000000010737f079  rfl: 0x0000000000010246  cr2: 0x0000000000000010

Logical CPU:     8
Error Code:      0x00000004 (no mapping for user data read)
Trap Number:     14

Thread 0 instruction stream:
  31 c0 5d e9 ec c9 00 00-55 48 89 e5 41 57 41 56  1.].....UH..AWAV
  41 54 53 48 81 ec 10 04-00 00 49 89 d6 48 89 fb  ATSH......I..H..
  48 8b 05 e0 6f 03 00 48-8b 00 48 89 45 d8 4c 8b  H...o..H..H.E.L.
  66 08 41 f6 04 24 20 75-7a 0f 57 c0 48 8d b5 d0  f.A..$ uz.W.H...
  fb ff ff 0f 29 46 20 0f-29 46 10 0f 29 06 48 c7  ....)F .)F..).H.
  46 30 00 00 00 00 49 8b-44 24 18 48 8b 44 c3 40  F0....I.D$.H.D.@
 [8b]78 10 e8 b6 0b 01 00-85 c0 0f 85 c0 00 00 00  .x.............. <==
  48 8b b5 d0 fb ff ff 48-8b 95 d8 fb ff ff 48 8b  H......H......H.
  05 52 70 03 00 48 8b 08-31 ff e8 b0 26 02 00 48  .Rp..H..1...&..H
  85 c0 0f 84 c6 00 00 00-48 89 c3 48 c7 85 f8 fb  ........H..H....
  ff ff 00 00 00 00 48 89-c7 e8 09 27 02 00 49 89  ......H....'..I.
  c7 eb 51 4c 8d bd d0 fb-ff ff ba 00 04 00 00 4c  ..QL...........L

Binary Images:
       0x10736e000 -        0x1073b5fff cryptexctl.research (*) <c67acc37-d0e3-39b1-8ea8-befc7a9bf5de> /usr/local/bin/cryptexctl.research
    0x7ff8199c0000 -     0x7ff8199c9fff libsystem_darwin.dylib (*) <f5936196-44b5-36da-8bd2-8a1d53a570c0> /usr/lib/system/libsystem_darwin.dylib
       0x111cd4000 -        0x111d3ffff dyld (*) <7de33963-bbc5-3996-ba6e-f1d562c17c95> /usr/lib/dyld
    0x7ff81738a000 -     0x7ff817395fff libsystem_pthread.dylib (*) <ee564342-d8f2-396d-b642-40092cf34d82> /usr/lib/system/libsystem_pthread.dylib
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???

M1 T8101 ARM

=====================================
SRD Cryptex Troubleshooter Log Info
=====================================
Fri Jan 28 13:28:15 EST 2022
Darwin macbookpro.local 21.2.0 Darwin Kernel Version 21.2.0: Sun Nov 28 20:29:10 PST 2021; root:xnu-8019.61.5~1/RELEASE_ARM64_T8101 arm64
Apple clang version 13.0.0 (clang-1300.0.29.30)
Target: arm64-apple-darwin21.2.0
Thread model: posix
InstalledDir: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin
Darwin Cryptex Management Interface Version 2.0.0: Tue Jan 25 23:53:01 PST 2022; root:libcryptex_executables-170.100.20~29/cryptexctl/WEN_ETA_ARM64E
machdep.cpu.brand_string: Apple M1
System Integrity Protection status: disabled.
cryptexctl: flags = [none]
cryptexctl: will re-exec: /usr/local/bin/cryptexctl.research
cryptexctl.research: path = /usr/local/bin/cryptexctl.research
MobileDevice version = 1368.60.4
cryptexctl.research: argv[_main] =
cryptexctl.research:   [0] = cryptexctl
cryptexctl.research:   [1] = -v2
cryptexctl.research:   [2] = -d2
cryptexctl.research:   [3] = install
cryptexctl.research:   [4] = --variant=research
cryptexctl.research:   [5] = --persist
cryptexctl.research:   [6] = --print-info
cryptexctl.research:   [7] = ./com.example.cryptex.cxbd.signed

M1 T8101 ARM Crash

Crashed Thread:        0  Dispatch queue: com.apple.main-thread

Exception Type:        EXC_BAD_ACCESS (SIGSEGV)
Exception Codes:       KERN_INVALID_ADDRESS at 0x0000000000000010
Exception Codes:       0x0000000000000001, 0x0000000000000010
Exception Note:        EXC_CORPSE_NOTIFY

Termination Reason:    Namespace SIGNAL, Code 11 Segmentation fault: 11
Terminating Process:   exc handler [18176]

VM Region Info: 0x10 is not in any region.  Bytes before following region: 4363534320
      REGION TYPE                    START - END         [ VSIZE] PRT/MAX SHRMOD  REGION DETAIL
      UNUSED SPACE AT START
--->  
      __TEXT                      104164000-1041ac000    [  288K] r-x/r-x SM=COW  ...xctl.research

Thread 0 Crashed::  Dispatch queue: com.apple.main-thread
0   cryptexctl.research                    0x104174df0 0x104164000 + 69104
1   cryptexctl.research                    0x1041748f4 0x104164000 + 67828
2   cryptexctl.research                    0x1041748f4 0x104164000 + 67828
3   libsystem_darwin.dylib                 0x194adf578 os_subcommand_main + 716
4   cryptexctl.research                    0x10418257c 0x104164000 + 124284
5   dyld                                   0x1042150f4 start + 520

Thread 1:
0   libsystem_pthread.dylib                0x1923ac010 start_wqthread + 0

Thread 2:
0   libsystem_pthread.dylib                0x1923ac010 start_wqthread + 0

Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x0000600003bdd000   x1: 0x00006000015c14c0   x2: 0x000000016bc9b410   x3: 0x0000600001bdcde0
    x4: 0x0000000000000bc4   x5: 0x00000001ec0d80d0   x6: 0x007974696c697475   x7: 0x0000000000000001
    x8: 0x0000000000000000   x9: 0x55802c026e5c0050  x10: 0x0000000200001480  x11: 0x007ffffffffffff8
   x12: 0x0000000100001480  x13: 0x0000000000000001  x14: 0x0000000076000000  x15: 0x000000000000a41c
   x16: 0x710d8001d7979c9c  x17: 0x00000001041ac4c0  x18: 0x0000000000000000  x19: 0x000000016bc9af40
   x20: 0x000000016bc9b410  x21: 0x0000600003bdd000  x22: 0x00000001e63dad60  x23: 0x00006000027dc090
   x24: 0x00000001041a2ff2  x25: 0x000000016bc9b420  x26: 0x0000000000000009  x27: 0x00000001eb9c1b34
   x28: 0x00000001e87541b0   fp: 0x000000016bc9b380   lr: 0x85588001041748f4
    sp: 0x000000016bc9af40   pc: 0x0000000104174df0 cpsr: 0x40001000
   far: 0x0000000000000010  esr: 0x92000006 (Data Abort) byte read Translation fault

Binary Images:
       0x104164000 -        0x1041abfff cryptexctl.research (*) <8f3e3286-ec82-3a73-ac06-5e2ff79bd30e> /usr/local/bin/cryptexctl.research
       0x194adb000 -        0x194ae5fff libsystem_darwin.dylib (*) <3e100e89-39e4-3eb8-b107-74f2128ef205> /usr/lib/system/libsystem_darwin.dylib
       0x104210000 -        0x10426ffff dyld (*) <7e92b284-4b90-3b68-b31a-3ddc4c0e8d40> /usr/lib/dyld
       0x1923aa000 -        0x1923b6fff libsystem_pthread.dylib (*) <ed328b18-eeef-3b15-8858-798b19b0c2cd> /usr/lib/system/libsystem_pthread.dylib
               0x0 - 0xffffffffffffffff ??? (*) <00000000-0000-0000-0000-000000000000> ???

[xsscx]

Results for srdutil checkin

This version of srdutil successfully performed a checkin of 2 devices earlier today [SRD0009 + SRD0037]

Results for srdrestore on X86_64

iPhone 11

This version of srdutil was not able to perform an Upgrade or Downgrade on the iPhone 11 with Result of Soft Brick.

iPhone 12

This version of srdutil successfully performed a Downgrade on the iPhone 12 from 19D50 to 19D49.
This version of srdutil was not able to perform an Upgrade on the iPhone 12 from 19D49.
This version of srdutil successfully performed an Upgrade on the iPhone 12 from 19C56 to 19D50.

Results for srdrestore on M1 T8101 ARM

iPhone 11

This version of srdutil successfully performed a Downgrade on the iPhone 11 from Ceiling to Floor.
This version of srdutil successfully performed a Upgrade on the iPhone 11 from Floor to Ceiling.

iPhone 12

Works Up.Down Ceiling to Floor

[xsscx]

SUMMARY

See https://github.com/xsscx/srd/issues/17 See https://github.com/apple/security-research-device/pull/42