search

xsscx / srd

Welcome to Hoyt's SRD Repo for the Apple Security Research Device. Contribute Code or Open an Issue or Discussion.
Other
63 stars 12 forks source link

SUMMARY: FB10428297 | SRD | IPSW 15.6_19G5046d_Restore | Crash | debugserver | Symbol not found: (_objc_release_x20) #39

Closed xsscx closed 2 years ago

xsscx commented 2 years ago

SUMMARY

When using 15.6_19G5046d for either SRD iPhone 11 or iPhone 12 its has been found that the following Crash Report reproduces when installing the default ./example-cryptex/ from either X86_64 or arm64e:

Reproduction

make clean
make install

Source

https://github.com/apple/security-research-device

Console Log

ASI found [dyld] (sensitive) 'Symbol not found: (_objc_release_x20)
  Referenced from: '/private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.EPj3zU/usr/bin/debugserver'
  Expected in: '/usr/lib/libobjc.A.dylib''

Version id

uname -a
Darwin SRD0009 21.6.0 Darwin Kernel Version 21.6.0: Sun Jun  5 16:51:51 PDT 2022; root:xnu-8020.140.36~29/RELEASE_ARM64_T8030 iPhone12,1 Toybox

whoami
root

date
Thu Jun 23 06:51:55 EDT 2022

and

uname -a
Darwin SRD0037 21.6.0 Darwin Kernel Version 21.6.0: Sun May 22 21:41:28 PDT 2022; root:xnu-8020.140.30~10/RELEASE_ARM64_T8101 iPhone13,2 Toybox

date
Thu Jun 23 07:07:56 EDT 2022

whoami
root

Crash Report

Last Updated: THU 23 JUN 2022

Hardware Model:      iPhone12,1
Process:             debugserver [455]
Path:                /private/var/run/com.apple.security.cryptexd/mnt/com.example.cryptex.EPj3zU/usr/bin/debugserver
Identifier:          debugserver
Version:             ???
Code Type:           ARM-64 (Native)
Role:                Unspecified
Parent Process:      launchd [1]
Coalition:           com.example.cryptex.debugserver [502]

Date/Time:           2022-06-23 06:49:29.3405 -0400
Launch Time:         2022-06-23 06:49:29.3123 -0400
OS Version:          iPhone OS 15.6 (19G5046d)
Release Type:        Beta
Baseband Version:    3.04.00
Report Version:      104

Exception Type:  EXC_CRASH (SIGABRT)
Exception Codes: 0x0000000000000000, 0x0000000000000000
Exception Note:  EXC_CORPSE_NOTIFY
Termination Reason: DYLD 4 Symbol missing
Symbol not found: (_objc_release_x20)
Referenced from: '/Volumes/VOLUME/*/debugserver'
Expected in: '/usr/lib/libobjc.A.dylib'
(terminated at launch; ignore backtrace)

Triggered by Thread:  0

Thread 0 Crashed:
0   dyld                                   0x1052c8b14 __abort_with_payload + 8
1   dyld                                   0x1052ce6cc abort_with_payload_wrapper_internal + 104
2   dyld                                   0x1052ce700 abort_with_payload + 16
3   dyld                                   0x10529ea00 dyld4::halt(char const*) + 580
4   dyld                                   0x10529ba20 dyld4::prepare(dyld4::APIs&, dyld3::MachOAnalyzer const*) + 3560
5   dyld                                   0x105299d84 start + 488

Thread 0 crashed with ARM Thread State (64-bit):
    x0: 0x0000000000000006   x1: 0x0000000000000004   x2: 0x000000016b1ea318   x3: 0x000000000000009f
    x4: 0x000000016b1e9f18   x5: 0x0000000000000000   x6: 0x0000000000000000   x7: 0x000000016b1e9990
    x8: 0x0000000000000020   x9: 0x0000000000000009  x10: 0x000000016b1e9fc3  x11: 0x00000000000000c3
   x12: 0x0000000000000000  x13: 0x0000000000000034  x14: 0x000000021f9d9f90  x15: 0x0000000000000000
   x16: 0x0000000000000209  x17: 0x00000001052c31c8  x18: 0x0000000000000000  x19: 0x0000000000000000
   x20: 0x000000016b1e9f18  x21: 0x000000000000009f  x22: 0x000000016b1ea318  x23: 0x0000000000000004
   x24: 0x0000000000000006  x25: 0x000000016b1e9f18  x26: 0x0000000000000400  x27: 0x0000000000000400
   x28: 0x00000000000000ab   fp: 0x000000016b1e9ee0   lr: 0x00000001052ce6cc
    sp: 0x000000016b1e9ea0   pc: 0x00000001052c8b14 cpsr: 0x00000000
   far: 0x00000001051b8000  esr: 0x56000080  Address size fault

Binary Images:
       0x105280000 -        0x1052d7fff dyld arm64e  <2d3a4c3340a83b37bab46c8e83def771> /usr/lib/dyld

EOF

Reported