I've been tinkering with Frida Gadget recently on a Phoenix jailbroken iOS 9.3.6 device and keep running into a problem that prevents my re-packaged application from launching.
In this example, I have re-packaged my DVIA application using the patch-ipa option that comes with objection. This tool basically automatically re-packages an ipa file with Frida Gadget.
I have also tried re-packaging manually by following this link.
In both methods of re-packaging an application with Frida Gadget, I end up with an application that crashes the moment I launch it. It seems that there might be an error with loading a dynamic library but I cannot seem to find any fixes after combing through the internet to see if anyone has experienced anything similar, and am completely lost.
The full console logs from launching a re-packaged-with-frida-gadget DVIA (Damn Vulnerable iOS Application) with the crash are as follows:
Jan? 4 10:03:20 [device name] SpringBoard[198] <Error>:? SecTrustEvaluate? [leaf IssuerCommonName SubjectCommonName]
Jan? 4 10:03:20 [device name] SpringBoard[198] <Error>:? SecTrustEvaluate? [leaf IssuerCommonName SubjectCommonName]
Jan? 4 10:03:20 [device name] SpringBoard[198] <Error>:? SecTrustEvaluate? [leaf IssuerCommonName SubjectCommonName]
Jan? 4 10:03:20 [device name] kernel[0] <Notice>: xpcproxy[385] Container: /private/var/mobile/Containers/Data/Application/1C3C3A02-07F0-4010-8F0C-8419BCFDF6C7 (sandbox)
Jan? 4 10:03:20 [device name] com.apple.xpc.launchd[1] (UIKitApplication:com.highaltitudehacks.dvia[0xf5a5][385]) <Notice>: Service exited due to signal: Trace/BPT trap: 5
Jan? 4 10:03:20 [device name] assertiond[64] <Warning>: Unable to obtain a task name port right for pid 385: (os/kern) failure (5)
Jan? 4 10:03:20 [device name] SpringBoard[198] <Warning>: Unable to register for exec notifications: No such process
Jan? 4 10:03:20 [device name] SpringBoard[198] <Warning>: Unable to obtain a task name port right for pid 385: (os/kern) failure (5)
Jan? 4 10:03:20 [device name] SpringBoard[198] <Warning>: Unable to obtain a task name port right for <FBApplicationProcess: 0x1a3a5600; com.highaltitudehacks.dvia; pid: 385>
Jan? 4 10:03:20 [device name] SpringBoard[198] <Warning>: Application 'UIKitApplication:com.highaltitudehacks.dvia[0xf5a5]' crashed.
Jan? 4 10:03:21 [device name] SpringBoard[198] <Warning>: Application '(null)' exited for an unknown reason.
Jan? 4 10:03:21 [device name] ReportCrash[386] <Error>: assertion failed: 13G37: libsystem_trace.dylib + 15927 [E82A6F2D-873A-39AD-8014-EDEB52248157]: 0x0
Jan? 4 10:03:21 [device name] Unknown[386] <Error>:
Jan? 4 10:03:21 [device name] ReportCrash[386] <Warning>: os_activity_diagnostic_for_pid() failed!
Jan? 4 10:03:21 [device name] ReportCrash[386] <Notice>: Formulating report for corpse[385] DamnVulnerableIOSApp
Jan? 4 10:03:21 [device name] ReportCrash[386] <Warning>: Saved type '109(109_DamnVulnerableIOSApp)' report (5 of max 25) at /var/mobile/Library/Logs/CrashReporter/DamnVulnerableIOSApp-2021-01-04-100321.ips
The crash report for the above is as follows:
{"bug_type":"109","os_version":"iPhone OS 9.3.6 (13G37)","build_version":"1.0","timestamp":"2021-01-04 10:03:21.21 +0800","app_name":"DamnVulnerableIOSApp","bundleID":"com.highaltitudehacks.dvia","name":"DamnVulnerableIOSApp","is_first_party":false,"app_version":"1.3","share_with_app_devs":false,"slice_uuid":"1b3a202d-cf7c-38ba-94ae-99923d388833","adam_id":0}
Incident Identifier: 99FF2E94-6F2D-4BF6-A7C9-97F6B1C75699
CrashReporter Key: 3f8c88cf4fceb4312cfc55f27818aa6f7e4e4042
Hardware Model: iPhone4,1
Process: DamnVulnerableIOSApp [385]
Path: /private/var/containers/Bundle/Application/EC7885CC-F900-4B34-8116-C3F3D11C2934/DamnVulnerableIOSApp.app/DamnVulnerableIOSApp
Identifier: com.highaltitudehacks.dvia
Version: 1.0 (1.3)
Code Type: ARM (Native)
Parent Process: launchd [1]
Date/Time: 2021-01-04 10:03:21.21 +0800
Launch Time: 2021-01-04 10:03:20.20 +0800
OS Version: iOS 9.3.6 (13G37)
Report Version: 104
Exception Type: EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000001, 0x00000000e7ffdefe
Triggered by Thread: 0
Filtered syslog:
None found
Dyld Error Message:
Dyld Message: Library not loaded: @executable_path/Frameworks/FridaGadget.dylib
Referenced from: /var/containers/Bundle/Application/EC7885CC-F900-4B34-8116-C3F3D11C2934/DamnVulnerableIOSApp.app/DamnVulnerableIOSApp
Reason: no suitable image found. Did find:
/var/containers/Bundle/Application/EC7885CC-F900-4B34-8116-C3F3D11C2934/DamnVulnerableIOSApp.app/Frameworks/FridaGadget.dylib: no matching architecture in universal wrapper
/private/var/containers/Bundle/Application/EC7885CC-F900-4B34-8116-C3F3D11C2934/DamnVulnerableIOSApp.app/Frameworks/FridaGadget.dylib: no matching architecture in universal wrapper
Dyld Version: 390.7
Binary Images:
0xae000 - 0x281fff DamnVulnerableIOSApp armv7 <1b3a202dcf7c38ba94ae99923d388833> /var/containers/Bundle/Application/EC7885CC-F900-4B34-8116-C3F3D11C2934/DamnVulnerableIOSApp.app/DamnVulnerableIOSApp
0x1fe0c000 - 0x1fe33fff dyld armv7 <146dc907cdf7350eb7cf92a77291119f> /usr/lib/dyld
Error Formulating Crash Report:
Failed while requesting activity/breadcrumb diagnostics
It would be great if someone could point me in the right direction. Thank You!
question from:
https://stackoverflow.com/questions/65557508/problem-with-repackaging-applications-with-frida-gadget-on-ios 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…