Issue launching app analysis on 32 bit devices about passionfruit HOT 27 CLOSED

Any log from Console.app?

from passionfruit.

Yes on the the error, here's whats going to the Console:

An unhandledRejection occurred:
Rejection:Error:The Connection is closed
Error: The Connection is closed

Thanks for the app and having a look at this.

from passionfruit.

open Console.app, I mean the log from iPhone

from passionfruit.

Ah, O.k. The device is at the office, I'll dump the logs from it when I get in tomorrow.

from passionfruit.

Find attached the log from me running the process this morning
DeviceCrash.crash.zip

from passionfruit.

launchd crashed, looks like it's a jailbreak environment problem

from passionfruit.

Passionfruit also supports repacking FridaGadget.dylib to ipa, which does not require jailbroken device.

from passionfruit.

Thanks for the research. I’ll try injecting the Frida library or a different 9.3.5 jailbreak

from passionfruit.

I only got a 32bit iPhone 5 with iOS 8. Still unable to reproduce this.

from passionfruit.

Wow, that's interesting. Perhaps it is my Jailbreak. I am using the Phoenix Jailbreak on 3 different 9.3.5 device. Again thanks much for your efforts.

from passionfruit.

I have the same issue with the Phoenix Jailbreak (iOS 9.3.5, iPhone4S).

from passionfruit.

Yet another question to ask, have you confirm that the frida on device is properly installed? There's both 32bit and 64bit version in the Cydia source:

from passionfruit.

Yea, i know. It's the correct "Frida for 32-bit devices" version installed. frida-ps -U shows all processes and attaching works fine.

from passionfruit.

@allRiceOnMe Does frida -f [com.xxx.bundleid.goes.here] -U work?

from passionfruit.

Nope, it doesn't. Same result as when using passionfruit: The device restarts.

from passionfruit.

I guess only @oleavr can solve this...

Anyway, you can manually start an app on device, then passionfruit will try to attach it instead of spawning a new instance.

from passionfruit.

Seems like it's a frida framework's bug: frida/frida#373
@eric1dat

from passionfruit.

Launching the app on the device then attaching with the tool works fine. Thanks for everyones inputs.

from passionfruit.

This is indeed a bug in Frida, but I'm afraid I won't fix this unless somebody volunteers their time to debug it – I don't have any 32-bit devices available for testing.

from passionfruit.

cc @allRiceOnMe

from passionfruit.

@oleavr How can I help?

from passionfruit.

@allRiceOnMe Would be great if you could build Frida yourself, changing config.mk to remove --strip, and replacing /usr/sbin/frida-server with your symbolicated version. (Make sure you rm the original file first to avoid code-signing issues.) Then use launchctl to unload and then load frida-server. Once that's done, the next step is figuring out why launchd crashes when we instrument it with this script.

from passionfruit.

@oleavr Could you please name the full command to load and unload using launchctl?

from passionfruit.

@allRiceOnMe

$ launchctl unload /Library/LaunchDaemons/re.frida.server.plist
$ launchctl load /Library/LaunchDaemons/re.frida.server.plist

from passionfruit.

@oleavr Ok, perfekt. I'm prepared.

from passionfruit.

@oleavr What would be the next step? Thanks in advance

from passionfruit.

@allRiceOnMe Could you provide a disassembly of __posix_spawn? We hook it here. I'm also curious if you are able to trace it if you do frida-trace -U -p 1 -i __posix_spawn -- does that crash launchd (PID 1) when you manually launch an app, or does it work?

from passionfruit.