unable to dump an appex/framework

Question

unable to dump an appex/framework

asdfzxcvbn opened this issue a year ago · comments

Describe the bug
bagbak is great, and this is actually the last reoccuring issue i get from time to time. when dumping certain apps, it won't be able to dump a certain appex or framework, due to it being "unable to attach" to a pid. when dumping Google Voice, it can't dump an appex:

[info] app bundle downloaded
[decrypt] Frameworks/VoiceFramework.framework/VoiceFramework
[decrypt] VoiceApp
[decrypt] PlugIns/IntentsExtension.appex/IntentsExtension
Failed to attach to pid 83049, skipping...
Warning: Unable to dump PlugIns/NotificationExtension.appex/NotificationExtension

To Reproduce
bagbak -fr Voice

Expected behavior
for every appex to be dumped successfully.

Desktop (please complete the following information):

OS: Arch Linux (macos mojave too)
nodejs: v16.20.0
frida on device version: v16.0.19
iOS and jailbreak version: iOS 14.8, rootful palera1n
The app you are trying to work on: can reproduce on Google Voice, Facebook, and a few others

Additional context
Add any other context about the problem here.

codecolorist · Answer 1 · Mon Jul 03 2023 06:09:39 GMT+0800 (China Standard Time)

TL;DR

Use iOS 16 instead.

Analysis

Reproduced on Facebook app. However I can't do anything about it. Here are some details and steps that might help you troubleshoot for the future bugs.

frida -U -f /private/var/containers/Bundle/Application/{GUID}/Facebook.app/PlugIns/FBLockscreenWidgetExtension.appex/FBLockscreenWidgetExtension

You will get a

Spawning `/private/var/containers/Bundle/Application/E9EB375E-DE91-4905-8FD4-B7FF80605ACC/Facebook.app/PlugFailed to attach: unexpectedly timed out while initializing suspended process

idevicecrashreport gives the root cause.

Termination Description: DYLD, dyld: Using shared cache: 277C6D53-D739-3482-8AB8-9EEE68D8C0BC | Library not loaded: /System/Library/Frameworks/Charts.framework/Charts | Referenced from: /private/var/containers/Bundle/Application/E9EB375E-DE91-4905-8FD4-B7FF80605ACC/Facebook.app/PlugIns/FBLockscreenWidgetExtension.appex/FBLockscreenWidgetExtension | Reason: image not found
Triggered by Thread:  0

Thread 0 Crashed:
0   dyld                          	0x0000000103383440 __abort_with_payload + 8
1   dyld                          	0x000000010338b6e0 abort_with_payload_wrapper_internal + 104
2   dyld                          	0x000000010338b714 __unw_set_reg.cold.1 + 0
3   dyld                          	0x000000010333105c dyld::fastBindLazySymbol(ImageLoader**, unsigned long) + 0
4   dyld                          	0x00000001033340b8 dyld::_main(macho_header const*, unsigned long, int, char const**, char const**, char const**, unsigned long*) + 6316
5   dyld                          	0x000000010332d258 dyldbootstrap::start(dyld3::MachOLoaded const*, int, char const**, dyld3::MachOLoaded const*, unsigned long*) + 476
6   dyld                          	0x000000010332d038 _dyld_start + 56

It complains that Charts.framework is missing. Check Apple documentation, it is clearly written that this framework is only available on iOS 16.0+.

So MinimumOSVersion of Facebook app is wrong. You are not supposed to install it on iOS 14.

Regarding Google Voice, I didn't manage to install it because it's not available on my Apple ID's country. You can follow these instructions to find out what is going on.

codecolorist · Answer 2 · Mon Jul 03 2023 06:11:35 GMT+0800 (China Standard Time)

This is exact the same issue #115

codecolorist · Answer 3 · Mon Jul 03 2023 06:34:37 GMT+0800 (China Standard Time)

Updated to wiki

zx · Answer 4 · Mon Jul 03 2023 14:02:50 GMT+0800 (China Standard Time)

ah alright, thanks for the clarification! my iphone 7 cant get ios 16, so i might upgrade to ios 15 soon. for now, i'll just use others' IPAs when bagbak doesnt work. thanks!