Unable to dump apps on Apple Security research device

Question

Unable to dump apps on Apple Security research device

cfossace opened this issue 8 months ago · comments

There is an error dumping the app.

➜ bagbak -U my.app.testing.triggerdebug.testing-app
[info] pulling app bundle from device, please be patient

[info] app bundle downloaded
node:internal/process/promises:288
triggerUncaughtException(err, true /* fromPromise */);
^

[Error: ENOENT: no such file or directory, scandir '/var/folders/rr/n_90hxwd49gc5n3nwyrw6qdr0000gp/T/bagbak/my.app.testing.triggerdebug.testing-app/Payload/testing app.app'] {
errno: -2,
code: 'ENOENT',
syscall: 'scandir',
path: '/var/folders/rr/n_90hxwd49gc5n3nwyrw6qdr0000gp/T/bagbak/my.app.testing.triggerdebug.testing-app/Payload/testing app.app'
}

Node.js v18.18.2

To Reproduce
Steps to reproduce the behavior:

bagbak -U my.app.testing.triggerdebug.testing-app

Expected behavior
I expect it to dump the decrypted app, but it seems like there is a problem.

Desktop (please complete the following information):

OS: MacOS 13.5
➜ npm --version
9.8.1
➜ node --version
v18.18.2
frida on device version 16.1.4
iOS and jailbreak version Apple Security research device iOS 17 (non jailbroken, Frida installed with cryptex)

codecolorist · Answer 1 · Thu Nov 02 2023 22:39:14 GMT+0800 (China Standard Time)

I can't find this bundle id. Are you side-loading it?

cfossace · Answer 2 · Sat Nov 04 2023 03:21:34 GMT+0800 (China Standard Time)

Oh yeah sorry I was doing this with a test app. To confirm though, no apps work at all. They all get this same error :(

cfossace · Answer 3 · Sat Nov 04 2023 03:22:38 GMT+0800 (China Standard Time)

It seems like frida-ios-dump has the exact same error, so I can't tell if it is maybe something Frida-side? AloneMonkey/frida-ios-dump#180

codecolorist · Answer 4 · Sat Nov 04 2023 23:17:54 GMT+0800 (China Standard Time)

To side load an app, the app must be already decrypted. It makes no sense to "decrypt" again. What do you wanna implement?

codecolorist · Answer 5 · Sat Nov 04 2023 23:18:36 GMT+0800 (China Standard Time)

I don't think it has anything to do with frida. Your ipa must have some broken symbolic link inside

cfossace · Answer 6 · Thu Nov 09 2023 01:14:14 GMT+0800 (China Standard Time)

No I can't dump any apps with frida. I am not sideloading apps, I am dumping app store apps. I was just testing the dumping with a sideloaded app to see if that would help, but that didn't work either.

codecolorist · Answer 7 · Thu Nov 09 2023 06:26:54 GMT+0800 (China Standard Time)

No I can't dump any apps with frida. I am not sideloading apps, I am dumping app store apps. I was just testing the dumping with a sideloaded app to see if that would help, but that didn't work either.

but same error for store apps?

cfossace · Answer 8 · Fri Nov 17 2023 02:18:20 GMT+0800 (China Standard Time)

Yeah, even App Store apps get the same error. It seems like all apps are having this problem :(