Cannot open target process

[d3ibis]

For all applications...

Any suggestion ?

[as0ler]

Is it happening with all your applications? Please give more feedback to see what's the root cause of it.

Thank you!

[bt]

I'm also experiencing this issue with a new installation. I tried with a couple apps.

iPhone 7 Plus, iOS 13.4.1, jailbroken with checkra1n.

[d3ibis]

Is it happening with all your applications? Please give more feedback to see what's the root cause of it.

Thank you!

Nothing to add actually, this is happening to all of my applications along with new installed ones.

I'm also like last conment, iPhone 7 (A10) with 14.4.2 iOS with Checkra1n

[as0ler]

Have you tried to spawn the app using r2frida? r2 frida://usb/launch//

As well, verify the bundle id is correct using r2flutch -l or frida-ps -U -i -a.

[d3ibis]

r2 frida://usb/launch//

getting same for spawning

[r] Cannot open 'frida://usb/launch//com.6alabat.cuisineapp'

Or when typing app name:

[r] Cannot open 'frida://usb/launch//talabat'

Also checked bundle id, with more than 1 app.

[d3ibis]

@as0ler Issues were fixed, re-installed radare2 using:

git clone https://github.com/radareorg/radare2
radare2/sys/install.sh

Then re-installed r2flutch using:
r2pm -ci r2flutch

All working now:

Issue closed!

[d3ibis]

I noticed apps with jailbreak detection (2 apps one is crashing and the other open web browser with crash to app) are not saved or decrypted, any workaround ?

Tried with other apps, worked flawlessly!

[as0ler]

there is no native support to bypass the controls for apps with jailbreak detection. You should analyze the app and bypass the checks with r2frida. Then, launching the app with early instrumentation using the script and attaching it to the process should be fine.

[d3ibis]

For now I'll use flexdecrypt for them on device...i thought i can decrypt them using r2flutch in order to analyze later.

Much appreciated & ThanQ.

[as0ler]

is flexdecrypt having support for this?

I'm thinking in adding support to bypass basic jb detections, so perhaps is coming sooner than later :)

[d3ibis]

flexdecrypt only decrypts main app binary and save it in specific folder on device, later on we can just copt it alone or do the whole process with ssh (tried it with 3 apps with jailbreak detection and decrypted the 3 of them in seconds).

For r2flutch, it is opening the app then app is crashing and process is terminated, flexdecrypt is dealing with main binary file directly.

[as0ler]

r2flutch is getting only the main app by default (without -i flag).

It's easy to add support to decrypt jb apps during early instrumentation, but you have to bypass the ios watchdog to avoid crashing the app by the os.

I will think on add this for future releases :)

Thank you for the feedback!

[d3ibis]

Here is flexdecrypt:

Screen.Recording.2022-02-12.mov

Waiting for ur updates <3 ThanQ!