frida-trace Failed to attach to non-Apple apps on iOS 10.1.1

[coolsurf]

Hello,

I am new to Frida and I just installed Frida on my Mac and Jailbroken iPad (iOS 10.1.1). When I tried frida-trace, it attached fine to Apple apps that come with iOS such as Safari. However, frida-trace failed to attach to non-Apple apps, such as Google Maps. Here is the screen log. Thanks.

$ frida-ps -Ua
 PID  Name         Identifier            
----  -----------  ----------------------
3153  Google Maps  com.google.Maps

$ frida-trace -U  -m "-[NSURL* *HTTP*]" -p 3153
Failed to attach: unexpected error while preparing pipe endpoints for process with pid 3153 (mach_port_allocate remote_rx returned '(ipc/send) invalid destination port')

[oleavr]

Not able to reproduce this.

[ChiChou]

Cydia is now available on iOS 11 with Electra jailbreak.

But attaching all app will throw this error: Unexpected error while preparing pipe endpoints for process with pid 1 (mach_port_allocate remote_rx returned '(os/kern) invalid task')

The only thing I know is that it is related to some sort of mach port issue, in frida-core/src/darwin/frida-helper-backend-glue.m

Any tip that I can debug or try to implement on myself?

[brendanc]

I am seeing the same behavior as @ChiChou on the latest Unc0ver jailbreak and iOS 11. All apps erroring on trace.

$ frida-ps -Ua

PID  Name     Identifier            
---  -------  ----------------------
419  Cydia    com.saurik.Cydia      
390  Mail     com.apple.mobilemail  
537  Safari   com.apple.mobilesafari
406  unc0ver  science.xnu.undecimus 

$ frida-trace -U Safari
Failed to attach: unexpected error while preparing pipe endpoints for process with pid 537 (mach_port_allocate remote_rx returned '(os/kern) invalid task')

[oleavr]

This is most likely because a PolicySoftener like the one we have for Electra needs to be written for the Unc0ver jailbreak. I don't have any device I can test this jailbreak on, so I'm counting on someone in the community to help port Frida to it.

[pharazone]

Have the same problem too……I use unc0ver

[oleavr]

@pharazone Unsupported jailbreak. I don't have a device with this jailbreak so I'm waiting for someone running unc0ver to help fix it. (PR welcome!)

[w3bspl0it]

I have both jailbreaks running on two separate devices with iOS 11. Frida can attach to non system services (/usr/sbin, /usr/libexec) such as Safari etc. using Electra. With unc0ver, Frida fails when attempting to do tracing on Safari with the following message:

Failed to attach: unexpected error while preparing pipe endpoints for process with pid 1298 (mach_port_allocate remote_rx returned '(os/kern) invalid task')

[pharazone]

Th0r has been supported, but unc0ver is not.....

[oleavr]

@pharazone Th0r is unsupported too. It just works by luck – nobody is maintaining support for that jailbreak. But that could change if you're willing to help by contributing to Frida.

[MuchiMuchiPink]

@oleavr please don't kill me, but with iOS 12 being jailbroken with unc0ver are there any plans, time and resources available to work on support this time?

[biscuitehh]

@oleavr I would be willing to help with an updated PolicySoftener if I could get some guidance with it/what I need to be exposing for it to work appropriately.

[oleavr]

@MuchiMuchiPink Latest git now supports unc0ver, except for launching apps. Only tested on iOS 11.1.2 though, but it's a start. I've just had to context-switch to another area of Frida though, so would be awesome if any of you are willing to pitch in on testing and/or helping fix remaining issues.

@biscuitehh Unfortunately 99% of the work is figuring out the behavior of /usr/libexec/substrated, the closed-source daemon that unc0ver depends on. What's remaining now is getting early instrumentation – i.e. spawn() – working, by extending launchd.js and xpcproxy.js so they defer the communications with the daemon, or adding another agent that influences substrated itself. What's happening is that we add the posix_spawn() flag to spawn suspended, and substrated goes ahead and resumes it before the Frida user calls resume(). Anyway, feel free to poke me on Telegram if you're interested in taking a stab at fixing this last bit – definitely happy to guide you 🙂

[karimbenammar]

Same error here, frida needs an update ?

[evandrix]

the latest v12.4.1 works

[dickyher-lab]

Same Error but with different method jailbreak

try running this command : frida-ps Uai, worked with all listed running packages

But once, frida used with option such as frida -U --codeshare [script] -f [package], the frida return with
Failed to spawn: unexpected error while preparing pipe endpoints for process with pid 1 (mach_port_allocate remote_rx returned '(os/kern) invalid task')

device used : iphone SE 2nd Gen with iOS 13.7
JB Method : Odyssey 1.3.0
Frida Server & Frida Client Version : 14.2.14