Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

frida-trace Failed to attach to non-Apple apps on iOS 10.1.1 #120

Closed
coolsurf opened this issue Apr 7, 2017 · 14 comments

Comments

@coolsurf
Copy link

commented Apr 7, 2017

Hello,

I am new to Frida and I just installed Frida on my Mac and Jailbroken iPad (iOS 10.1.1). When I tried frida-trace, it attached fine to Apple apps that come with iOS such as Safari. However, frida-trace failed to attach to non-Apple apps, such as Google Maps. Here is the screen log. Thanks.

$ frida-ps -Ua
 PID  Name         Identifier            
----  -----------  ----------------------
3153  Google Maps  com.google.Maps

$ frida-trace -U  -m "-[NSURL* *HTTP*]" -p 3153
Failed to attach: unexpected error while preparing pipe endpoints for process with pid 3153 (mach_port_allocate remote_rx returned '(ipc/send) invalid destination port')
@oleavr

This comment has been minimized.

Copy link
Contributor

commented Oct 11, 2017

Not able to reproduce this.

@oleavr oleavr closed this Oct 11, 2017

@ChiChou

This comment has been minimized.

Copy link
Contributor

commented Mar 11, 2018

Cydia is now available on iOS 11 with Electra jailbreak.

But attaching all app will throw this error: Unexpected error while preparing pipe endpoints for process with pid 1 (mach_port_allocate remote_rx returned '(os/kern) invalid task')

The only thing I know is that it is related to some sort of mach port issue, in frida-core/src/darwin/frida-helper-backend-glue.m

Any tip that I can debug or try to implement on myself?

@brendanc

This comment has been minimized.

Copy link

commented Oct 23, 2018

I am seeing the same behavior as @ChiChou on the latest Unc0ver jailbreak and iOS 11. All apps erroring on trace.

$ frida-ps -Ua

PID  Name     Identifier            
---  -------  ----------------------
419  Cydia    com.saurik.Cydia      
390  Mail     com.apple.mobilemail  
537  Safari   com.apple.mobilesafari
406  unc0ver  science.xnu.undecimus 

$ frida-trace -U Safari
Failed to attach: unexpected error while preparing pipe endpoints for process with pid 537 (mach_port_allocate remote_rx returned '(os/kern) invalid task')
@oleavr

This comment has been minimized.

Copy link
Contributor

commented Oct 23, 2018

This is most likely because a PolicySoftener like the one we have for Electra needs to be written for the Unc0ver jailbreak. I don't have any device I can test this jailbreak on, so I'm counting on someone in the community to help port Frida to it.

@pharazone

This comment has been minimized.

Copy link

commented Nov 22, 2018

Have the same problem too……I use unc0ver

@oleavr

This comment has been minimized.

Copy link
Contributor

commented Nov 23, 2018

@pharazone Unsupported jailbreak. I don't have a device with this jailbreak so I'm waiting for someone running unc0ver to help fix it. (PR welcome!)

@w3bspl0it

This comment has been minimized.

Copy link

commented Dec 8, 2018

I have both jailbreaks running on two separate devices with iOS 11. Frida can attach to non system services (/usr/sbin, /usr/libexec) such as Safari etc. using Electra. With unc0ver, Frida fails when attempting to do tracing on Safari with the following message:

Failed to attach: unexpected error while preparing pipe endpoints for process with pid 1298 (mach_port_allocate remote_rx returned '(os/kern) invalid task')

@pharazone

This comment has been minimized.

Copy link

commented Dec 15, 2018

Th0r has been supported, but unc0ver is not.....

@oleavr

This comment has been minimized.

Copy link
Contributor

commented Dec 17, 2018

@pharazone Th0r is unsupported too. It just works by luck – nobody is maintaining support for that jailbreak. But that could change if you're willing to help by contributing to Frida.

@MuchiMuchiPink

This comment has been minimized.

Copy link

commented Feb 26, 2019

@oleavr please don't kill me, but with iOS 12 being jailbroken with unc0ver are there any plans, time and resources available to work on support this time?

@biscuitehh

This comment has been minimized.

Copy link

commented Feb 28, 2019

@oleavr I would be willing to help with an updated PolicySoftener if I could get some guidance with it/what I need to be exposing for it to work appropriately.

@oleavr

This comment has been minimized.

Copy link
Contributor

commented Mar 5, 2019

@MuchiMuchiPink Latest git now supports unc0ver, except for launching apps. Only tested on iOS 11.1.2 though, but it's a start. I've just had to context-switch to another area of Frida though, so would be awesome if any of you are willing to pitch in on testing and/or helping fix remaining issues.

@biscuitehh Unfortunately 99% of the work is figuring out the behavior of /usr/libexec/substrated, the closed-source daemon that unc0ver depends on. What's remaining now is getting early instrumentation – i.e. spawn() – working, by extending launchd.js and xpcproxy.js so they defer the communications with the daemon, or adding another agent that influences substrated itself. What's happening is that we add the posix_spawn() flag to spawn suspended, and substrated goes ahead and resumes it before the Frida user calls resume(). Anyway, feel free to poke me on Telegram if you're interested in taking a stab at fixing this last bit – definitely happy to guide you 🙂

@karimbenammar

This comment has been minimized.

Copy link

commented Mar 7, 2019

Same error here, frida needs an update ?

@evandrix

This comment has been minimized.

Copy link

commented Mar 16, 2019

the latest v12.4.1 works

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
10 participants
You can’t perform that action at this time.