(Amazing stuff, thank you as always)
There's an immediate crash when using the Frida gadget.dylib on an iOS simulator. This implies a jailed setup, the gadget doesn't event get to reading the .config file so that's not relevant to this crash
To reproduce:
- grab frida-gadget-17.2.11.dylib
- codesign -f -s - frida-gadget-17.2.11
- boot up iOS Simulator (used iOS 18.2 but it can be any one greater than Frida min supported)
- launch any app with Frida in dyld_insert_libraries env
SIMCTL_CHILD_DYLD_INSERT_LIBRARIES=/tmp/gadget.dylib xcrun simctl launch booted com.apple.DocumentsApp --terminate-running-process
Crash
"exception" : {"codes":"0x0000000000000001, 0x0000000000000008","rawCodes":[1,8],"type":"EXC_BAD_ACCESS","signal":"SIGSEGV","subtype":"KERN_INVALID_ADDRESS at 0x0000000000000008"},
Thread 0 Crashed:: Dispatch queue: com.apple.main-thread
0 gadget.dylib 0x103176fd8 0x10300c000 + 1486808
1 gadget.dylib 0x10305a024 0x10300c000 + 319524
2 gadget.dylib 0x10317ff8c 0x10300c000 + 1523596
3 gadget.dylib 0x103177640 0x10300c000 + 1488448
4 gadget.dylib 0x103059eec 0x10300c000 + 319212
5 gadget.dylib 0x103042658 0x10300c000 + 222808
6 gadget.dylib 0x10317fc58 0x10300c000 + 1522776
7 gadget.dylib 0x103177a30 0x10300c000 + 1489456
8 gadget.dylib 0x10317765c 0x10300c000 + 1488476
9 gadget.dylib 0x1030425b8 0x10300c000 + 222648
10 gadget.dylib 0x10301121c 0x10300c000 + 21020
11 gadget.dylib 0x1030211c8 0x10300c000 + 86472
12 dyld_sim 0x1008a4460 0x100894000 + 66656
13 dyld_sim 0x1008c5aa4 0x100894000 + 203428
...
(Amazing stuff, thank you as always)
There's an immediate crash when using the Frida gadget.dylib on an iOS simulator. This implies a jailed setup, the gadget doesn't event get to reading the .config file so that's not relevant to this crash
To reproduce:
SIMCTL_CHILD_DYLD_INSERT_LIBRARIES=/tmp/gadget.dylib xcrun simctl launch booted com.apple.DocumentsApp --terminate-running-processCrash