frida doesn't recognize Developer Disk Image

Created on 31 Oct 2019  Â·  3Comments  Â·  Source: frida/frida

Device

  • iPod touch (non-jailbroken)
  • ProductName: iPhone OS
  • ProductType: iPod9,1
  • ProductVersion: 12.3.1
  • BuildVersion: 16F8202

Software Versions

  • macOS 10.14.6
  • frida 12.7.16
  • libimobiledevice 1.1.0

Frida cannot attach FridaGadget, and this script fails,

import frida

device = frida.get_usb_device()
device.attach("Gadget") # raises frida.NotSupportedError: this feature requires an iOS Developer Disk Image to be mounted; run Xcode briefly or use ideviceimagemounter to mount one manually

even though I used ideviceimagemounter manually, just before using Frida.

Below is the debug message ideviceimagemounter emitted.
This verbose message shows that libimobiledevice can talk with lockdownd on the iPod, and a Developer Disk Image is successfully mounted.

$ ideviceimagemounter -d /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/12.3.1/DeveloperDiskImage.dmg /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/12.3.1/DeveloperDiskImage.dmg.signature
20:09:47 lockdown.c:676 lockdownd_client_new(): device udid: e8ca4ed6418a1fa04c6246788cc5dac66c9985dc
20:09:47 lockdown.c:405 lockdownd_query_type(): called
20:09:47 property_list_service.c:132 internal_plist_send(): sending 292 bytes
20:09:47 service.c:144 service_send(): sending 4 bytes
20:09:47 service.c:144 service_send(): sending 292 bytes
20:09:47 property_list_service.c:137 internal_plist_send(): sent 292 bytes
20:09:47 property_list_service.c:138 internal_plist_send(): printing 292 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>ideviceimagemounter</string>
    <key>Request</key>
    <string>QueryType</string>
</dict>
</plist>
20:09:47 property_list_service.c:205 internal_plist_receive_timeout(): initial read=4
20:09:47 property_list_service.c:211 internal_plist_receive_timeout(): 297 bytes following
20:09:47 property_list_service.c:224 internal_plist_receive_timeout(): received 297 bytes
20:09:47 property_list_service.c:250 internal_plist_receive_timeout(): printing 297 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Request</key>
    <string>QueryType</string>
    <key>Type</key>
    <string>com.apple.mobile.lockdown</string>
</dict>
</plist>
20:09:47 lockdown.c:421 lockdownd_query_type(): success with type com.apple.mobile.lockdown
20:09:47 property_list_service.c:132 internal_plist_send(): sending 340 bytes
20:09:47 service.c:144 service_send(): sending 4 bytes
20:09:47 service.c:144 service_send(): sending 340 bytes
20:09:47 property_list_service.c:137 internal_plist_send(): sent 340 bytes
20:09:47 property_list_service.c:138 internal_plist_send(): printing 340 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>ideviceimagemounter</string>
    <key>Key</key>
    <string>ProductVersion</string>
    <key>Request</key>
    <string>GetValue</string>
</dict>
</plist>
20:09:47 property_list_service.c:205 internal_plist_receive_timeout(): initial read=4
20:09:47 property_list_service.c:211 internal_plist_receive_timeout(): 327 bytes following
20:09:47 property_list_service.c:224 internal_plist_receive_timeout(): received 327 bytes
20:09:47 property_list_service.c:250 internal_plist_receive_timeout(): printing 327 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Key</key>
    <string>ProductVersion</string>
    <key>Request</key>
    <string>GetValue</string>
    <key>Value</key>
    <string>12.3.1</string>
</dict>
</plist>
20:09:47 lockdown.c:474 lockdownd_get_value(): success
20:09:47 lockdown.c:485 lockdownd_get_value(): has a value
20:09:47 userpref.c:193 userpref_read_system_buid(): using F325A452-4922-41EA-853D-C1904FFA149E as SystemBUID
20:09:47 property_list_service.c:132 internal_plist_send(): sending 447 bytes
20:09:47 service.c:144 service_send(): sending 4 bytes
20:09:47 service.c:144 service_send(): sending 447 bytes
20:09:47 property_list_service.c:137 internal_plist_send(): sent 447 bytes
20:09:47 property_list_service.c:138 internal_plist_send(): printing 447 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>ideviceimagemounter</string>
    <key>Request</key>
    <string>StartSession</string>
    <key>HostID</key>
    <string>13BD50C4-4D26-FF30-F3FD-7D4595C9806B</string>
    <key>SystemBUID</key>
    <string>F325A452-4922-41EA-853D-C1904FFA149E</string>
</dict>
</plist>
20:09:47 property_list_service.c:205 internal_plist_receive_timeout(): initial read=4
20:09:47 property_list_service.c:211 internal_plist_receive_timeout(): 354 bytes following
20:09:47 property_list_service.c:224 internal_plist_receive_timeout(): received 354 bytes
20:09:47 property_list_service.c:250 internal_plist_receive_timeout(): printing 354 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>EnableSessionSSL</key>
    <true/>
    <key>Request</key>
    <string>StartSession</string>
    <key>SessionID</key>
    <string>E5997330-9E7C-433A-AE07-E4B81D641EAD</string>
</dict>
</plist>
20:09:47 lockdown.c:1193 lockdownd_start_session(): Session startup OK
20:09:47 lockdown.c:1205 lockdownd_start_session(): SessionID: E5997330-9E7C-433A-AE07-E4B81D641EAD
20:09:47 lockdown.c:1212 lockdownd_start_session(): Enable SSL Session: true
20:09:47 idevice.c:862 idevice_connection_enable_ssl(): SSL mode enabled, TLSv1.2, cipher: ECDHE-RSA-AES256-GCM-SHA384
20:09:47 property_list_service.c:132 internal_plist_send(): sending 340 bytes
20:09:47 service.c:144 service_send(): sending 4 bytes
20:09:47 idevice.c:399 idevice_connection_send(): SSL_write 4, sent 4
20:09:47 service.c:144 service_send(): sending 340 bytes
20:09:47 idevice.c:399 idevice_connection_send(): SSL_write 340, sent 340
20:09:47 property_list_service.c:137 internal_plist_send(): sent 340 bytes
20:09:47 property_list_service.c:138 internal_plist_send(): printing 340 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>ideviceimagemounter</string>
    <key>Key</key>
    <string>ProductVersion</string>
    <key>Request</key>
    <string>GetValue</string>
</dict>
</plist>
20:09:47 idevice.c:492 idevice_connection_receive_timeout(): SSL_read 4, received 4
20:09:47 property_list_service.c:205 internal_plist_receive_timeout(): initial read=4
20:09:47 property_list_service.c:211 internal_plist_receive_timeout(): 327 bytes following
20:09:47 idevice.c:492 idevice_connection_receive_timeout(): SSL_read 327, received 327
20:09:47 property_list_service.c:224 internal_plist_receive_timeout(): received 327 bytes
20:09:47 property_list_service.c:250 internal_plist_receive_timeout(): printing 327 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Key</key>
    <string>ProductVersion</string>
    <key>Request</key>
    <string>GetValue</string>
    <key>Value</key>
    <string>12.3.1</string>
</dict>
</plist>
20:09:47 lockdown.c:474 lockdownd_get_value(): success
20:09:47 lockdown.c:485 lockdownd_get_value(): has a value
20:09:47 property_list_service.c:132 internal_plist_send(): sending 371 bytes
20:09:47 service.c:144 service_send(): sending 4 bytes
20:09:47 idevice.c:399 idevice_connection_send(): SSL_write 4, sent 4
20:09:47 service.c:144 service_send(): sending 371 bytes
20:09:47 idevice.c:399 idevice_connection_send(): SSL_write 371, sent 371
20:09:47 property_list_service.c:137 internal_plist_send(): sent 371 bytes
20:09:47 property_list_service.c:138 internal_plist_send(): printing 371 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>ideviceimagemounter</string>
    <key>Request</key>
    <string>StartService</string>
    <key>Service</key>
    <string>com.apple.mobile.mobile_image_mounter</string>
</dict>
</plist>
20:09:47 idevice.c:492 idevice_connection_receive_timeout(): SSL_read 4, received 4
20:09:47 property_list_service.c:205 internal_plist_receive_timeout(): initial read=4
20:09:47 property_list_service.c:211 internal_plist_receive_timeout(): 358 bytes following
20:09:47 idevice.c:492 idevice_connection_receive_timeout(): SSL_read 358, received 358
20:09:47 property_list_service.c:224 internal_plist_receive_timeout(): received 358 bytes
20:09:47 property_list_service.c:250 internal_plist_receive_timeout(): printing 358 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Port</key>
    <integer>49250</integer>
    <key>Request</key>
    <string>StartService</string>
    <key>Service</key>
    <string>com.apple.mobile.mobile_image_mounter</string>
</dict>
</plist>
20:09:47 lockdown.c:287 lockdownd_stop_session(): stopping session E5997330-9E7C-433A-AE07-E4B81D641EAD
20:09:47 property_list_service.c:132 internal_plist_send(): sending 371 bytes
20:09:47 service.c:144 service_send(): sending 4 bytes
20:09:47 idevice.c:399 idevice_connection_send(): SSL_write 4, sent 4
20:09:47 service.c:144 service_send(): sending 371 bytes
20:09:47 idevice.c:399 idevice_connection_send(): SSL_write 371, sent 371
20:09:47 property_list_service.c:137 internal_plist_send(): sent 371 bytes
20:09:47 property_list_service.c:138 internal_plist_send(): printing 371 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>ideviceimagemounter</string>
    <key>Request</key>
    <string>StopSession</string>
    <key>SessionID</key>
    <string>E5997330-9E7C-433A-AE07-E4B81D641EAD</string>
</dict>
</plist>
20:09:47 idevice.c:492 idevice_connection_receive_timeout(): SSL_read 4, received 4
20:09:47 property_list_service.c:205 internal_plist_receive_timeout(): initial read=4
20:09:47 property_list_service.c:211 internal_plist_receive_timeout(): 238 bytes following
20:09:47 idevice.c:492 idevice_connection_receive_timeout(): SSL_read 238, received 238
20:09:47 property_list_service.c:224 internal_plist_receive_timeout(): received 238 bytes
20:09:47 property_list_service.c:250 internal_plist_receive_timeout(): printing 238 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Request</key>
    <string>StopSession</string>
</dict>
</plist>
20:09:47 lockdown.c:303 lockdownd_stop_session(): success
20:09:47 idevice.c:945 idevice_connection_disable_ssl(): Skipping bidirectional SSL shutdown. SSL error code: 5

20:09:47 idevice.c:958 idevice_connection_disable_ssl(): SSL mode disabled
Uploading /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/12.3/DeveloperDiskImage.dmg
20:09:47 property_list_service.c:132 internal_plist_send(): sending 562 bytes
20:09:47 service.c:144 service_send(): sending 4 bytes
20:09:47 service.c:144 service_send(): sending 562 bytes
20:09:47 property_list_service.c:137 internal_plist_send(): sent 562 bytes
20:09:47 property_list_service.c:138 internal_plist_send(): printing 562 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Command</key>
    <string>ReceiveBytes</string>
    <key>ImageSignature</key>
    <data>
    OIrMZfwD5TcdgVaizBMAaImjwDXsrldgRDbsiSWbtafuf1t0BSJR9tDycyYPG3E+wmUY
    8fmP0l0S3UkMkQpJksFOx2fn0h1lAuhAiP9bJBjZ6PvbetHE/A2XJNVu78obBZl9dAzg
    pIEHPSvu6HJM7mdZrdFjA7GG7QJOnCL4Vnc=
    </data>
    <key>ImageSize</key>
    <integer>13495230</integer>
    <key>ImageType</key>
    <string>Developer</string>
</dict>
</plist>
20:09:47 property_list_service.c:205 internal_plist_receive_timeout(): initial read=4
20:09:47 property_list_service.c:211 internal_plist_receive_timeout(): 241 bytes following
20:09:47 property_list_service.c:224 internal_plist_receive_timeout(): received 241 bytes
20:09:47 property_list_service.c:250 internal_plist_receive_timeout(): printing 241 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Status</key>
    <string>ReceiveBytesAck</string>
</dict>
</plist>
20:09:47 mobile_image_mounter.c:222 mobile_image_mounter_upload_image(): uploading image (13495230 bytes)
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 65536 bytes
20:09:47 service.c:144 service_send(): sending 60350 bytes
20:09:47 mobile_image_mounter.c:243 mobile_image_mounter_upload_image(): image uploaded
20:09:47 property_list_service.c:205 internal_plist_receive_timeout(): initial read=4
20:09:47 property_list_service.c:211 internal_plist_receive_timeout(): 234 bytes following
20:09:47 property_list_service.c:224 internal_plist_receive_timeout(): received 234 bytes
20:09:47 property_list_service.c:250 internal_plist_receive_timeout(): printing 234 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Status</key>
    <string>Complete</string>
</dict>
</plist>
done.
Mounting...
20:09:47 property_list_service.c:132 internal_plist_send(): sending 604 bytes
20:09:47 service.c:144 service_send(): sending 4 bytes
20:09:47 service.c:144 service_send(): sending 604 bytes
20:09:47 property_list_service.c:137 internal_plist_send(): sent 604 bytes
20:09:47 property_list_service.c:138 internal_plist_send(): printing 604 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Command</key>
    <string>MountImage</string>
    <key>ImagePath</key>
    <string>/private/var/mobile/Media/PublicStaging/staging.dimage</string>
    <key>ImageSignature</key>
    <data>
    OIrMZfwD5TcdgVaizBMAaImjwDXsrldgRDbsiSWbtafuf1t0BSJR9tDycyYPG3E+wmUY
    8fmP0l0S3UkMkQpJksFOx2fn0h1lAuhAiP9bJBjZ6PvbetHE/A2XJNVu78obBZl9dAzg
    pIEHPSvu6HJM7mdZrdFjA7GG7QJOnCL4Vnc=
    </data>
    <key>ImageType</key>
    <string>Developer</string>
</dict>
</plist>
20:09:47 property_list_service.c:205 internal_plist_receive_timeout(): initial read=4
20:09:47 property_list_service.c:211 internal_plist_receive_timeout(): 234 bytes following
20:09:47 property_list_service.c:224 internal_plist_receive_timeout(): received 234 bytes
20:09:47 property_list_service.c:250 internal_plist_receive_timeout(): printing 234 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Status</key>
    <string>Complete</string>
</dict>
</plist>
Done.
Status: Complete
20:09:47 property_list_service.c:132 internal_plist_send(): sending 233 bytes
20:09:47 service.c:144 service_send(): sending 4 bytes
20:09:47 service.c:144 service_send(): sending 233 bytes
20:09:47 property_list_service.c:137 internal_plist_send(): sent 233 bytes
20:09:47 property_list_service.c:138 internal_plist_send(): printing 233 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Command</key>
    <string>Hangup</string>
</dict>
</plist>
20:09:47 property_list_service.c:205 internal_plist_receive_timeout(): initial read=4
20:09:47 property_list_service.c:211 internal_plist_receive_timeout(): 217 bytes following
20:09:47 property_list_service.c:224 internal_plist_receive_timeout(): received 217 bytes
20:09:47 property_list_service.c:250 internal_plist_receive_timeout(): printing 217 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Goodbye</key>
    <true/>
</dict>
</plist>
20:09:47 mobile_image_mounter.c:316 mobile_image_mounter_hangup(): printing 217 bytes plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Goodbye</key>
    <true/>
</dict>
</plist>

$ ideviceimagemounter -l
ImageSignature[1]:
 0: OIrMZfwD5TcdgVaizBMAaImjwDXsrldgRDbsiSWbtafuf1t0BSJR9tDycyYPG3E+wmUY8fmP0l0S3UkMkQpJksFOx2fn0h1lAuhAiP9bJBjZ6PvbetHE/A2XJNVu78obBZl9dAzgpIEHPSvu6HJM7mdZrdFjA7GG7QJOnCL4Vnc=

And I can debug an app without jailbreak by using idevicedebug, which also requires that a Developer Disk Image be mounted. So this seems a bug on Frida.

Most helpful comment

By the way, as you might be aware, that workaround bypasses the new lockdown integration and relies on the old way of doing things (modifying the app to add the gadget). This is because a remote server or gadget takes precedence – to preserve support for jailbroken devices, and to allow still using gadget the old way. (The long-term plan is to have the same kind of integration for Android, so modifying apps to add the gadget won't be necessary there either.)

All 3 comments

I have no idea why it works, but a workaround described below works for me.

  • on the iOS device, Settings -> Developer -> Clear Trusted Computers to untrust the paired Mac
  • then, execute ios-deploy -d -m -b Payload/gadgetinjected.app to spawn a FridaGadget-injected application, without re-pairing by idevicepair nor re-mounting Developers Disk Image by idebugimagemounter
  • and immediately after that frida -U -n Gadget to connect with the app

Cannot reproduce this issue on 12.4. (Note that most of the testing on the new lockdown integration has been done on 13.1 and 13.2.) I will close this as I cannot investigate; appreciate your help in figuring this out. (But if not we can ignore this issue as it will become irrelevant as older versions of iOS are no longer used.)

By the way, as you might be aware, that workaround bypasses the new lockdown integration and relies on the old way of doing things (modifying the app to add the gadget). This is because a remote server or gadget takes precedence – to preserve support for jailbroken devices, and to allow still using gadget the old way. (The long-term plan is to have the same kind of integration for Android, so modifying apps to add the gadget won't be necessary there either.)

Was this page helpful?
0 / 5 - 0 ratings

Related issues

koralaro picture koralaro  Â·  3Comments

asad0x01 picture asad0x01  Â·  4Comments

HamidZaeri picture HamidZaeri  Â·  3Comments

spacex97 picture spacex97  Â·  3Comments

ddzobov picture ddzobov  Â·  5Comments