Undecimus: cynject (and thus cycript) is broken on iOS 12
Describe the bug
cynject crashes target process
**To Reproduce
cynject pid dylib
Device (please complete the following information):
- iOS Version: 12.1.1
- iOS Device: iPad Air 2
- unc0ver Version: all of them
Place an "x" between the brackets if true:
- [x] this is a bug others will be able to reproduce
- [x] this issue is present with all tweaks uninstalled(except for default packages) or disabled
- [x] this issue is present after a rootfs restore
- [x] this issue is present on the latest version of unc0ver
Logs
From cycript:
[2892] DarwinInjector.cpp[246]: _krncall(mach_vm_read_overwrite) =4
Crash log:
Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x00000000000000a6
jakeajames
All 16 comments
206 (Repurposed issue because people were commenting.)
Cryptiiiic
on 8 Mar 2019
This guy here on reddit claims that he is being able to run cycript on ios12. Do you think he is legit?
@Cryptiiiic @jakeajames
scugn1zz0
on 20 Mar 2019
@scugn1zz0 he's using tweak mode, not runtime injection
jakeajames
on 24 Mar 2019
Hi there,
I used to install cycript deb on iOS11 with unc0ver before 3.0, at that time, I have to resign cycript binary to add platform-application, and it works well.
However, on iOS12 and unc0ver 3.0.1, I found that my resigned cycript always get Killed -9, but the cycript in the deb can be directly running, however, if tries to hook Springboard, it will hang, and if you terminate the hang and rerun, cycript will crash:
iOS12:~ root# cycript -p 308 // hangs
^C
iOS12:~ root# cycript -p 308
[735] DarwinInjector.cpp[246]: _krncall(mach_vm_read_overwrite) =4
*** _assert(status == 0):../Inject.cpp(143):InjectLibrary
Is any recent changes lead to this symptom? @pwn20wndstuff
liuxuan30
on 23 May 2019
@pwn20wndstuff Any update?
krisanovdev
on 4 Sep 2019
Hopefully this gets worked on now.
aarivex
on 13 Sep 2019
The substitute version of unc0ver will have a fix
Il giorno venerdì 13 settembre 2019, aarivex notifications@github.com ha
scritto:
Hopefully this gets worked on now.
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/pwn20wndstuff/Undecimus/issues/685?email_source=notifications&email_token=AE5VP6OXIZEAZ2LOPAXQTS3QJPM6JA5CNFSM4G3UIVWKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD6V3NDI#issuecomment-531347085,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AE5VP6JRBCBDEFEMQYX6GWTQJPM6JANCNFSM4G3UIVWA
.
jakeajames
on 13 Sep 2019
Is this fixed with 3.7.0~b1?
cakarlen
on 22 Sep 2019
I don't think there is cynject, but there is a dylib injector, I'll see if
I can make a dummy cynject on top on this
Il giorno domenica 22 settembre 2019, cakarlen notifications@github.com
ha scritto:
Is this fixed with 3.7.0~b1?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/pwn20wndstuff/Undecimus/issues/685?email_source=notifications&email_token=AE5VP6MYP5OY7LQCBDOYO4TQK7I5RA5CNFSM4G3UIVWKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOD7JOTTQ#issuecomment-533916110,
or mute the thread
https://github.com/notifications/unsubscribe-auth/AE5VP6IECGZIUMZRG4YPACTQK7I5RANCNFSM4G3UIVWA
.
jakeajames
on 23 Sep 2019
Thanks! Would be amazing.
aarivex
on 23 Sep 2019
any good news now?
liuxuan30
on 25 Nov 2019
Hi there, I notce today Substrate has an update 0.9.7100-b6, which saying fixes cynject on iOS12/13.
I tried cycript on iOS 12.0.1 today, still,
iOS:~ root# ps -ax|grep AppStore
666 ?? 0:00.95 /System/Library/PrivateFrameworks/AppStoreDaemon.framework/Support/appstored
1303 ?? 0:00.84 /Applications/AppStore.app/AppStore
1305 ttys000 0:00.01 grep AppS
iOS:~ root# cycript -p 1303
[1311] _krncall(task_for_pid) =5
[1311] MachObject.cpp[108]: _krncall(task_info) =10000003
[1311] DarwinInjector.cpp[73]: _assert(MSGetTaskInfo(info, task))[DarwinInjector.cpp:73]
*** _assert(status == 0):../Inject.cpp(143):InjectLibrary
What extra work is needed for cycript to work?
liuxuan30
on 7 Jan 2020
Cycript works fine after the latest update for me. Make sure to install cycript from Elecubratus.
jakeajames
on 7 Jan 2020
@jakeajames thanks! will do. BTW, what's the difference for Elecubratus and saurik?
liuxuan30
on 9 Jan 2020
Did you update substrate
Il giorno mercoledì 12 febbraio 2020, Xuan notifications@github.com ha
scritto:
@jakeajames https://github.com/jakeajames I found that installing
cycript from https://apt.bingner.com/ on unc0ver still don't work.
However, cycript works on checkra1n...Do you know what's wrong?
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
https://github.com/pwn20wndstuff/Undecimus/issues/685?email_source=notifications&email_token=AE5VP6KXFEK7TVMWNSBQUC3RCNUPNA5CNFSM4G3UIVWKYY3PNVWWK3TUL52HS4DFVREXG43VMVBW63LNMVXHJKTDN5WW2ZLOORPWSZGOELPITQA#issuecomment-585009600,
or unsubscribe
https://github.com/notifications/unsubscribe-auth/AE5VP6LICRVEXSSQGZNYWCDRCNUPNANCNFSM4G3UIVWA
.
jakeajames
on 12 Feb 2020
@jakeajames I manually download the cycript deb from Elecubratus and install, it works on unc0ver then. I wonder why installing from Elecubratus via Cydia couldn't work.
liuxuan30
on 14 Feb 2020
Related issues
soum91
·
3Comments
JBL1503
·
3Comments
olibub
·
3Comments
ghost
·
3Comments
gbm777
·
3Comments
Most helpful comment
I don't think there is cynject, but there is a dylib injector, I'll see if
I can make a dummy cynject on top on this
Il giorno domenica 22 settembre 2019, cakarlen notifications@github.com
ha scritto: