Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to connect to the frida server: unexpected error while probing dyld of target process #1136

Open
imaverick1337 opened this issue Feb 27, 2025 · 2 comments
Open

Unable to connect to the frida server: unexpected error while probing dyld of target process #1136

imaverick1337 opened this issue Feb 27, 2025 · 2 comments

Comments

@imaverick1337
Copy link

frida is capable to list the device:

1757  Files                                  com.apple.DocumentsApp
1754  Find My                                com.apple.findmy
1797  MobileSMS                              com.apple.MobileSMS
2167  MobileSafari                           com.apple.mobilesafari
1795  Music                                  com.apple.Music
1690  Search                                 com.apple.Spotlight
2168  Settings                               com.apple.Preferences
1796  Tips                                   com.apple.tips
1794  TrollStore                             com.opa334.TrollStore
1756  Watch                                  com.apple.Bridge

But when I launch frida, following error occurs:
Image
@opa334
Copy link

opa334 commented Mar 6, 2025
edited
Loading

This is an issue with the code that seeks back from the pages starting at _dyld_start (

frida-core/src/darwin/frida-helper-backend-glue.m

Lines 1999 to 2015 in 9594e1a

dyld_header = 0;
dyld_granularity = 4096;
for (dyld_chunk = (dyld_start & (dyld_granularity - 1)) == 0 ? (dyld_start - dyld_granularity) : (dyld_start & ~(dyld_granularity - 1));
dyld_header == 0;
dyld_chunk -= dyld_granularity)
{
guint32 * magic;
magic = (guint32 *) gum_darwin_read (task, dyld_chunk, sizeof (magic), NULL);
if (magic == NULL)
goto dyld_probe_failed;
if (*magic == MH_MAGIC || *magic == MH_MAGIC_64)
dyld_header = dyld_chunk;
g_free (magic);
}
). Because on Dopamine 2.4+ dyld is merged together with the stock dyld and a custom dylib, there are three mach headers and the code finds the wrong one (it finds the first one going back, but it should find the last one going back). I have fixed this (in a currently unreleased build) by replacing the magics of the two wrong headers, which makes it work again, however I would argue that the logic is still wrong, it might be a better idea to get the dyld boundary using vm_recurse and then use the base from that.

@opa334 opa334 mentioned this issue Mar 6, 2025
Open
@imaverick1337
Copy link
Author

Thank you for the insights.

Initially i jailbreak with dopamine and was facing the above issue, jailbroke with winra1n and now frida is working fine.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@opa334 @imaverick1337