[bug] After patching ios app crashes #738
Description
Describe the bug
After running objection patchipa --source App.ipa --codesign-signature xxx and deploying using ios-deploy the app installs successfully but crashes on opening.
To Reproduce
Steps to reproduce the behavior:
- Run aforementioned command
- Run
unzip App-frida-codesigned.ipa - Run
ios-deploy --bundle Payload/App.app -W -d
Similar issues
Expected behavior
The app should launch normally with frida gadget
Evidence / Logs / Screenshots
Any output from objection, such as stack traces or errors that occurred. Be sure to run objection with the --debug flag so that errors from the agent are verbose enough to debug. For example:
XCode crash log:
Hardware Model: iPad12,1
Process: Suite [28083]
Path: /private/var/containers/Bundle/Application/82E982C3-77AA-402C-948E-6969D60B648B/Suite.app/Suite
Identifier: me.corruptionhades.TestProj
Version: 5.2.887 (887.0)
AppStoreTools: 16E137
Code Type: ARM-64 (Native)
Role: Foreground
Parent Process: launchd [1]
Coalition: me.corruptionhades.TestProj [7124]
Date/Time: 2025-05-30 13:35:04.1340 +0200
Launch Time: 2025-05-30 13:35:03.1755 +0200
OS Version: iPhone OS 18.4.1 (22E252)
Release Type: User
Report Version: 104
Exception Type: EXC_BAD_ACCESS (SIGKILL)
Exception Subtype: KERN_PROTECTION_FAILURE at 0x000000019c5cd254
Exception Codes: 0x0000000000000002, 0x000000019c5cd254
VM Region Info: 0x19c5cd254 is in 0x19c5cc000-0x19c5d0000; bytes after start: 4692 bytes before end: 11691
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
unused __TEXT 19c574000-19c5cc000 [ 352K] r-x/r-x SM=COW unused unknown system shared lib __TEXT
---> unused __DATA 19c5cc000-19c5d0000 [ 16K] rw-/rw- SM=COW unused unknown system shared lib __DATA
unused __TEXT 19c5d0000-19c5d6000 [ 24K] r-x/r-x SM=COW unused unknown system shared lib __TEXT
Termination Reason: CODESIGNING 2 Invalid Page
Triggered by Thread: 0
Kernel Triage:
VM - (arg = 0x0) CL -
Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 libsystem_c.dylib 0x19c5cd254 abort + 0
1 FridaGadget.dylib 0x109c2b89c 0x109be8000 + 276636
2 FridaGadget.dylib 0x109c26f28 0x109be8000 + 257832
3 FridaGadget.dylib 0x109c27500 0x109be8000 + 259328
4 FridaGadget.dylib 0x109bed788 0x109be8000 + 22408
5 FridaGadget.dylib 0x109c00b3c 0x109be8000 + 101180
6 dyld 0x1bb0416f4 invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 623
7 dyld 0x1bb03b2e0 invocation function for block in dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 323
8 dyld 0x1bb03ae08 invocation function for block in mach_o::Header::forEachSection(void (mach_o::Header::SectionInfo const&, bool&) block_pointer) const + 239
9 dyld 0x1bb03ab0c mach_o::Header::forEachLoadCommand(void (load_command const*, bool&) block_pointer) const + 207
10 dyld 0x1bb03a8dc mach_o::Header::forEachSection(void (mach_o::Header::SectionInfo const&, bool&) block_pointer) const + 123
11 dyld 0x1bb02371c dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 515
12 dyld 0x1bb0233a4 dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 175
13 dyld 0x1bb0255e8 dyld4::JustInTimeLoader::runInitializers(dyld4::RuntimeState&) const + 35
14 dyld 0x1bb021a3c dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&, dyld3::Array<dyld4::Loader const*>&) const + 307
15 dyld 0x1bb0219dc dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&, dyld3::Array<dyld4::Loader const*>&) const + 211
16 dyld 0x1bb046d88 dyld4::Loader::runInitializersBottomUpPlusUpwardLinks(dyld4::RuntimeState&) const::$_0::operator()() const + 179
17 dyld 0x1bb046c10 dyld4::Loader::runInitializersBottomUpPlusUpwardLinks(dyld4::RuntimeState&) const + 759
18 dyld 0x1bb0212a0 dyld4::APIs::runAllInitializersForMain() + 291
19 dyld 0x1bb040ccc dyld4::prepare(dyld4::APIs&, mach_o::Header const*) + 3255
20 dyld 0x1bb063114 dyld4::start(dyld4::KernelArgs*, void*, void*)::$_0::operator()() const + 235
21 dyld 0x1bb02b9e4 start + 5719
Thread 1 name: frida-gadget
Thread 1:
0 libsystem_kernel.dylib 0x1e5196768 kevent + 8
1 FridaGadget.dylib 0x109dbb16c 0x109be8000 + 1913196
2 FridaGadget.dylib 0x109dba38c 0x109be8000 + 1909644
3 FridaGadget.dylib 0x109dba5a0 0x109be8000 + 1910176
4 FridaGadget.dylib 0x109c00c20 0x109be8000 + 101408
5 FridaGadget.dylib 0x109dc9e64 0x109be8000 + 1973860
6 libsystem_pthread.dylib 0x21ea5fafc _pthread_start + 135
7 libsystem_pthread.dylib 0x21ea5fa04 thread_start + 7
Thread 0 crashed with ARM Thread State (64-bit):
x0: 0x0000000000000000 x1: 0x0000000000004000 x2: 0x0000000000000005 x3: 0x0000000000000001
x4: 0x00000e1500000000 x5: 0x0000060700000000 x6: 0x000000000000002c x7: 0x0000000000000000
x8: 0x0000000000000002 x9: 0x0000000000004000 x10: 0x000000019c568000 x11: 0x0000000000000005
x12: 0x0000000000000203 x13: 0x000000020017e000 x14: 0x0000000000000000 x15: 0x0000000000000000
x16: 0x000000019c5cd254 x17: 0x000000010ad881c0 x18: 0x0000000000000000 x19: 0x0000000106fdc830
x20: 0x0000000106fddd40 x21: 0x0000000106fc3f60 x22: 0x0000000000000000 x23: 0x0000000000004000
x24: 0x0000000106fded80 x25: 0x0000000106fead00 x26: 0x0000000000000000 x27: 0x0000000109c283e4
x28: 0x0000000106fddd40 fp: 0x000000016da7f8f0 lr: 0x0000000109c2b89c
sp: 0x000000016da7f8f0 pc: 0x000000019c5cd254 cpsr: 0x20000000
far: 0x000000019c5cd254 esr: 0x8200000f (Instruction Abort) Permission fault
Binary Images:
0x102378000 - 0x1050bffff Suite arm64 <6007346023af38cdaf01251c95177595> /var/containers/Bundle/Application/82E982C3-77AA-402C-948E-6969D60B648B/Suite.app/Suite
0x106e00000 - 0x106e07fff MDFInternationalization arm64 <5e50f912c6683659bcdb6dc124077536> /private/var/containers/Bundle/Application/82E982C3-77AA-402C-948E-6969D60B648B/Suite.app/Frameworks/MDFInternationalization.framework/MDFInternationalization
0x106e18000 - 0x106e1ffff MDFTextAccessibility arm64 <306b60f142603222aa2d9a727249f1e7> /private/var/containers/Bundle/Application/82E982C3-77AA-402C-948E-6969D60B648B/Suite.app/Frameworks/MDFTextAccessibility.framework/MDFTextAccessibility
0x107330000 - 0x1074a7fff MaterialComponents arm64 <65ad36ae78593f28878e0160f8ba565f> /private/var/containers/Bundle/Application/82E982C3-77AA-402C-948E-6969D60B648B/Suite.app/Frameworks/MaterialComponents.framework/MaterialComponents
0x106e54000 - 0x106e5ffff MotionAnimator arm64 <f08f669e7ff23427aa50fde10cd56be2> /private/var/containers/Bundle/Application/82E982C3-77AA-402C-948E-6969D60B648B/Suite.app/Frameworks/MotionAnimator.framework/MotionAnimator
0x106f18000 - 0x106f1ffff MotionInterchange arm64 <0565dd8b039134b3837aec9e2c69ed52> /private/var/containers/Bundle/Application/82E982C3-77AA-402C-948E-6969D60B648B/Suite.app/Frameworks/MotionInterchange.framework/MotionInterchange
0x107004000 - 0x107023fff pop arm64 <750417c061f53177b07ce561cee6612d> /private/var/containers/Bundle/Application/82E982C3-77AA-402C-948E-6969D60B648B/Suite.app/Frameworks/pop.framework/pop
0x1070f4000 - 0x10714bfff UILibrary arm64 <ee993d99594a3ac3965d9cb8e848493d> /private/var/containers/Bundle/Application/82E982C3-77AA-402C-948E-6969D60B648B/Suite.app/Frameworks/UILibrary.framework/UILibrary
0x109be8000 - 0x10ad87fff FridaGadget.dylib arm64e <d957eed7d40f30c98bb7849eed00e207> /private/var/containers/Bundle/Application/82E982C3-77AA-402C-948E-6969D60B648B/Suite.app/Frameworks/FridaGadget.dylib
0x19c556000 - 0x19c5d58b7 libsystem_c.dylib arm64e <027de04c2929357bb6a3701405aab6be> /usr/lib/system/libsystem_c.dylib
0x1bb01b000 - 0x1bb0b5013 dyld arm64e <189fe4805d5b3b89928958bc88624420> /usr/lib/dyld
0x0 - 0xffffffffffffffff ??? unknown-arch <00000000000000000000000000000000> ???
0x1e518f000 - 0x1e51c8b77 libsystem_kernel.dylib arm64e <9d196db4701331768c025b4c68701c92> /usr/lib/system/libsystem_kernel.dylib
0x21ea5e000 - 0x21ea6a3fb libsystem_pthread.dylib arm64e <00306a1f11183f8690bdd18b5ed5409f> /usr/lib/system/libsystem_pthread.dylib
EOF
Environment (please complete the following information):
- Device: Ipad
- OS: Macos
- Frida Version Latest
- Objection Version Latest
Could be frida problem