My tweak, ported from rootful and substrate, causes safe modes
Closed this issue · 1 comments
hacx commented
I updated my tweak to use @rpaths and it still references (optionally) to mobilesubtrate.
It works well in palera1n rootless but not on Dopamine.
It hooks several c functions in mediaserverd.
Users are experiencing a safe mode when the tweak loads. this is the crash report:
CrashReporter Key: 0147f2ab04213c7d57e422d09fe72e559741bbcd
Hardware Model: iPhone13,4
Process: mediaserverd [5212]
Path: /usr/sbin/mediaserverd
Identifier: mediaserverd
Version: ???
Code Type: ARM-64 (Native)
Role: Unspecified
Parent Process: launchd [1]
Coalition: com.apple.mediaserverd [592]
Date/Time: 2023-07-16 17:00:30.4134 +0300
Launch Time: 2023-07-16 17:00:29.9521 +0300
OS Version: iPhone OS 15.1.1 (19B81)
Release Type: User
Baseband Version: 2.11.04
Report Version: 104
Exception Type: EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000001, 0x00000001991c7384
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: SIGNAL 5 Trace/BPT trap: 5
Terminating Process: exc handler [5212]
Triggered by Thread: 0
Application Specific Information:
Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 libobjc.A.dylib
0x1991c7384 readClass(objc_class*, bool, bool) + 116
1 libobjc.A.dylib
0x1991c851c map_images_nolock + 3080
2 libobjc.A.dylib
0x1991c851c map_images_nolock + 3080
3 libobjc.A.dylib
0x1991c923c map_images + 88
4 dyld
0x104d102b8 dyld4::RuntimeState::notifyLoad(dyld3::Array<dyld4::Loader const*> const&) + 584
5 dyld
0x104d15b44 dyld4::APIs::dlopen_from(char const*, int, void*) + 496
6 libinjector.dylib
0x104ca3abc injection_init + 2040
7 dyld
0x104d14794 invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 164
8 dyld
0x104d48364 invocation function for block in dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 340
9 dyld
0x104d12490 invocation function for block in dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 532
10 dyld
0x104d11698 dyld3::MachOFile::forEachLoadCommand(Diagnostics&, void (load_command const*, bool&) block_pointer) const + 168
11 dyld
0x104d109f8 dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 192
12 dyld
0x104d1debc dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 516
13 dyld
0x104d1aa10 dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 172
14 dyld
0x104d163c4 dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&) const + 208
15 dyld
0x104d1c570 dyld4::Loader::runInitializersBottomUpPlusUpwardLinks(dyld4::RuntimeState&) const + 124
16 dyld
0x104d15b54 dyld4::APIs::dlopen_from(char const*, int, void*) + 512
17 systemhook.dylib
0x104c47490 initializer + 500
18 dyld
0x104d14794 invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 164
19 dyld
0x104d48364 invocation function for block in dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 340
20 dyld
0x104d12490 invocation function for block in dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 532
21 dyld
0x104d11698 dyld3::MachOFile::forEachLoadCommand(Diagnostics&, void (load_command const*, bool&) block_pointer) const + 168
22 dyld
0x104d109f8 dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 192
23 dyld
0x104d1debc dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 516
24 dyld
0x104d1aa10 dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 172
25 dyld
0x104d163c4 dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&) const + 208
26 dyld
0x104d1c570 dyld4::Loader::runInitializersBottomUpPlusUpwardLinks(dyld4::RuntimeState&) const + 124
27 dyld
0x104d3bd44 dyld4::APIs::runAllInitializersForMain() + 312
28 dyld
0x104d273ac dyld4::prepare(dyld4::APIs&, dyld3::MachOAnalyzer const*) + 2820
29 dyld
0x104d25a04 start + 488
Thread 0 crashed with ARM Thread State (64-bit):
x0: 0x0000000107f39ee0 x1: 0x0000000000000000 x2: 0x0000000000000000 x3: 0xfffffffffffffff6
x4: 0x0000000000000000 x5: 0x0000000000000000 x6: 0x0000000000000021 x7: 0x00000000000008f0
x8: 0x0000000107f21c48 x9: 0x000000016b202178 x10: 0x0000000000000006 x11: 0x0000000105c70000
x12: 0x0000000105c6c000 x13: 0x0000000000000066 x14: 0xe2d4577ee0bb8544 x15: 0x000067616e614d6e
x16: 0x00200001daa48160 x17: 0x00000001daa48160 x18: 0x0000000000000000 x19: 0x0000000107f39ee0
x20: 0x0000000000000000 x21: 0x0000000107f0d562 x22: 0x0000000000000000 x23: 0x0000000000000000
x24: 0x0000000000000000 x25: 0x0000000107f39ee8 x26: 0x0000000001120532 x27: 0x0000000107f39ee0
x28: 0x0000000000000006 fp: 0x000000016b2021a0 lr: 0xec195581991c851c
sp: 0x000000016b202150 pc: 0x00000001991c7384 cpsr: 0x20000000
far: 0x0000000107efcee0 esr: 0xf200c472 (Breakpoint) pointer authentication trap DA
Binary Images:
0x1991bc000 - 0x1991f5fff libobjc.A.dylib arm64e <10fa90c6dfe538aeb3dc2251181cc272> /usr/lib/libobjc.A.dylib
0x104d0c000 - 0x104d63fff dyld arm64e <c21dba379df93fc7b286734030e18bb1> /usr/lib/dyld
0x104c9c000 - 0x104ca3fff libinjector.dylib arm64e <5e17d7464bcc3356ad78321d55215bfc> /private/preboot/5A564AB6B67F73249711094FAA1C979FDD441F128A0E2EF535D5713F9F7A92BD2AFDAB32F6862A3587ADD8ECA5F649D9/jb-nJMZIL/procursus/usr/lib/ellekit/libinjector.dylib
0x104c40000 - 0x104c47fff systemhook.dylib arm64e <9bcc3df8d13230d1b4cc1cc5c0831ae4> /usr/lib/systemhook.dylib
EOF
Incident Identifier: 50D9A0C6-25E0-477D-A908-F36998F79996
CrashReporter Key: 0147f2ab04213c7d57e422d09fe72e559741bbcd
Hardware Model: iPhone13,4
Process: mediaserverd [5211]
Path: /usr/sbin/mediaserverd
Identifier: mediaserverd
Version: ???
Code Type: ARM-64 (Native)
Role: Unspecified
Parent Process: launchd [1]
Coalition: com.apple.mediaserverd [592]
Date/Time: 2023-07-16 17:00:24.9506 +0300
Launch Time: 2023-07-16 17:00:24.4799 +0300
OS Version: iPhone OS 15.1.1 (19B81)
Release Type: User
Baseband Version: 2.11.04
Report Version: 104
Exception Type: EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000001, 0x00000001991c7384
Exception Note: EXC_CORPSE_NOTIFY
Termination Reason: SIGNAL 5 Trace/BPT trap: 5
Terminating Process: exc handler [5211]
Triggered by Thread: 0
Application Specific Information:
Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 libobjc.A.dylib
0x1991c7384 readClass(objc_class*, bool, bool) + 116
1 libobjc.A.dylib
0x1991c851c map_images_nolock + 3080
2 libobjc.A.dylib
0x1991c851c map_images_nolock + 3080
3 libobjc.A.dylib
0x1991c923c map_images + 88
4 dyld
0x10484c2b8 dyld4::RuntimeState::notifyLoad(dyld3::Array<dyld4::Loader const*> const&) + 584
5 dyld
0x104851b44 dyld4::APIs::dlopen_from(char const*, int, void*) + 496
6 libinjector.dylib
0x1047dfabc injection_init + 2040
7 dyld
0x104850794 invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 164
8 dyld
0x104884364 invocation function for block in dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 340
9 dyld
0x10484e490 invocation function for block in dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 532
10 dyld
0x10484d698 dyld3::MachOFile::forEachLoadCommand(Diagnostics&, void (load_command const*, bool&) block_pointer) const + 168
11 dyld
0x10484c9f8 dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 192
12 dyld
0x104859ebc dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 516
13 dyld
0x104856a10 dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 172
14 dyld
0x1048523c4 dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&) const + 208
15 dyld
0x104858570 dyld4::Loader::runInitializersBottomUpPlusUpwardLinks(dyld4::RuntimeState&) const + 124
16 dyld
0x104851b54 dyld4::APIs::dlopen_from(char const*, int, void*) + 512
17 systemhook.dylib
0x104783490 initializer + 500
18 dyld
0x104850794 invocation function for block in dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 164
19 dyld
0x104884364 invocation function for block in dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 340
20 dyld
0x10484e490 invocation function for block in dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 532
21 dyld
0x10484d698 dyld3::MachOFile::forEachLoadCommand(Diagnostics&, void (load_command const*, bool&) block_pointer) const + 168
22 dyld
0x10484c9f8 dyld3::MachOFile::forEachSection(void (dyld3::MachOFile::SectionInfo const&, bool, bool&) block_pointer) const + 192
23 dyld
0x104859ebc dyld3::MachOAnalyzer::forEachInitializer(Diagnostics&, dyld3::MachOAnalyzer::VMAddrConverter const&, void (unsigned int) block_pointer, void const*) const + 516
24 dyld
0x104856a10 dyld4::Loader::findAndRunAllInitializers(dyld4::RuntimeState&) const + 172
25 dyld
0x1048523c4 dyld4::Loader::runInitializersBottomUp(dyld4::RuntimeState&, dyld3::Array<dyld4::Loader const*>&) const + 208
26 dyld
0x104858570 dyld4::Loader::runInitializersBottomUpPlusUpwardLinks(dyld4::RuntimeState&) const + 124
27 dyld
0x104877d44 dyld4::APIs::runAllInitializersForMain() + 312
28 dyld
0x1048633ac dyld4::prepare(dyld4::APIs&, dyld3::MachOAnalyzer const*) + 2820
29 dyld
0x104861a04 start + 488
Thread 0 crashed with ARM Thread State (64-bit):
x0: 0x0000000107ae5ee0 x1: 0x0000000000000000 x2: 0x0000000000000000 x3: 0xfffffffffffffff6
x4: 0x0000000000000000 x5: 0x0000000000000000 x6: 0x0000000000000021 x7: 0x00000000000008f0
x8: 0x0000000107acdc48 x9: 0x000000016b7c6178 x10: 0x0000000000000006 x11: 0x0000000104e9c000
x12: 0x0000000104e98000 x13: 0x0000000000000066 x14: 0xe2d4577ee0bb8544 x15: 0x000067616e614d6e
x16: 0x00200001daa48160 x17: 0x00000001daa48160 x18: 0x0000000000000000 x19: 0x0000000107ae5ee0
x20: 0x0000000000000000 x21: 0x0000000107ab9562 x22: 0x0000000000000000 x23: 0x0000000000000000
x24: 0x0000000000000000 x25: 0x0000000107ae5ee8 x26: 0x0000000001120532 x27: 0x0000000107ae5ee0
x28: 0x0000000000000006 fp: 0x000000016b7c61a0 lr: 0xd352e481991c851c
sp: 0x000000016b7c6150 pc: 0x00000001991c7384 cpsr: 0x20000000
far: 0x0000000107aa8ee0 esr: 0xf200c472 (Breakpoint) pointer authentication trap DA
Binary Images:
0x1991bc000 - 0x1991f5fff libobjc.A.dylib arm64e <10fa90c6dfe538aeb3dc2251181cc272> /usr/lib/libobjc.A.dylib
0x104848000 - 0x10489ffff dyld arm64e <c21dba379df93fc7b286734030e18bb1> /usr/lib/dyld
0x1047d8000 - 0x1047dffff libinjector.dylib arm64e <5e17d7464bcc3356ad78321d55215bfc> /private/preboot/5A564AB6B67F73249711094FAA1C979FDD441F128A0E2EF535D5713F9F7A92BD2AFDAB32F6862A3587ADD8ECA5F649D9/jb-nJMZIL/procursus/usr/lib/ellekit/libinjector.dylib
0x10477c000 - 0x104783fff systemhook.dylib arm64e <9bcc3df8d13230d1b4cc1cc5c0831ae4> /usr/lib/systemhook.dylib