Debugserver not work about electra HOT 26 CLOSED

You need to use jailbreakd_client to platformize debugserver

from electra.

@liuxuan30 ./jbdo ./debugserver 0.0.0.0:1234

sign debugserver with task_for_pid-allow entitlement + default ones

jbdo: https://0x0.st/sq2A.bin
code of jbdo at #53 (comment)

from electra.

if debugserver get killed, the pid is no longer valid? Can you explain more in suspended state? Thanks

from electra.

It's debugserver bug -- it can't listen on *. Listen on localhost/127.0.0.1 and use iproxy.

from electra.

I think it's not the listen address issue first? tried 127.0.0.1, same issue.

Xuans-iPhone:/bootstrap/usr root# ./debugserver 127.0.0.1:1234 /Applications/AppStore.app/AppStore
debugserver-@(#)PROGRAM:debugserver  PROJECT:debugserver-360.0.26.14
 for arm64.
error: failed to launch process ./debugserver: (os/kern) invalid argument
Exiting.

from electra.

I never tried to launch apps vie debug server, I've only attached to them. And I only got it working when using 127.0.0.1 and never with *.

from electra.

have you tried to attach AppStore?

Xuans-iPhone:/bootstrap/usr root# ps -ax|grep AppS
  144 ??         0:04.42 /System/Library/PrivateFrameworks/AppStoreDaemon.framework/appstored.bundle/appstored
 1216 ??         0:01.40 /Applications/AppStore.app/AppStore
 1226 ttys002    0:00.01 grep AppS
Xuans-iPhone:/bootstrap/usr root# ./debugserver 127.0.0.1:1234 -a 1216
debugserver-@(#)PROGRAM:debugserver  PROJECT:debugserver-360.0.26.14
 for arm64.
Attaching to process 1216...
error: failed to attach process 1216: (os/kern) invalid argument
Exiting.

from electra.

@coolstar thanks for the tip. May I ask more details? how to use it?

jailbreakd_client <1 | 2>
1 = entitle+platformize the target PID
2 = entitle+platformize the target PID and subsequently sent SIGCONT

since debugserver will be launched manually and exit almost immediately, how can I get the pid and run this client?

I have signed it as platform, why another platformize again here?

from electra.

As i know, when u just signed it as platform in entitlement xml is not full platformize, so u need to do it via jailbreakd client. u may write a program that spawn the debugserver and platformize it.

from electra.

Ah, lol, I thought you've entitled it and haven't even noticed you're trying to attach to platform binary

from electra.

@stek29 @holyswordman thank you guys. But could you tell me how to use this client? Still confused how to use this jailbreakd_client. This already a cli tool

and

haven't even noticed you're trying to attach to platform binary

What's the difference here?

from electra.

@liuxuan30 actually there's no difference with electra since it marks all apps as platform

from electra.

Thanks! I will give a try
but this is still missing usage of jailbreakd_client :)

from electra.

@liuxuan30 there's #53 for that :)

from electra.

oops sorry it's mistakenly closed.
@stek29 Sorry for very delayed reply. I tried jbdo to hook AppStore for example,
/usr/local/bin/jbdo /usr/local/bin/debugserver *:1234 -a 1367
however it just hangs. If try to connect from my mac,

(lldb) process connect connect://192.168.1.55:1234
error: Failed to connect port

I also tried to /electra/jailbreakd_client 1367 1 for AppStore, nothing help.
I think it's just jbdo stucks somewhere?

from electra.

jbdo needs to be rewritten for latest libjailbreak

from electra.

hey @stek29 @liuxuan30 did you get debugserver working as expected?

I am hitting the same issues as @liuxuan30.

from electra.

No.

from electra.

• Sign debugserver
• Start debugserver in suspended state (or just SIGKILL it quickly)
• Use jailbreakd_client to entitle debugserver pid
• SIGCONT debugserver

from electra.

A nice little article about this very topic:
https://kov4l3nko.github.io/blog/2018-03-18-my-experience-with-lldb-and-electra-jb/

from electra.

@rustymagnet3000 that would work, but opening two ssh tunnels seems a little complex to use. If we can connect directly is much easier.

from electra.

two ssh tunnels makes sense (one for lldb/gdb the other for ssh).

I spent all the effort creating a signed iOS Debugserver (the old way to get it working) and I just needed to use /Developer/usr/bin/debugserver

Wow. Electra is amazing!!

from electra.

I think you should close this ticket @liuxuan30

from electra.

not really. I'd prefer non-ssh way.

from electra.

Is there a guide to get this working for iOS 11.3.1? A simple step by step guide?

from electra.

@liuxuan30
I have the same problem.
error: failed to attach to process named: “” (os/kern) invalid argument
I download https://0x0.st/sq2a.bin, but is the content like this?
Process 17 stopped

• thread #1: tid = 17, 0x00007f13a56ad4a8, name = 'fhost'
  frame #0:
  Process 17 stopped
• thread #8: tid = 17, 0x00007f13877f5d90 fhostget(path='/sq2A.bin') + 27 at fhost.c:139, name = 'fhost/responder', stop reason = invalid address (fault address: 0x30) frame #0: 0x00007f13877f5d90 fhostget(path='/sq2A.bin') + 27 at fhost.c:139
  136 get(SrvContext *ctx, const char *path)
  137 {
  138 StoredObj *obj = ctx->store->query(shurl_debase(path));
  -> 139 switch (obj->type) {
  140 case ObjTypeFile:
  141 ctx->serve_file_id(obj->id);
  142 break;
  (lldb) q

The above discussion is not detailed enough, and there are many problems. Do you give detailed solutions?

from electra.