Help/Support Crash while hooks MGCopyAnswer.

youngzzzzzzz · July 19, 2016

tested on iphone6s plus & iphone5s

I thought arm64 devices can not hook like this.

#import <CoreFoundation/CoreFoundation.h>
#import "substrate.h"
#import "libMobileGestalt.h"

CFPropertyListRef (*orig_MGCopyAnswer)(CFStringRef key);//hook MGCopyAnswer
CFPropertyListRef replace_MGCopyAnswer(CFStringRef key)
{
    NSLog(@"my hookfunction");
    return orig_MGCopyAnswer(key);
}

__attribute__((constructor)) static void initialize() {
    MSHookFunction(MGCopyAnswer,replace_MGCopyAnswer,&orig_MGCopyAnswer);
}

any ideas to hook MGCopyAnswer on arm64 devices??

Updated July 19, 2016 by youngzzzzzzz

July 19, 2016

I can hook stuff fine on my 5s

I know one instance where stuff will crash when hooked, when something that you are hooking doesn't exist. Can you see "my hookfunction" in syslog?

youngzzzzzzz · July 20, 2016

syslog of my iphone6s plus 9.0.2jb before crashed

[0;37mJul 20 17:14:49 iPhone[0;36m MobileSafari[20940][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction
[0;37mJul 20 17:14:49 iPhone[0;36m MobileSafari[20940][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction
[0;37mJul 20 17:14:49 iPhone[0;36m MobileSafari[20940][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction
[0;37mJul 20 17:14:49 iPhone[0;36m com.apple.xpc.launchd[1][m (UIKitApplication:com.apple.mobilesafari[0xaa3f][20940])[m <Notice>: Service exited due to signal: Illegal instruction: 4
[0;37mJul 20 17:14:49 iPhone[0;36m diagnosticd[177][2;31m <[0;31mError[2;31m>[0;37m:[m unable to find offset 0x9a7f3a5c in shared cache for arch 'arm64'
[0;37mJul 20 17:14:49 iPhone[0;36m SpringBoard[783][2;33m <[0;33mWarning[2;33m>[0;37m:[m Application 'UIKitApplication:com.apple.mobilesafari[0xaa3f]' crashed.

and my iphone5s 9.1jb

[0;37mJul 20 17:30:42 iPhone[0;36m MobileSafari[969][2;32m <[0;32mNotice[2;32m>[0;37m:[m MS:Notice: Injecting: com.apple.mobilesafari [MobileSafari] (1241.11)
[0;37mJul 20 17:30:42 iPhone[0;36m MobileSafari[969][2;32m <[0;32mNotice[2;32m>[0;37m:[m CoreFoundation = 1241.110000
[0;37mJul 20 17:30:42 iPhone[0;36m MobileSafari[969][2;32m <[0;32mNotice[2;32m>[0;37m:[m Could not match CoreFoundation = 1241.110000
[0;37mJul 20 17:30:42 iPhone[0;36m MobileSafari[969][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction
[0;37mJul 20 17:30:42 iPhone[0;36m MobileSafari[969][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction
[0;37mJul 20 17:30:42 iPhone[0;36m MobileSafari[969][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction
[0;37mJul 20 17:30:42 iPhone[0;36m diagnosticd[191][2;31m <[0;31mError[2;31m>[0;37m:[m error evaluating process info - pid: 969, puniqueid: 969
[0;37mJul 20 17:30:42 iPhone[0;36m com.apple.xpc.launchd[1][m (UIKitApplication:com.apple.mobilesafari[0x8cb0][969])[m <Notice>: Service exited due to signal: Illegal instruction: 4
[0;37mJul 20 17:30:42 iPhone[0;36m SpringBoard[779][2;33m <[0;33mWarning[2;33m>[0;37m:[m Application 'UIKitApplication:com.apple.mobilesafari[0x8cb0]' crashed.

Tweak.xm:

#import <CoreFoundation/CoreFoundation.h>
#import "substrate.h"
#import "MobileGestalt.h"

CFPropertyListRef (*orig_MGCopyAnswer)(CFStringRef key);//hook MGCopyAnswer
CFPropertyListRef replace_MGCopyAnswer(CFStringRef key)
{
    NSLog(@"my hookfunction");
    return orig_MGCopyAnswer(key);
}

__attribute__((constructor)) static void initialize() {
    MSHookFunction(MGCopyAnswer,replace_MGCopyAnswer,&orig_MGCopyAnswer);
}

makefile:

export ARCHS = armv7 arm64
export TARGET = iphone:clang:latest:8.0

include $(THEOS_MAKE_PATH)/common.mk

TWEAK_NAME = DemoTweak
DemoTweak_FILES = Tweak.xm
DemoTweak_LIBRARIES = flipswitch MobileGestalt
DemoTweak_LDFLAGS += -Wl,-segalign,4000
DemoTweak_CFLAGS = -Wno-c++11-extensions

include $(THEOS_MAKE_PATH)/tweak.mk
include $(THEOS_MAKE_PATH)/aggregate.mk

after-install::
	# install.exec "killall -9 SpringBoard"

any ideas?

Updated July 20, 2016 by youngzzzzzzz

July 20, 2016

syslog of my iphone6s plus 9.0.2jb before crashed

[0;37mJul 20 17:14:49 iPhone[0;36m MobileSafari[20940][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction[0;37mJul 20 17:14:49 iPhone[0;36m MobileSafari[20940][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction[0;37mJul 20 17:14:49 iPhone[0;36m MobileSafari[20940][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction[0;37mJul 20 17:14:49 iPhone[0;36m com.apple.xpc.launchd[1][m (UIKitApplication:com.apple.mobilesafari[0xaa3f][20940])[m <Notice>: Service exited due to signal: Illegal instruction: 4[0;37mJul 20 17:14:49 iPhone[0;36m diagnosticd[177][2;31m <[0;31mError[2;31m>[0;37m:[m unable to find offset 0x9a7f3a5c in shared cache for arch 'arm64'[m[0;37mJul 20 17:14:49 iPhone[0;36m SpringBoard[783][2;33m <[0;33mWarning[2;33m>[0;37m:[m Application 'UIKitApplication:com.apple.mobilesafari[0xaa3f]' crashed.

and my iphone5s 9.1jb
[0;37mJul 20 17:30:42 iPhone[0;36m MobileSafari[969][2;32m <[0;32mNotice[2;32m>[0;37m:[m MS:Notice: Injecting: com.apple.mobilesafari [MobileSafari] (1241.11)[0;37mJul 20 17:30:42 iPhone[0;36m MobileSafari[969][2;32m <[0;32mNotice[2;32m>[0;37m:[m CoreFoundation = 1241.110000[0;37mJul 20 17:30:42 iPhone[0;36m MobileSafari[969][2;32m <[0;32mNotice[2;32m>[0;37m:[m Could not match CoreFoundation = 1241.110000[0;37mJul 20 17:30:42 iPhone[0;36m MobileSafari[969][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction[0;37mJul 20 17:30:42 iPhone[0;36m MobileSafari[969][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction[0;37mJul 20 17:30:42 iPhone[0;36m MobileSafari[969][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction[0;37mJul 20 17:30:42 iPhone[0;36m diagnosticd[191][2;31m <[0;31mError[2;31m>[0;37m:[m error evaluating process info - pid: 969, puniqueid: 969[0;37mJul 20 17:30:42 iPhone[0;36m com.apple.xpc.launchd[1][m (UIKitApplication:com.apple.mobilesafari[0x8cb0][969])[m <Notice>: Service exited due to signal: Illegal instruction: 4[0;37mJul 20 17:30:42 iPhone[0;36m SpringBoard[779][2;33m <[0;33mWarning[2;33m>[0;37m:[m Application 'UIKitApplication:com.apple.mobilesafari[0x8cb0]' crashed.
Tweak.xm:
#import <CoreFoundation/CoreFoundation.h>#import "substrate.h"#import "MobileGestalt.h"CFPropertyListRef (*orig_MGCopyAnswer)(CFStringRef key);//hook MGCopyAnswerCFPropertyListRef replace_MGCopyAnswer(CFStringRef key){    NSLog(@"my hookfunction");    return orig_MGCopyAnswer(key);}__attribute__((constructor)) static void initialize() {    MSHookFunction(MGCopyAnswer,replace_MGCopyAnswer,&orig_MGCopyAnswer);}
makefile:
export ARCHS = armv7 arm64export TARGET = iphone:clang:latest:8.0include $(THEOS_MAKE_PATH)/common.mkTWEAK_NAME = DemoTweakDemoTweak_FILES = Tweak.xmDemoTweak_LIBRARIES = flipswitch MobileGestaltDemoTweak_LDFLAGS += -Wl,-segalign,4000DemoTweak_CFLAGS = -Wno-c++11-extensionsinclude $(THEOS_MAKE_PATH)/tweak.mkinclude $(THEOS_MAKE_PATH)/aggregate.mkafter-install::	# install.exec "killall -9 SpringBoard"
any ideas?

I highlighted the text that described the error and it was exactily what I thought

My guess is that you'll have to find another way to do this

Look:

[0;37mJul 20 17:14:49 iPhone[0;36m MobileSafari[20940][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction[0;37mJul 20 17:14:49 iPhone[0;36m MobileSafari[20940][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction[0;37mJul 20 17:14:49 iPhone[0;36m MobileSafari[20940][2;33m <[0;33mWarning[2;33m>[0;37m:[m my hookfunction[0;37mJul 20 17:14:49 iPhone[0;36m com.apple.xpc.launchd[1][m (UIKitApplication:com.apple.mobilesafari[0xaa3f][20940])[m <Notice>: Service exited due to signal: Illegal instruction: 4[0;37mJul 20 17:14:49 iPhone[0;36m diagnosticd[177][2;31m <[0;31mError[2;31m>[0;37m:[m unable to find offset 0x9a7f3a5c in shared cache for arch 'arm64'[0;37mJul 20 17:14:49 iPhone[0;36m SpringBoard[783][2;33m <[0;33mWarning[2;33m>[0;37m:[m Application 'UIKitApplication:com.apple.mobilesafari[0xaa3f]' crashed.

The best analogy I have to what your problem is is this: imagine you're making an app, and you call a method names "- (void)showAlert". But that method doesn't exist, and when you tap a button that is supposed to call that method, your app will crash. I'm pretty sure it's the same issue here, you are calling something that doesn't exist

Updated July 20, 2016 by Guest