DargonLee
Crashes for Apple system apps
Hi, I'm trying to use Lookin to inspect Apple system apps specifically (Apple Music, Reminders, etc.)
However, while your tweak works great for third-party apps (any downloaded from the App Store, or sideloaded), a crash occurs for all Apple system apps.
First things first, I had to pseudo-sign the LookinServer binary, otherwise I would get the following error in Console.app:
[Lookin] LookinLoader load failed:dlopen(/var/jb/Library/Application Support/LookinLoader/LookinServer.framework/LookinServer, 0x0002):
tried: '/var/jb/Library/Application Support/LookinLoader/LookinServer.framework/LookinServer' (code signature in <9440263C-E039-385A-
AF22-FDE805CE1444>
'/private/preboot/53AD1F8F07BBDDFEF1066972C087C46A71CBA6EDA5373DA2E359B6A591DB35AF1D78A9EB714724C19ED230D9A7DEE1A
5/dopamine-697V02/procursus/Library/Application Support/LookinLoader/LookinServer.framework/LookinServer' not valid for use in process:
mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.),
'/private/preboot/Cryptexes/OS/var/jb/Library/Application Support/LookinLoader/LookinServer.framework/LookinServer' (errno=2),
'/var/jb/Library/Application Support/LookinLoader/LookinServer.framework/LookinServer' (code signature in <9440263C-E039-385A-AF22-
FDE805CE1444>
'/private/preboot/53AD1F8F07BBDDFEF1066972C087C46A71CBA6EDA5373DA2E359B6A591DB35AF1D78A9EB714724C19ED230D9A7DEE1A
5/dopamine-697V02/procursus/Library/Ap<…>
Focus on the error message: not valid for use in process: mapped file has no cdhash, completely unsigned? Code has to be at least ad-hoc signed.
Then, following the iPhone Wiki's guide to bypass code signatures:
$ ssh mobile@<ios_device_ip_address>
$ sudo ldid -S /var/jb/Library/Application\ Support/LookinLoader/LookinServer.framework/LookinServer
I'm now able to inspect third-party apps:
Logs in Console.app:
default 10:53:14.929645+0100 Wipr [Lookin] Tweak loaded!
default 10:53:14.929738+0100 Wipr [Lookin] Enabled LookinLoader with com.giorgiocalderolla.Wipr
default 10:53:14.931719+0100 Wipr LookinServer - Will launch. Framework version: 1.2.8
default 10:53:14.932086+0100 Wipr [Lookin] LookinLoader loaded!
default 10:53:15.210294+0100 apsd Looking up connection on peer: e2e04aa0 found <private>
default 10:53:15.231899+0100 Wipr LookinServer - Searching port to listen...
default 10:53:15.231981+0100 Wipr LookinServer - Connected successfully on 127.0.0.1:47175
default 10:53:15.304721+0100 Wipr LookinServer - channel:[1-47175,Listening], acceptConnection:[2-0,Connected]
default 10:53:15.304799+0100 Wipr LookinServer - Ignore channel[1-47175,Listening] end.
default 10:53:15.521198+0100 apsd Looking up connection on peer: e2e04aa0 found <private>
However, for all Apple system apps, Lookin is able to "see" it, but the app crashes on my iPhone as soon as I attempt to connect:
Logs in Console.app:
default 10:51:49.427355+0100 Music [Lookin] Tweak loaded!
default 10:51:49.428040+0100 Music [Lookin] Enabled LookinLoader with com.apple.Music
default 10:51:49.430412+0100 Music LookinServer - Will launch. Framework version: 1.2.8
default 10:51:49.430768+0100 Music [Lookin] LookinLoader loaded!
default 10:51:49.971605+0100 Music LookinServer - Searching port to listen...
default 10:51:49.971663+0100 Music LookinServer - Connected successfully on 127.0.0.1:47175
default 10:51:50.457731+0100 Music LookinServer - channel:[1-47175,Listening], acceptConnection:[2-0,Connected]
default 10:51:50.457910+0100 Music LookinServer - Ignore channel[1-47175,Listening] end.
Any ideas what could be the root cause? Are you able to inspect Apple system apps on your iPhone 13 on iOS 15?
Thanks!
