Add my customer method in iMoUnBox/IMDelegate.m daemon open source will crash the device


#1

Dear iOSRE community,

Please help me! here is the open source url:

Device: iphone 8.1.2, jailbreak

I facing an issues which is when I add a customer method “contentsOfFile” it will crash the device (springboard, backboardd, assitivetouch…)

IMClient.m

- (NSDictionary *)contentsOfFile:(NSString *)file
{
	if (file == nil) {
		return nil;
	}

	NSMutableDictionary *info = [[NSMutableDictionary alloc] init];
	[info setObject:file forKey:@"NSTargetFile"];
	NSDictionary *reply = [center sendMessageAndReceiveReplyName:@"com.imokhles.nosand.contents" userInfo:info];
	[info release];
	NSDictionary *result = [reply objectForKey:@"NSContents"];
	return result;
}

IMDelegate.m

 else if ([name isEqualToString:@"com.imokhles.nosand.contents"]) {
		NSDictionary *contents = [[NSDictionary alloc] initWithContentsOfFile: targetFile];
		if (contents) {
			[result setObject:contents forKey:@"NSContents"];
		}
		[contents release];
	}

I hook a low-level method. If the daemon still not loading that the device will not crash, only show null return, which very make sense to me, because IMServer and Delegate still not running.

Dec  1 10:09:54 iPhone MobileMail[1900]: MS:Warning: nil class argument for selector applicationDidFinishLaunching:
Dec  1 10:09:54 iPhone MobileMail[1900]: TWEAK!!! Retrieve fake data closestDate!!!!!: :::0
Dec  1 10:09:54 iPhone MobileMail[1900]: retrieveValue From IMClient!!!: (null)
Dec  1 10:09:54 iPhone MobileMail[1900]: TWEAK!!! Retrieve fake data closestDate!!!!!: :::0
Dec  1 10:09:54 iPhone MobileMail[1900]: retrieveValue From IMClient!!!: (null)
Dec  1 10:09:54 iPhone MobileMail[1900]: assertion failed: 12B440: libxpc.dylib + 71820 [A4F17798-F3DE-3FBC-85E3-F569762F0EB9]: 0x7d
Dec  1 10:09:54 iPhone Unknown[1900]:
Dec  1 10:09:54 iPhone MobileMail[1900]: TWEAK!!! Retrieve fake data closestDate!!!!!: :::0
Dec  1 10:09:54 iPhone MobileMail[1900]: retrieveValue From IMClient!!!: (null)
Dec  1 10:09:54 iPhone assistivetouchd[1889]: TWEAK!!! Retrieve fake data closestDate!!!!!: :::0
Dec  1 10:09:54 iPhone assistivetouchd[1889]: retrieveValue From IMClient!!!: (null)
Dec  1 10:09:54 iPhone assistivetouchd[1889]: TWEAK!!! Retrieve fake data closestDate!!!!!: :::0
Dec  1 10:09:54 iPhone assistivetouchd[1889]: retrieveValue From IMClient!!!: (null)
Dec  1 10:09:54 iPhone MobileMail[1900]: TWEAK!!! Retrieve fake data closestDate!!!!!: :::0
Dec  1 10:09:54 iPhone assistivetouchd[1889]: TWEAK!!! Retrieve fake data closestDate!!!!!: :::0
Dec  1 10:09:54 iPhone MobileMail[1900]: retrieveValue From IMClient!!!: (null)
Dec  1 10:09:54 iPhone assistivetouchd[1889]: retrieveValue From IMClient!!!: (null)
Dec  1 10:09:54 iPhone assistivetouchd[1889]: TWEAK!!! Retrieve fake data closestDate!!!!!: :::0
Dec  1 10:09:54 iPhone assistivetouchd[1889]: retrieveValue From IMClient!!!: (null)
Dec  1 10:09:54 iPhone assistivetouchd[1889]: TWEAK!!! Retrieve fake data closestDate!!!!!: :::0
Dec  1 10:09:54 iPhone MobileMail[1900]: TWEAK!!! Retrieve fake data closestDate!!!!!: :::0
Dec  1 10:09:54 iPhone assistivetouchd[1889]: retrieveValue From IMClient!!!: (null)
Dec  1 10:09:54 iPhone MobileMail[1900]: retrieveValue From IMClient!!!: (null)
Dec  1 10:09:54 iPhone MobileMail[1900]: TWEAK!!! Retrieve fake data closestDate!!!!!: :::0
Dec  1 10:09:54 iPhone assistivetouchd[1889]: TWEAK!!! Retrieve fake data closestDate!!!!!: :::0

Acctually, I have question about why daemon keep busy calling my hook method. Because usually the device system only calling my hook method depend on special action, such as activate a app. But if daemon is running then the hook method will very frequently be called. Not like normal original usage scenario.

After I launchctl load /Library/LaunchDaemons/com.imokhles.nosandxdlaunch.plist, the daemon will successfully get the content of file, but device will start crazily keeping calling hook method, then becode blue screen.

Below is the crash error log, there are too many lines, so I only show few point, others log are attach
here:

syslog.txt
syslog.txt (308.0 KB)

What I observed the log is that after the daemon load, device will automatically respring, and the assistivetouchd, backboardd, springboard will try to wake up, but couldn’t success, because the hook function keep be calling by the daemon. But the real reason I really can’t find out. My - (NSDictionary *)contentsOfFile:(NSString *)file function are normaly declare a dictionary and release it after usage.

Could you give me some advise or solution?

Question1. Why daemon will so frequently calling my hook method?

Question2. Why daemon will crash my device after I add my custom method?

Dec  1 10:36:05 iPhone com.apple.xpc.launchd[1] (com.apple.ReportCrash): Service only ran for 0 seconds. Pushing respawn out by 10 seconds.
Dec  1 10:36:05 iPhone aggregated[48]: Connection interrupted!
Dec  1 10:36:05 iPhone SpringBoard[2204]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/WatchDog.dylib
Dec  1 10:36:05 iPhone SpringBoard[2204]: MS:Warning: message not found [SBApplication supportsLocalNotifications]
Dec  1 10:36:05 iPhone SpringBoard[2204]: MS:Warning: message not found [SBPushStore allLocalNotificationEnabledBundleIDs]
Dec  1 10:36:05 iPhone SpringBoard[2204]: MS:Warning: message not found [LSApplicationProxy _un_usesLocalNotification]
Dec  1 10:36:05 iPhone SpringBoard[2204]: MS:Warning: message not found [LSApplicationProxy un_requiresLocalNotification]
Dec  1 10:36:05 iPhone SpringBoard[2204]: MS:Warning: message not found [LSApplicationProxy un_shouldUseDefaultDataProvider]
Dec  1 10:36:05 iPhone SpringBoard[2204]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/mytesttweakTweak.dylib
Dec  1 10:36:06 iPhone assistivetouchd[2156]: |AXIPC|warning| Could not find server for service: com.apple.accessibility.AXSpringBoardServer
Dec  1 10:36:06 iPhone assistivetouchd[2156]: |warning| AX SpringBoardServer: Error: Error Domain=AXIPC Code=0 "The operation couldn’t be completed. Could not find server for service: com.apple.accessibility.AXSpringBoardServer" UserInfo=0x12ed8cfa0 {NSLocalizedFailureReason=Could not find server for service: com.apple.accessibility.AXSpringBoardServer}
Dec  1 10:36:07 iPhone assistivetouchd[2156]: |AXIPC|warning| Could not find server for service: com.apple.accessibility.AXSpringBoardServer
Dec  1 10:36:07 iPhone assistivetouchd[2156]: |warning| AX SpringBoardServer: Error: Error Domain=AXIPC Code=0 "The operation couldn’t be completed. Could not find server for service: com.apple.accessibility.AXSpringBoardServer" UserInfo=0x12ee538c0 {NSLocalizedFailureReason=Could not find server for service: com.apple.accessibility.AXSpringBoardServer}
Dec  1 10:36:08 iPhone CLTM[46]: CLTM: Could not get event from temperature service
Dec  1 10:36:08: --- last message repeated 20 times ---
Dec  1 10:36:08 iPhone assistivetouchd[2156]: |AXIPC|warning| Could not find server for service: com.apple.accessibility.AXSpringBoardServer
Dec  1 10:36:08 iPhone assistivetouchd[2156]: |warning| AX SpringBoardServer: Error: Error Domain=AXIPC Code=0 "The operation couldn’t be completed. Could not find server for service: com.apple.accessibility.AXSpringBoardServer" UserInfo=0x12ed8d580 {NSLocalizedFailureReason=Could not find server for service: com.apple.accessibility.AXSpringBoardServer}
Dec  1 10:36:09 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 0/28 Register ID:100000260
Dec  1 10:36:09 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 1/28 Register ID:1000001e5
Dec  1 10:36:09 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 2/28 Register ID:100000252
Dec  1 10:36:09 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 3/28 Register ID:1000001df
Dec  1 10:36:09 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 4/28 Register ID:100000244
......continue
ID:1000001e0
Dec  1 10:36:09 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 25/28 Register ID:1000001f3
Dec  1 10:36:09 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 26/28 Register ID:100000258
Dec  1 10:36:09 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 27/28 Register ID:1000001dd
Dec  1 10:36:09 iPhone assistivetouchd[2156]: |AXIPC|warning| Could not find server for service: com.apple.accessibility.AXSpringBoardServer
Dec  1 10:36:09 iPhone assistivetouchd[2156]: |warning| AX SpringBoardServer: Error: Error Domain=AXIPC Code=0 "The operation couldn’t be completed. Could not find server for service: com.apple.accessibility.AXSpringBoardServer" UserInfo=0x12ee54630 {NSLocalizedFailureReason=Could not find server for service: com.apple.accessibility.AXSpringBoardServer}
Dec  1 10:36:09 iPhone backboardd[2208]: MS:Notice: Injecting: com.apple.backboardd [backboardd] (1141.16)
Dec  1 10:36:09 iPhone backboardd[2208]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/FastCam.dylib
Dec  1 10:36:09 iPhone backboardd[2208]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/SimulateTouch.dylib
Dec  1 10:36:09 iPhone backboardd[2208]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/mytesttweakTweak.dylib
Dec  1 10:36:09 iPhone backboardd[2208]: MS:Warning: nil class argument for selector applicationDidFinishLaunching:
Dec  1 10:36:09 iPhone backboardd[2208]: TWEAK!!! Retrieve fake data closestDate!!!!!: 2017-11-30 15:54:51:::1512028491
Dec  1 10:36:09 iPhone backboardd[2208]: retrieveValue From IMClient!!!: {
	    "Data List" =     {
	        type = ipad;
	    };
	}
Dec  1 10:36:09 iPhone backboardd[2208]: TWEAK!!! Retrieve fake data closestDate!!!!!: 2017-11-30 15:54:51:::1512028491
Dec  1 10:36:09 iPhone backboardd[2208]: retrieveValue From IMClient!!!: {
	    "Data List" =     {
	        type = ipad;
	    };
	}
Dec  1 10:36:09 iPhone backboardd[2208]: TWEAK!!! Retrieve fake data closestDate!!!!!: 2017-11-30 15:54:51:::1512028491
Dec  1 10:36:09 iPhone backboardd[2208]: retrieveValue From IMClient!!!: {
	    "Data List" =     {
	        type = ipad;
	    };
	}
Dec  1 10:36:19 iPhone assistivetouchd[2156]: |warning| AX SpringBoardServer: Error: Error Domain=AXIPC Code=0 "The operation couldn’t be completed. Could not find server for service: com.apple.accessibility.AXSpringBoardServer" UserInfo=0x12ed8f310 {NSLocalizedFailureReason=Could not find server for service: com.apple.accessibility.AXSpringBoardServer}
Dec  1 10:36:19 iPhone aggregated[48]: The IOHIDEventSystemServer died. Reestablishing connection.
Dec  1 10:36:19 iPhone backboardd[2224]: MS:Notice: Injecting: com.apple.backboardd [backboardd] (1141.16)
Dec  1 10:36:20 iPhone backboardd[2224]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/FastCam.dylib
Dec  1 10:36:20 iPhone backboardd[2224]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/SimulateTouch.dylib
Dec  1 10:36:20 iPhone backboardd[2224]: MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/mytesttweakTweak.dylib
Dec  1 10:36:20 iPhone backboardd[2224]: MS:Warning: nil class argument for selector applicationDidFinishLaunching:
Dec  1 10:36:20 iPhone backboardd[2224]: TWEAK!!! Retrieve fake data closestDate!!!!!: 2017-11-30 15:54:51:::1512028491
Dec  1 10:36:20 iPhone backboardd[2224]: retrieveValue From IMClient!!!: {
	    "Data List" =     {
	        type = ipad;
	    };
	}
Dec  1 10:36:20 iPhone backboardd[2224]: TWEAK!!! Retrieve fake data closestDate!!!!!: 2017-11-30 15:54:51:::1512028491
Dec  1 10:36:20 iPhone backboardd[2224]: retrieveValue From IMClient!!!: {
	    "Data List" =     {
	        type = ipad;
	    };
	}
Dec  1 10:36:20 iPhone backboardd[2224]: TWEAK!!! Retrieve fake data closestDate!!!!!: 2017-11-30 15:54:51:::1512028491
Dec  1 10:36:20 iPhone backboardd[2224]: retrieveValue From IMClient!!!: {
	    "Data List" =     {
	        type = ipad;
	    };
	}
Dec  1 10:34:08 iPhone com.apple.xpc.launchd[1] (com.apple.xpc.launchd.domain.system): Service "com.apple.SpringBoard" tried to hijack endpoint "com.apple.incoming-call-filter-server" from owner: com.apple.imagent
Dec  1 10:34:08 iPhone SpringBoard[2065]: Unable to load plugin bundle NSBundle </System/Library/SpringBoardPlugins/Sharing.servicebundle> (not yet loaded): Error Domain=NSCocoaErrorDomain Code=3588 "The bundle �~@~\Sharing�~@~] couldn�~@~Yt be loaded." (image not already loaded) UserInfo=0x170e69800 {NSLocalizedFailureReason=The bundle couldn�~@~Yt be loaded., NSLocalizedRecoverySuggestion=Try reinstalling the bundle., NSFilePath=/System/Library/SpringBoardPlugins/Sharing.servicebundle/Sharing, NSDebugDescription=image not already loaded, NSBundlePath=/System/Library/SpringBoardPlugins/Sharing.servicebundle, NSLocalizedDescription=The bundle �~@~\Sharing�~@~] couldn�~@~Yt be loaded.}
Dec  1 10:34:08 iPhone SpringBoard[2065]: Unable to load plugin bundle NSBundle </System/Library/SpringBoardPlugins/WiFiPicker.servicebundle> (not yet loaded): Error Domain=NSCocoaErrorDomain Code=3588 "The bundle �~@~\WiFiPicker�~@~] couldn�~@~Yt be loaded." (image not already loaded) UserInfo=0x174e6b440 {NSLocalizedFailureReason=The bundle couldn�~@~Yt be loaded., NSLocalizedRecoverySuggestion=Try reinstalling the bundle., NSFilePath=/System/Library/SpringBoardPlugins/WiFiPicker.servicebundle/WiFiPicker, NSDebugDescription=image not already loaded, NSBundlePath=/System/Library/SpringBoardPlugins/WiFiPicker.servicebundle, NSLocalizedDescription=The bundle �~@~\WiFiPicker�~@~] couldn�~@~Yt be loaded.}
Dec  1 10:34:08 iPhone kernel[0]: xpcproxy[2080] Container: /private/var/mobile/Containers/Data/Application/71BCCACE-9DC4-4122-8DA6-45F942A9E017 (sandbox)
Dec  1 10:34:08 iPhone MobileMail[2080]: assertion failed: 12B440: libxpc.dylib + 71820 [A4F17798-F3DE-3FBC-85E3-F569762F0EB9]: 0x7d
Dec  1 10:36:29 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 21/28 Register ID:100000271
Dec  1 10:36:29 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 22/28 Register ID:100000284
Dec  1 10:36:29 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 23/28 Register ID:100000250
Dec  1 10:36:29 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 24/28 Register ID:1000001e0
Dec  1 10:36:29 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 25/28 Register ID:1000001f3
Dec  1 10:36:29 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 26/28 Register ID:100000258
Dec  1 10:36:29 iPhone CLTM[46]: CLTM: Cannot get HID Property from pUsage 27/28 Register ID:1000001dd
Dec  1 10:36:29 iPhone assistivetouchd[2156]: |AXIPC|warning| Could not find server for service: com.apple.accessibility.AXSpringBoardServer
Dec  1 10:36:29 iPhone assistivetouchd[2156]: |warning| AX SpringBoardServer: Error: Error Domain=AXIPC Code=0 "The operation couldn’t be completed. Could not find server for service: com.apple.accessibility.AXSpringBoardServer" UserInfo=0x12ee59390 {NSLocalizedFailureReason=Could not find server for service: com.apple.accessibility.AXSpringBoardServer}

#2

what the fuck!!!


#3

??? what happens