Undecimus: debugserver crash Killed: 9

Device: iPhone9,3 (iPhone 7) 128GB iOS: 12.0.1 unc0ver: 3.0.0~b32

Extraction of debugserver:

  • hdiutil attach /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/12.0/DeveloperDiskImage.dmg
  • cp /Volumes/DeveloperDiskImage/usr/bin/debugserver ./
  • codesign -s - --entitlements entitlements.plist -f debugserver
  • scp ./debugserver root@10.0.1.7:/usr/bin/

Entitlements:

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/ PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>platform-application</key>
    <true/>
    <key>get-task-allow</key>
    <true/>
    <key>task_for_pid-allow</key>
    <true/>
    <key>com.apple.backboardd.debugapplications</key>
    <true/>
    <key>com.apple.springboard.debugapplications</key>
    <true/>
    <key>run-unsigned-code</key>
    <true/>
    <key>com.apple.private.librarian.can-get-application-info</key>
    <true/>
    <key>com.apple.private.mobileinstall.allowedSPI</key>
    <array>
        <string>Lookup</string>
        <string>CopyInstalledAppsForLaunchServices</string>
    </array>
</dict>
</plist>

Run debugserver:

  • debugserver *:6666 -a Preferences

Debugserver crashes:

/usr/local/bin/debugserver: line 11:  2234 Killed: 9               /usr/bin/debugserver > /dev/null 2>&1
WARNING: -H is only present for compatibility with a fork of ldid
         you should NOT be manually specifying the hash algorithm
Killed: 9

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 24

Most upvoted comments

I’m using Chimera Jailbreak on iPhone 6+ running 12.1.2 and these are my steps to get debugserver running and attaching successfully.

  1. copy debugserver to your mac from your device from /Developer/usr/bin/debugserver
  2. resign debugserver using the following command: codesign -s - --entitlements entitlements.plist -f debugserver
  3. Use this entitlements.plist:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.backboardd.debugapplications</key>
    <true/>
    <key>com.apple.backboardd.launchapplications</key>
    <true/>
    <key>com.apple.diagnosticd.diagnostic</key>
    <true/>
    <key>com.apple.frontboard.debugapplications</key>
    <true/>
    <key>com.apple.frontboard.launchapplications</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.security.network.server</key>
    <true/>
    <key>com.apple.springboard.debugapplications</key>
    <true/>
    <key>com.apple.system-task-ports</key>
    <true/>
    <key>get-task-allow</key>
    <true/>
    <key>platform-application</key>
    <true/>
    <key>run-unsigned-code</key>
    <true/>
    <key>task_for_pid-allow</key>
    <true/>
</dict>
</plist>
  1. copy back debugserver to the device into /usr/bin/debugserver
  2. respring killall -9 SpringBoard
  3. then run debugserver using debugserver localhost:1234 -x backboard path_to_binary
  4. on your mac run lldb and connect as usual
+5
ouraigua-zz on May 14, 2019

@pwn20wndstuff

+3
s84088722 on Mar 13, 2019

i have figured it out.

  1. To solve failed to get connection from a remote gdb process issue: removes “seatbelt-profiles” from /usr/share/entitlements/debugserver.xml and resign debugserver. (They have fixed it already, so “seatbelt-profiles” has been removed from the newest version of debugserver.xml)

  2. To solve another EXC_BAD_ACCESS issue: The target process being debugged needs the get-task-allow entitlement. Resign the target app being debugged with the get-task-allow entitlement as a temporary workaround and it will work!

+2
holyswordman on Apr 1, 2019

Solved with ldid2 from cydia.radare.org repo and the following Entity:

<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>platform-application</key>
    <true/>
    <key>com.apple.private.security.container-required</key>
    <false/>
</dict>
</plist>

iPhone-Testing:/tmp root# ./roplevel1
Killed: 9
iPhone-Testing:/tmp root# ldid2  -SEntity.xml roplevel1
iPhone-Testing:/tmp root# ./roplevel1
Welcome to ROPLevel1 for ARM64! Created by Billy Ellis (@bellis1000)
+1
joanbono on Feb 13, 2020

i got the Failed to get connection from a remote gdb process error too im using iphone 6s 12.1.2 unc0ver v3.0.0 beta38 debugserver doesn’t work in iOS12?

+1
holyswordman on Mar 2, 2019
Read more comments on GitHub
← Undecimus: cynject (and thus cycript) is broken on iOS 12
Undecimus: [iOS 11+12] Please fix cydia-no-network error for China devices →