mremap_encrypted: Operation not permitted

iPhone:/tmp root# fouldecrypt -v /var/containers/Bundle/Application/5D9125CB-EFD0-4235-BF46-FF308E079B48/AppleSupport.app/AppleSupport ./AppleSupport_ok22
17:49:01.705168	mapping input file: /var/containers/Bundle/Application/5D9125CB-EFD0-4235-BF46-FF308E079B48/AppleSupport.app/AppleSupport
17:49:01.706061	mapping output file: ./AppleSupport_ok22
17:49:01.707180	copying original data of size 0xa764e0...
17:49:01.716459	    not fat binary, directly decrypting it!
17:49:01.716491	    finding encryption_info segment in slide...
17:49:01.716499	        found encryption_info segment at offset d30
17:49:01.716505	    decrypting encrypted data...
17:49:01.716511	        Going to decrypt crypt page: off 0x4000 size 0x894000 cryptid 1, cpuType 100000c cpuSubType 0
17:49:01.716549	        Already 16k aligned, directly go ahead :)
17:49:01.716561	-->> 16k-aligned mmaping(0x0, 0x894000, 5, 0x2, 3, 0x4000)
17:49:01.716612	<<-- 16k-aligned mmaping(0x0, 0x894000, 5, 0x2, 3, 0x4000) = 0x104584000
17:49:01.716622	<<-- unprotect mremap_encrypted(0x104584000, 0x894000, 1, 0x100000c, 0x0)
mremap_encrypted: Operation not permitted
17:49:01.724322	-->> unprotect mremap_encrypted(0x104584000, 0x894000, 1, 0x100000c, 0x0) = -1

When trying to decrypt anything on an iPhone 7 Plus on iOS 14.8.1 jailbroken with checkra1n, this error shows up, both with the TFP0 and the libkrw versions.

flexdecrypt and appdecrypt work fine however with the same device/setup.

It was working (idk why tho), but after some time it is stopped, reboot does not help:

21:02:11.486183 mapping input file: /private/var/containers/Bundle/Application/305BDB97-8F66-4DB9-BDE8-5D34719E942F/agar.io.app/agar.io 21:02:11.488507 mapping output file: /private/var/containers/Bundle/Application/305BDB97-8F66-4DB9-BDE8-5D34719E942F/agar.io.app/agar.io.cracked 21:02:11.490390 copying original data of size 0x36ff9b0... 21:02:11.558694 handling 2 fat arches... 21:02:11.558736 handling fat arch 0, cpuType 0xc, cpuSubType 0x9, fileOff 0x4000, size 0x1997e60, align 0xe 21:02:11.558742 finding encryption_info segment in slide... 21:02:11.558745 found encryption_info segment at offset ce4 21:02:11.558748 decrypting encrypted data... 21:02:11.558750 Going to decrypt crypt page: off 0x4000 size 0x1464000 cryptid 1, cpuType c cpuSubType 9 21:02:11.558764 Already 16k aligned, directly go ahead :) 21:02:11.558773 -->> 16k-aligned mmaping(0x0, 0x1464000, 5, 0x2, 3, 0x8000) mmap: Operation not permitted 21:02:11.558824 <<-- 16k-aligned mmaping(0x0, 0x1464000, 5, 0x2, 3, 0x8000) = 0xffffffffffffffff 21:02:11.558827 <<-- unprotect mremap_encrypted(0xffffffffffffffff, 0x1464000, 1, 0xc, 0x9) mremap_encrypted: Invalid argument 21:02:11.558833 -->> unprotect mremap_encrypted(0xffffffffffffffff, 0x1464000, 1, 0xc, 0x9) = -1 21:02:11.558836 handling fat arch 1, cpuType 0x100000c, cpuSubType 0x0, fileOff 0x199c000, size 0x1d639b0, align 0xe 21:02:11.558841 finding encryption_info segment in slide... 21:02:11.558844 found encryption_info segment at offset fb8 21:02:11.558846 decrypting encrypted data... 21:02:11.558848 Going to decrypt crypt page: off 0x4000 size 0x1608000 cryptid 1, cpuType 100000c cpuSubType 0 21:02:11.558855 Already 16k aligned, directly go ahead :) 21:02:11.558857 -->> 16k-aligned mmaping(0x0, 0x1608000, 5, 0x2, 3, 0x19a0000) 21:02:11.558865 <<-- 16k-aligned mmaping(0x0, 0x1608000, 5, 0x2, 3, 0x19a0000) = 0x4b2e24000 21:02:11.558868 <<-- unprotect mremap_encrypted(0x4b2e24000, 0x1608000, 1, 0x100000c, 0x0) 21:02:11.558911 -->> unprotect mremap_encrypted(0x4b2e24000, 0x1608000, 1, 0x100000c, 0x0) = 0 21:02:11.558915 copying 0x69ec64000 to 0x4b2e24000, size 1608000 21:02:11.565635 copying enc pages, size: 0x1608000.. 21:02:11.568913 cleaning up...

Tried to open app to be cracked - opens successfully.

I get this error with one app. fouldecrypt works with other apps though.

i tried installing libkernrw-utils, libkernrw0, and dimentio.

i tried chmod +x on the frameworks in the app folder.

Edit: i tried all three parameters in the makefile (one at a time, 3 different debfiles), for kernrw, krw, tfp0. i have the devel files installed.

libkrw0, libkrw0-tfp0, and libdimentio0 are installed by default. i didnt touch those.

palerain-beta9, iphone7, ios 15.8.1, ellekit hooker.
zsh starship shell.

what did i do wrong.

❯ fouldecrypt -v /path/to/example-app-binary ~/Documents/example-binary-decrypted 22:51:01.614955 mapping input file: example-app-binary 22:51:01.615579 mapping output file: /var/mobile/Documents/example-app-binary 22:51:01.616126 copying original data of size 0x68d6a0... 22:51:01.646696  not fat binary, directly decrypting it! 22:51:01.646728  finding encryption_info segment in slide... 22:51:01.646734  found encryption_info segment at offset 1320 22:51:01.646738  decrypting encrypted data... 22:51:01.646741  Going to decrypt crypt page: off 0xb5000 size 0x1000 cryptid 1, cpuType 100000c cpuSubType 0 22:51:01.646748  Not 16k aligned, trying to do the hack :O failed patchfinder dimentio's init! Failed to init kerninfra!!

edit: not sure why, but today on some of my repeated attempts, i see this after the "trying to do the hack" part:
(actually, that value keeps changing each time. i tried a bunch, and these values repeat):

host: 0xA03
host: 0xB03
host: 0x1203
host: 0x1303
host: 0x1103
host: 0xC03
host: 0x903

maybe i need this? do i build it into fouldecrypt?
i installed fouldecrypt from your repo. maybe i should build from git?
https://github.com/NyaMisty/KernInfra

Hey! You did an amazing job! Thank you so much!
Could you help me add support for iOS 13? How exactly do I get the correct offsets for structures in kernstructs.hpp?

Got this error on iOS 15.7.1 Palera1n

# /usr/lib/Azule/bin/fouldecrypt -v Payload/App.app/App ./App
00:20:46.787578 mapping input file: Payload/App.app/App
00:20:46.788792 mapping output file: ./App
00:20:46.789914 copying original data of size 0x1391760...
00:20:46.811112     not fat binary, directly decrypting it!
00:20:46.811145     finding encryption_info segment in slide...
00:20:46.811151         found encryption_info segment at offset 1150
00:20:46.811156     decrypting encrypted data...
00:20:46.811160         Going to decrypt crypt page: off 0x4000 size 0xcc8000 cryptid 1, cpuType 100000c cpuSubType 0
00:20:46.811175         Already 16k aligned, directly go ahead :)
00:20:46.811184 -->> 16k-aligned mmaping(0x0, 0xcc8000, 5, 0x2, 3, 0x4000)
00:20:46.811232 <<-- 16k-aligned mmaping(0x0, 0xcc8000, 5, 0x2, 3, 0x4000) = 0x1073f0000
00:20:46.811239 <<-- unprotect mremap_encrypted(0x1073f0000, 0xcc8000, 1, 0x100000c, 0x0)
mremap_encrypted: Cannot allocate memory
00:20:46.812142 -->> unprotect mremap_encrypted(0x1073f0000, 0xcc8000, 1, 0x100000c, 0x0) = -1

Apparently the arm64e identifier changed between iOS 13 and iOS 14: https://www.reddit.com/r/jailbreak/comments/rk7n8l/help_diskprobe_error_incompatible_cpusubtype/hp93y9x/

I encountered the same message as the OP in the linked post. Googling led me to that post.

iPhone SE 2
iOS 13.7
unc0ver 6.0.0

My environment:

• Device: iPhone 7 GSM
• iOS: 14.6
• Jailbreak: checkra1n
• PC: Mac

How to dump ipa from mac CLI?

Your project doesn't have any instructions. Please provide anything.

I wanted to try this nice tool and used the binary of the Youtube ipa package. However, I get the following error:

BA:~ root# fouldecrypt -v YouTube yt-dc
21:47:10.764865	mapping input file: YouTube
21:47:10.766114	mapping output file: yt-dc
21:47:10.767689	copying original data of size 0xe184c0...
21:47:10.778300	    not fat binary, directly decrypting it!
21:47:10.778339	    finding encryption_info segment in slide...
21:47:10.778347	        found encryption_info segment at offset ba8
21:47:10.778352	    decrypting encrypted data...
21:47:10.778357	        Going to decrypt crypt page: off 0x4000 size 0x868000 cryptid 1, cpuType 100000c cpuSubType 0
21:47:10.778408	        Already 16k aligned, directly go ahead :)
21:47:10.778424	-->> 16k-aligned mmaping(0x0, 0x868000, 5, 0x2, 3, 0x4000)
mmap: Operation not permitted
21:47:10.778652	<<-- 16k-aligned mmaping(0x0, 0x868000, 5, 0x2, 3, 0x4000) = 0xffffffffffffffff
21:47:10.778662	<<-- unprotect mremap_encrypted(0xffffffffffffffff, 0x868000, 1, 0x100000c, 0x0)
mremap_encrypted: Invalid argument
21:47:10.778694	-->> unprotect mremap_encrypted(0xffffffffffffffff, 0x868000, 1, 0x100000c, 0x0) = -1

I am using an iPhone 6s with iOS 14,2 and fouldecrypt 0.0.3 from your repo.
Do you have an idea what the problem is?
Thanks in advance

Hi there! While trying out fouldecrypt on iOS 14.5 using the AltStore -> Fugu14 -> unc0ver Jailbreak on an iPhone XR I wasn't able to get fouldecrypt running successfully. Here's the log output of one attempt:

10:29:21.123326	mapping input file: /private/var/containers/Bundle/Application/7384EA7D-A396-4A76-88B6-F102431E33D9_tmp/Discord.app/Discord
10:29:21.128509	mapping output file: /private/var/containers/Bundle/Application/7384EA7D-A396-4A76-88B6-F102431E33D9_tmp/Discord.app/Discord
10:29:21.435733	copying original data of size 0x158c1d0...
10:29:21.454366	    not fat binary, directly decrypting it!
10:29:21.454458	    finding encryption_info segment in slide...
10:29:21.454467	        found encryption_info segment at offset 10f8
10:29:21.454476	    decrypting encrypted data...
10:29:21.454481	        Going to decrypt crypt page: off 0x356000 size 0x1000 cryptid 1, cpuType 100000c cpuSubType 0
10:29:21.454505	        Not 16k aligned, trying to do the hack :O
Error attempting to load plugin /usr/lib/libkrw/libFugu14Krw.dylib: dlopen(/usr/lib/libkrw/libFugu14Krw.dylib, 5): no suitable image found.  Did find:
	/usr/lib/libkrw/libFugu14Krw.dylib: incompatible cpu-subtype: 0x00000000 in /usr/lib/libkrw/libFugu14Krw.dylib
	/usr/lib/libkrw/libFugu14Krw.dylib: stat() failed with errno=60
10:29:21.750269	        successfully initialized kerninfra!
10:29:21.750393	            processing file off 354000-357000, curPage len: 3000, inPageStart: 2000, inPageEnd: 3000
10:29:21.750489	-->> directly 16k-aligned mmap mmaping(0x0, 0x3000, 5, 0x2, 4, 0x354000)
10:29:21.752934	<<-- directly 16k-aligned mmap mmaping(0x0, 0x3000, 5, 0x2, 4, 0x354000) = 0x1027fc000
10:29:21.752955	<<-- unprotect mremap_encrypted(0x1027fc000, 0x3000, 1, 0x100000c, 0x0)
mremap_encrypted: Operation not permitted
10:29:21.812483	-->> unprotect mremap_encrypted(0x1027fc000, 0x3000, 1, 0x100000c, 0x0) = -1

Especially the part mentioning mentioning /usr/lib/libkrw/libFugu14Krw.dylib gave me the impression, that the issue may be related to the specific Fugu14 exploit method?