tlrobinson.net / blog

iPhone crash report gives insight into iPhone software

So, I’ve already managed to “crash” the iPhone, but of course since it runs “OS X” with protected memory and all that fun stuff (and this wasn’t a kernel panic), the crash consisted of Safari closing and returning to the home screen, not completely freezing like my RAZR always did whenever I would try to enter text without putting a space between each letter. I would have to s e n d t e x t m e s s a g e s l i k e t h i s).

The next time I synced, iTunes prompted me for permission to submit a crash report to Apple, and also provided me with the location of the crash report:

/Library/Logs/CrashReporter/MobileDevice/iPhone name/

It looks pretty much like any standard Mac OS X crash report, with some basic OS info along with stack traces for each thread, which thread crashed, CPU register values, and binary image information.

Here’s what I’ve gotten out of it:

1. Apple is calling iPhone’s operating system “OS X 1.0″… no big surprise
2. iPhone’s Safari is called “MobileSafari”
3. The home screen is called “SpringBoard”
4. MobileSafari was process 98 (pretty much meaningless), while SpringBoard was process 15 (compared to Mac OS X’s equivalent, WindowServer, which is process 73 on my Mac).. this gives us an idea of how many processes are running
5. There a bunch of new frameworks we’ve never heard of (including Celestial, MobileBluetooth, IOMobileFramebuffer, CoreSurface, CoreTelephony, numerous others, and liblockdown which sounds rather ominous and intriguing…)
6. …as well as a bunch that we know and love (including Foundation, CoreAudio, CoreVideo, CoreGraphics, IOKit, WeKit, WebCore, JavaScriptCore, CFNetwork, and actually LayerKit which is now known as our friend CoreAnimation)
7. Noticeably absent is AppKit (no big surprise, since very few UI elements look like Cocoa’s), but in it’s place appears to be UIKit.
8. The filesystem structure looks similar to Mac OS X (/Applications, /System/Library/Frameworks, etc)
9. iPhone most definitely runs on an ARM processor, but we already knew that
10. It crashed in WebCore

Some of this makes me think that Apple simply isn’t ready to release an external Cocoa API to the public. Things like LayerKit would need to be changed to CoreAnimation, and UIKit would probably be given a different name, among others. And of course Apple would have to decide on a stable set of APIs before releasing it to 3rd party developers, wheras right now if they need to change something, they have complete control and can do whatever they like.

Process: MobileSafari [98] Path: /Applications/MobileSafari.app/MobileSafari Version: N/A (N/A) Code Type: 0000000C (Native) Effective UID: 0 Parent Process: SpringBoard [15]</p> <p>Date/Time: 2007-06-29 22:13:47.043 -0700 OS Version: OS X 1.0 (1A543a) Report Version: 6</p> <p>Exception Type: EXC_BAD_ACCESS Exception Codes: KERN_PROTECTION_FAILURE at 0×00000004 Crashed Thread: 2</p> <p>Thread 0: 0 libSystem.B.dylib 0×300053f4 0×30000000 + 21492 1 libSystem.B.dylib 0×30005373 0×30000000 + 21363 2 CoreFoundation 0×303fdaa7 0×303e7000 + 92839 3 CoreFoundation 0×303fd5fb 0×303e7000 + 91643 4 GraphicsServices 0×3098bb64 0×30988000 + 15204 5 UIKit 0×323b9928 0×323ab000 + 59688 6 UIKit 0×323b1f54 0×323ab000 + 28500 7 UIKit 0×323b75dc 0×323ab000 + 50652 8 MobileSafari 0×000051ec 0×1000 + 16876 9 MobileSafari 0×00004b98 0×1000 + 15256</p> <p>Thread 1: 0 libSystem.B.dylib 0×300053f4 0×30000000 + 21492 1 libSystem.B.dylib 0×30005373 0×30000000 + 21363 2 GraphicsServices 0×3098e258 0×30988000 + 25176 3 libSystem.B.dylib 0×300173db 0×30000000 + 95195</p> <p>Thread 2 Crashed: 0 CoreFoundation 0×303ea0a3 0×303e7000 + 12451 1 WebCore 0×313594fc 0×31351000 + 34044 2 WebCore 0×313546d8 0×31351000 + 14040 3 UIKit 0×3246b0dc 0×323ab000 + 786652 4 UIKit 0×3246b2ec 0×323ab000 + 787180 5 WebCore 0×315b1f74 0×31351000 + 2494324 6 WebCore 0×315b204c 0×31351000 + 2494540 7 CoreFoundation 0×303fd8a1 0×303e7000 + 92321 8 CoreFoundation 0×303fd5fb 0×303e7000 + 91643 9 WebCore 0×315b198c 0×31351000 + 2492812 10 libSystem.B.dylib 0×300173db 0×30000000 + 95195</p> <p>Thread 3: 0 libSystem.B.dylib 0×300053f4 0×30000000 + 21492 1 libSystem.B.dylib 0×30005373 0×30000000 + 21363 2 CoreFoundation 0×303fdaa7 0×303e7000 + 92839 3 CoreFoundation 0×303fd5fb 0×303e7000 + 91643 4 Foundation 0×308e9d3f 0×3085e000 + 572735 5 Foundation 0×308c5cd1 0×3085e000 + 425169 6 Foundation 0×308c5bd7 0×3085e000 + 424919 7 libSystem.B.dylib 0×300173db 0×30000000 + 95195</p> <p>Thread 4: 0 libSystem.B.dylib 0×30018fd8 0×30000000 + 102360 1 libSystem.B.dylib 0×3009aa64 0×30000000 + 633444 2 libSystem.B.dylib 0×300173db 0×30000000 + 95195</p> <p>Thread 5: 0 libSystem.B.dylib 0×3008b224 0×30000000 + 569892 1 libSystem.B.dylib 0×30046b78 0×30000000 + 289656 2 CoreFoundation 0×3040b0e1 0×303e7000 + 147681 3 libSystem.B.dylib 0×300173db 0×30000000 + 95195</p> <p>Thread 2 crashed with ARM Thread State: r0: 0×00000000 r1: 0×00000000 r2: 0×02914550 r3: 0×00000000 r4: 0×03b5b750 r5: 0×00000000 r6: 0×001393b0 r7: 0×005528c0 r8: 0×02914550 r9: 0×00815a00 r10: 0×029d7a20 r11: 0×00000000 ip: 0×393513f4 sp: 0×005528b4 lr: 0×313594fc pc: 0×303ea0a2 cpsr: 0×60000030 instr: 0×0a1b686b</p> <p>Binary Images: 0×1000 – 0×52fff +MobileSafari UUID (110027FB42FC416B85EC7EEBEABB4EC6) /Applications/MobileSafari.app/MobileSafari 0×2fe00000 – 0×2fe39fff dyld UUID (64B27A87A815459D953C3260809F811A) /usr/lib/dyld 0×30000000 – 0×300fdfff libSystem.B.dylib UUID (DBF276FD7536468A8EC31DC5889AAEC7) /usr/lib/libSystem.B.dylib 0×3015d000 – 0×3019efff libstdc++.6.dylib UUID (CD0A5DCC6A164C86B91C79E15C552E9E) /usr/lib/libstdc++.6.dylib 0×301c7000 – 0×301d4fff AddressBook UUID (7D1B2DA0EC1D4A1382D5FE0B91851ACA) /System/Library/Frameworks/AddressBook.framework/AddressBook 0×301de000 – 0×301e7fff AppSupport UUID (4D84C1C39C7C4DB9981FEBF8E48FF450) /System/Library/Frameworks/AppSupport.framework/AppSupport 0×301ef000 – 0×30236fff CFNetwork UUID (9C95278D4B12440EB624E498C039538B) /System/Library/Frameworks/CFNetwork.framework/CFNetwork 0×3026d000 – 0×3032cfff Celestial UUID (15045615F83249D49720253EBDF9132A) /System/Library/Frameworks/Celestial.framework/Celestial 0×3036b000 – 0×303bcfff CoreAudio UUID (D2155600AF2A4EA2A22CB018E094AF48) /System/Library/Frameworks/CoreAudio.framework/CoreAudio 0×303e7000 – 0×30460fff CoreFoundation UUID (DE3331E0CE4D43DFAFAD084E689DE12F) /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation 0×30513000 – 0×307aafff CoreGraphics UUID (FDAFC52F5C724EB6BADC1176558E5304) /System/Library/Frameworks/CoreGraphics.framework/CoreGraphics 0×3081a000 – 0×30835fff CoreTelephony UUID (7B909435DABA409098995CC24EE26587) /System/Library/Frameworks/CoreTelephony.framework/CoreTelephony 0×3084b000 – 0×30855fff CoreVideo UUID (0CC5832A160D4508B4B678703F3FFD6C) /System/Library/Frameworks/CoreVideo.framework/CoreVideo 0×3085e000 – 0×30909fff Foundation UUID (8360F6E9E0044FDBB24A233E6A43EB14) /System/Library/Frameworks/Foundation.framework/Foundation 0×30988000 – 0×30990fff GraphicsServices UUID (1C4876C189F34562ACF6B7D44770FF97) /System/Library/Frameworks/GraphicsServices.framework/GraphicsServices 0×30998000 – 0×30a20fff IOKit UUID (03E5752F94E3424589F1C596ED08815D) /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit 0×30a3c000 – 0×30a9bfff JavaScriptCore UUID (4479A3420C764FA395933A371D148D6D) /System/Library/Frameworks/JavaScriptCore.framework/JavaScriptCore 0×30ac7000 – 0×30b17fff LayerKit UUID (B9468BD4F4F041C3ADA50B830305E7A2) /System/Library/Frameworks/LayerKit.framework/LayerKit 0×30b37000 – 0×30b3ffff MBX2D UUID (1583F2C2C78B4058BD8C1DF338738C05) /System/Library/Frameworks/MBX2D.framework/MBX2D 0×30b43000 – 0×30be9fff Message UUID (27857D95241E4AFCB70B016C3AA5C8C6) /System/Library/Frameworks/Message.framework/Message 0×30ca8000 – 0×30d5efff libcrypto.0.9.7.dylib UUID (632A0B6896CD450582B63F63BC561999) /usr/lib/libcrypto.0.9.7.dylib 0×30d97000 – 0×30e7ffff libiconv.2.dylib UUID (BFF8FECDB7AF4996AA7E47BA4E9D7A97) /usr/lib/libiconv.2.dylib 0×30e8a000 – 0×30e99fff libobjc.A.dylib UUID (1DF02759041D49AF9938563D172FC491) /usr/lib/libobjc.A.dylib 0×30ea3000 – 0×30f76fff libicucore.A.dylib UUID (C7BEFA4022D2414DBD2EF88A0285AC8E) /usr/lib/libicucore.A.dylib 0×3101c000 – 0×31047fff libsqlite3.0.dylib UUID (2F122880FFAC48318A753E1D788E7409) /usr/lib/libsqlite3.0.dylib 0×31065000 – 0×3108bfff libssl.0.9.7.dylib UUID (57F8FB4B1D104F8083173EBE067B613E) /usr/lib/libssl.0.9.7.dylib 0×31097000 – 0×31127fff libxml2.2.dylib UUID (EB77B5D5553B41659DA3EABDFF5E990E) /usr/lib/libxml2.2.dylib 0×31206000 – 0×312d2fff MeCCA UUID (5031D4A8F03B4605A6233D351EF790E0) /System/Library/Frameworks/MeCCA.framework/MeCCA 0×3131a000 – 0×31341fff Security UUID (7596924807BF47BA9F50D5748042107A) /System/Library/Frameworks/Security.framework/Security 0×31351000 – 0×31641fff WebCore UUID (F352EB10A6EB4A53963DC586589CDEFD) /System/Library/Frameworks/WebCore.framework/WebCore 0×31782000 – 0×317d6fff WebKit UUID (1AF51C0F747D47709E1ABBB0A117FC91) /System/Library/Frameworks/WebKit.framework/WebKit 0×31813000 – 0×3183cfff SystemConfiguration UUID (7FCD389840814C6EB34074C7787862D1) /System/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration 0×318d1000 – 0×318dffff libz.1.dylib UUID (019DB9B198DA46E98600C1417D98E6E9) /usr/lib/libz.1.dylib 0×3190e000 – 0×31910fff CoreSurface UUID (7280076DC074497CB145741A15FCE472) /System/Library/Frameworks/CoreSurface.framework/CoreSurface 0×3196a000 – 0×31973fff libIOAudio2User.dylib UUID (BB1533CF70F645FBAF6BB767A6A531A7) /usr/lib/libIOAudio2User.dylib 0×3197a000 – 0×31ab7fff AudioToolbox UUID (3049B1E982804982B3AE837C9367769D) /System/Library/Frameworks/AudioToolbox.framework/AudioToolbox 0×31baf000 – 0×31bb1fff MBXConnect UUID (B5E73A95A84E4706A922D56674D4809D) /System/Library/Frameworks/MBXConnect.framework/MBXConnect 0×31bb4000 – 0×31be5fff OpenGLES UUID (3405A88B732E4DF3A127E182483D9E69) /System/Library/Frameworks/OpenGLES.framework/OpenGLES 0×31bf8000 – 0×31bf9fff IOMobileFramebuffer UUID (AE80733EB6514BB88A6287971C7E09C9) /System/Library/Frameworks/IOMobileFramebuffer.framework/IOMobileFramebuffer 0×31c38000 – 0×31c3ffff libgcc_s_v6.1.dylib UUID (C3CE0B41C9CA490EAEADA6D7EB997082) /usr/lib/libgcc_s_v6.1.dylib 0×31db9000 – 0×31dbcfff liblockdown.dylib UUID (30A0EB0C05724FA487617B860E360B88) /usr/lib/liblockdown.dylib 0×3225d000 – 0×32269fff MobileBluetooth UUID (5F13101DF17B442D8DE5CD0BDB50D7AB) /System/Library/Frameworks/MobileBluetooth.framework/MobileBluetooth 0×32363000 – 0×32366fff ITSync UUID (B02A31E7730A46BCA6B336F097D542C4) /System/Library/Frameworks/ITSync.framework/ITSync 0×3236b000 – 0×3236dfff URLify UUID (54B6437BCD3A452F9CC7493CB9E010FF) /System/Library/Frameworks/URLify.framework/URLify 0×323ab000 – 0×324f3fff UIKit UUID (8A129F9979114365B637E144A3C67868) /System/Library/Frameworks/UIKit.framework/UIKit 0×32595000 – 0×325d4fff AddressBookUI UUID (0E6FBEAA0D9C411FB1F0794F35D2CFBA) /System/Library/Frameworks/AddressBookUI.framework/AddressBookUI 0×325f6000 – 0×3261dfff MessageUI UUID (ED6F6EA00B1346BEB98F00733C936922) /System/Library/Frameworks/MessageUI.framework/MessageUI

Update: John Gruber, Martin Gordon, and an empegbbs.com forum member have also posted crash logs, from MobileMail, Preferences, and MobilePhone respectively. They appear to be similar to my crash log, but below I have aggregated and sorted all the referenced Frameworks:

Applications:

• Preferences
• MobileMail
• MobilePhone
• MobileSafari

Libraries (existing):

• AddressBook
• AppSupport
• AudioToolbox
• CFNetwork
• CoreAudio
• CoreFoundation
• CoreGraphics
• CoreVideo
• Foundation
• IOKit
• JavaScriptCore
• LayerKit – now known as CoreAnimation
• SystemConfiguration
• WebCore
• WebKit
• dyld – dynamic link editor
• libSystem.B.dylib
• libcrypto.0.9.7.dylib
• libgcc_s_v6.1.dylib
• libiconv.2.dylib
• libicucore.A.dylib
• libobjc.A.dylib
• libsqlite3.0.dylib
• libssl.0.9.7.dylib
• libstdc++.6.dylib
• libxml2.2.dylib
• libz.1.dylib

Libraries (new):

• AddressBookUI
• AirPortSettings (Preferences only)
• BluetoothManager (only when Bluetooth is enabled?)
• Calendar (Preferences only)
• Celestial
• CoreSurface
• CoreTelephony
• GraphicsServices
• IAP (Preferences only)
• IOMobileFramebuffer
• ITSync
• MBX2D
• MBXConnect
• MeCCA
• Message
• MessageUI
• MobileBluetooth
• MobileMailSettings (Preferences only)
• MobileMusicPlayer (Preferences only)
• MusicLibrary (Preferences only)
• OpenGLES (Preferences only)
• Security
• TelephonyUI (MobilePhone and Preferences only)
• UIKit
• URLify
• libIOAudio2User.dylib
• liblockdown.dylib

And finally, what we know about the filesystem:

/Applications/MobileMail.app/MobileMail /Applications/MobilePhone.app/MobilePhone /Applications/MobileSafari.app/MobileSafari /Applications/Preferences.app/Preferences /System/Library/Frameworks/AddressBook.framework/AddressBook /System/Library/Frameworks/AddressBookUI.framework/AddressBookUI /System/Library/Frameworks/AppSupport.framework/AppSupport /System/Library/Frameworks/AudioToolbox.framework/AudioToolbox /System/Library/Frameworks/BluetoothManager.framework/BluetoothManager /System/Library/Frameworks/CFNetwork.framework/CFNetwork /System/Library/Frameworks/Calendar.framework/Calendar /System/Library/Frameworks/Celestial.framework/Celestial /System/Library/Frameworks/CoreAudio.framework/CoreAudio /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation /System/Library/Frameworks/CoreGraphics.framework/CoreGraphics /System/Library/Frameworks/CoreSurface.framework/CoreSurface /System/Library/Frameworks/CoreTelephony.framework/CoreTelephony /System/Library/Frameworks/CoreVideo.framework/CoreVideo /System/Library/Frameworks/Foundation.framework/Foundation /System/Library/Frameworks/GraphicsServices.framework/GraphicsServices /System/Library/Frameworks/IAP.framework/IAP /System/Library/Frameworks/IOKit.framework/Versions/A/IOKit /System/Library/Frameworks/IOMobileFramebuffer.framework/IOMobileFramebuffer /System/Library/Frameworks/ITSync.framework/ITSync /System/Library/Frameworks/JavaScriptCore.framework/JavaScriptCore /System/Library/Frameworks/LayerKit.framework/LayerKit /System/Library/Frameworks/MBX2D.framework/MBX2D /System/Library/Frameworks/MBXConnect.framework/MBXConnect /System/Library/Frameworks/MeCCA.framework/MeCCA /System/Library/Frameworks/Message.framework/Message /System/Library/Frameworks/MessageUI.framework/MessageUI /System/Library/Frameworks/MobileBluetooth.framework/MobileBluetooth /System/Library/Frameworks/MobileMusicPlayer.framework/MobileMusicPlayer /System/Library/Frameworks/MusicLibrary.framework/MusicLibrary /System/Library/Frameworks/OpenGLES.framework/OpenGLES /System/Library/Frameworks/Preferences.framework/Preferences /System/Library/Frameworks/Security.framework/Security /System/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration /System/Library/Frameworks/TelephonyUI.framework/TelephonyUI /System/Library/Frameworks/UIKit.framework/UIKit /System/Library/Frameworks/URLify.framework/URLify /System/Library/Frameworks/WebCore.framework/WebCore /System/Library/Frameworks/WebKit.framework/WebKit /System/Library/PreferenceBundles/AirPortSettings.bundle/AirPortSettings /System/Library/PreferenceBundles/MobileMailSettings.bundle/MobileMailSettings /usr/lib/dyld /usr/lib/libIOAudio2User.dylib /usr/lib/libSystem.B.dylib /usr/lib/libcrypto.0.9.7.dylib /usr/lib/libgcc_s_v6.1.dylib /usr/lib/libiconv.2.dylib /usr/lib/libicucore.A.dylib /usr/lib/liblockdown.dylib /usr/lib/libobjc.A.dylib /usr/lib/libsqlite3.0.dylib /usr/lib/libssl.0.9.7.dylib /usr/lib/libstdc++.6.dylib /usr/lib/libxml2.2.dylib /usr/lib/libz.1.dylib

Anyone care to guess what some of these do?

Update #2: Well, this pretty blows away everything mentioned in this post. It’s a complete listing of all the files on the iPhone’s filesystem. These guys have already figured out how to activate (and deactivate) the iPhone, and appear to be getting pretty close to completely hacking the iPhone to run arbitrary code and possibly unlock it. Exciting stuff.

This entry was posted on Sunday, July 1st, 2007 at 5:00 am and is filed under Mac, iPhone. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.