Error in choose.py

$ lldb

[traceOC]: trace ObjectC function call
traceOC
more usage, try "traceOC -h"

[xutil]: some util tool for debug, this command is flexable and some options maybe remove future
xutil [-b addr, -s module, -l dylib]
more usage, try "xutil -h"
error: module importing failed: invalid syntax (choose.py, line 274)
File "temp.py", line 1, in

error: module importing failed: Missing parentheses in call to 'print'. Did you mean print('please specify the param, for example: "-[UIView initWithFrame:]"')? (xbr.py, line 531)
File "temp.py", line 1, in

error: module importing failed: invalid syntax (dumpdecrypted.py, line 431)
File "temp.py", line 1, in

from xia0lldb.

Error in choose.py

$ lldb

[traceOC]: trace ObjectC function call

traceOC
more usage, try "traceOC -h"
[xutil]: some util tool for debug, this command is flexable and some options maybe remove future
xutil [-b addr, -s module, -l dylib]
more usage, try "xutil -h"
error: module importing failed: invalid syntax (choose.py, line 274)
File "temp.py", line 1, in

error: module importing failed: Missing parentheses in call to 'print'. Did you mean print('please specify the param, for example: "-[UIView initWithFrame:]"')? (xbr.py, line 531)
File "temp.py", line 1, in

error: module importing failed: invalid syntax (dumpdecrypted.py, line 431)
File "temp.py", line 1, in

traceOC还没完成…

from xia0lldb.

你那是什么app，我这边测试下

from xia0lldb.

➜ gif lldb
========
[traceOC]: trace ObjectC function call
traceOC
more usage, try "traceOC -h"
========
[xutil]: some util tool for debug, this command is flexable and some options maybe remove future
xutil [-b addr, -s module, -l dylib]
more usage, try "xutil -h"
error: module importing failed: invalid syntax (choose.py, line 274)
File "temp.py", line 1, in
error: module importing failed: Missing parentheses in call to 'print'. Did you mean print('please specify the param, for example: "-[UIView initWithFrame:]"')? (xbr.py, line 531)
File "temp.py", line 1, in
pcc
error: module importing failed: invalid syntax (dumpdecrypted.py, line 431)
File "temp.py", line 1, in
========
[debugme]: kill anti-debug in lldb
debugme
more usage, try "debugme -h"
========
[info]: get basic info of process/function/module/address/...
info [-m moduleName, -a address, -f funtionName, -u UserDefaults]
more usage, try "info -h"
error: module importing failed: invalid syntax (sbt.py, line 166)
File "temp.py", line 1, in

不论什么app，一连上lldb就会报这个错误，xbr完全用不了

from xia0lldb.

使用的最新的xia0LLDB吗，我这边测了下没有复现这个问题。从错误上看起来像是Python文件解析错误，是不是用的Python3？

from xia0lldb.

python -V
Python 2.7.10

默认要用python3么？

from xia0lldb.

用python2

from xia0lldb.

看起来应该是python环境造成的，没安装python3之前是正常的。安装python3之后就出现这个问题了，但实际上mac默认用的是python2。还在摸索该怎么解决！

from xia0lldb.

This error is done with bellow command:

defaults write com.apple.dt.lldb DefaultPythonVersion 2

The newest xcode11 use python3 defaultly, so this command change the python version from 3 to 2

from xia0lldb.

thanks! I will update xia0LLDB with python3 soon.

from xia0lldb.

[-] failed to get text segment:["rror: warning: format specifies type 'unsigned long' but the argument has type 'uint64_t' (aka 'unsigned long long')\nwarning: format specifies type 'unsigned long' but the argument has type 'uint64_t' (aka 'unsigned long long')\nwarning: ISO C++11 does not allow conversion from string literal to 'char *'\nerror: Couldn't lookup symbols:\n _sprint"]

Couldn't lookup symbols:\n _sprint，这个bug解了吗

from xia0lldb.

Couldn't lookup symbols:\n _sprint，这个bug解了吗

什么app，我这边测下看看

from xia0lldb.

Couldn't lookup symbols:\n _sprint，这个bug解了吗

什么app，我这边测下看看

kwai_gif，6.9.1

from xia0lldb.

执行时机的问题，因为lldb attach以后，还没加载各个模块。参考这篇文章
http://4ch12dy.site/2019/09/23/lldb-dumpdecrypted/lldb-dumpdecrypted/
在xbr -E main 以后执行debugme(在执行之前一定要删除所有断点)

不过需要说明的一点在于，debugme主要针对ptrace以及恶心的svc内联汇编的反调试，其他方式的话debugme暂时没解决

另外补充一点在于某手的可执行文件里面并不包含关键代码，都在另一个dylib里面。所以需要手动分析

from xia0lldb.

执行时机的问题，因为lldb attach以后，还没加载各个模块。参考这篇文章
http://4ch12dy.site/2019/09/23/lldb-dumpdecrypted/lldb-dumpdecrypted/
在xbr -E main 以后执行debugme(在执行之前一定要删除所有断点)

不过需要说明的一点在于，debugme主要针对ptrace以及恶心的svc内联汇编的反调试，其他方式的话debugme暂时没解决

另外补充一点在于某手的可执行文件里面并不包含关键代码，都在另一个dylib里面。所以需要手动分析

哈哈，谢谢

from xia0lldb.