Coder Social home page Coder Social logo

dumpdecrypted failed about xia0lldb HOT 13 OPEN

4ch12dy avatar 4ch12dy commented on June 1, 2024
dumpdecrypted failed

from xia0lldb.

Comments (13)

4ch12dy avatar 4ch12dy commented on June 1, 2024

你是不是改了文件?
这里你日志中的代码

NSString docPath = ((NSArray)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];

明显这里是一个NSString的指针,正常的代码是

NSString *docPath = ((NSArray*)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];

同理还有几处也是这样

from xia0lldb.

sepyeight avatar sepyeight commented on June 1, 2024

没有修改文件,download下来,直接用的,报错了,我尝试修改的/tmp下面报错信息:Error writing file,所以我就彷徨了

from xia0lldb.

4ch12dy avatar 4ch12dy commented on June 1, 2024

你把dumpdecrypted.py中

NSString docPath = ((NSArray)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];

处的代码贴出来看看,日志上显示这里的代码还是一样的,不是指针

from xia0lldb.

sepyeight avatar sepyeight commented on June 1, 2024

没找到贴图片的功能,我看了一下,这里贴log的话,(*)号会识别错误,自动不见了

error: <user expression 3>:178:44: no matching function for call to 'NSSearchPathForDirectoriesInDomains'
            NSString *docPath = ((NSArray*)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];
                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.4.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSPathUtilities.h:96:40: candidate function not viable: no known conversion from 'int' to 'NSSearchPathDirectory' for 1st argument
FOUNDATION_EXPORT NSArray<NSString *> *NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory directory, NSSearchPathDomainMask domainMask, BOOL expandTilde);
                                       ^

error: <user expression 3>:180:36: property 'UTF8String' not found on object of type 'NSString *'
            strlcpy(npath, docPath.UTF8String, sizeof(npath));
                                   ^

[*] now is image: 21,/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
[*] start dump [21] image:/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
error: <user expression 4>:178:44: no matching function for call to 'NSSearchPathForDirectoriesInDomains'
            NSString *docPath = ((NSArray*)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];
                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.4.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSPathUtilities.h:96:40: candidate function not viable: no known conversion from 'int' to 'NSSearchPathDirectory' for 1st argument
FOUNDATION_EXPORT NSArray<NSString *> *NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory directory, NSSearchPathDomainMask domainMask, BOOL expandTilde);
                                       ^

error: <user expression 4>:180:36: property 'UTF8String' not found on object of type 'NSString *'
            strlcpy(npath, docPath.UTF8String, sizeof(npath));
                                   ^

[-] image info is null, skip image # 




[*] Developed By xia0@2019

我用md编辑好,贴上来好了

from xia0lldb.

4ch12dy avatar 4ch12dy commented on June 1, 2024

嗯,两个问题:
1 , 将NSString *docPath = ((NSArray*)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];中的数字9改为NSDocumentDirectory

2,将strlcpy(npath, docPath.UTF8String, sizeof(npath));中的docPath.UTF8String改为[docPath UTF8String]

from xia0lldb.

sepyeight avatar sepyeight commented on June 1, 2024

抱歉大佬,我一点也不会ObjC

error: <user expression 3>:180:37: no known method '-UTF8String'; cast the message send to the method's return type
            strlcpy(npath, [docPath UTF8String], sizeof(npath));
                           ~~~~~~~~~^~~~~~~~~~~

[*] now is image: 21,/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
[*] start dump [21] image:/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
error: <user expression 4>:180:37: no known method '-UTF8String'; cast the message send to the method's return type
            strlcpy(npath, [docPath UTF8String], sizeof(npath));
                           ~~~~~~~~~^~~~~~~~~~~

[-] image info is null, skip image #

from xia0lldb.

4ch12dy avatar 4ch12dy commented on June 1, 2024

这样的话,我刚说的第二点你就不改试试。
事实上,代码都是没啥问题的,只是不同的lldb环境对代码的检测严格性有所不同

from xia0lldb.

sepyeight avatar sepyeight commented on June 1, 2024

还是不行,报错了,麻烦大佬了

error: <user expression 3>:180:36: property 'UTF8String' not found on object of type 'NSString *'
            strlcpy(npath, docPath.UTF8String, sizeof(npath));
                                   ^

[*] now is image: 21,/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
[*] start dump [21] image:/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
error: <user expression 4>:180:36: property 'UTF8String' not found on object of type 'NSString *'
            strlcpy(npath, docPath.UTF8String, sizeof(npath));

from xia0lldb.

4ch12dy avatar 4ch12dy commented on June 1, 2024

这样改,(char*)[docPath dataUsingEncoding:NSUTF8StringEncoding]
或者(char*)[(NSString*)docPath dataUsingEncoding:NSUTF8StringEncoding]以及
(const char*)[docPath dataUsingEncoding:NSUTF8StringEncoding]还有
(const char*)[docPath dataUsingEncoding:4]
再不行的话,只能换台手机了

from xia0lldb.

sepyeight avatar sepyeight commented on June 1, 2024

没有报错,但是写文件的时候路径出错了,不行晚上我直接写死试试
[+] Executable is a plain MACH-O image
[+] Opening ym??/Ares.decrypted for writing.
[-] Failed opening

from xia0lldb.

4ch12dy avatar 4ch12dy commented on June 1, 2024

什么app,我这边试下

from xia0lldb.

sepyeight avatar sepyeight commented on June 1, 2024

公司内测的,从testfight下的,给我的时候装好了~~~,要是给我ipa也好啊。。。。

from xia0lldb.

sepyeight avatar sepyeight commented on June 1, 2024

谢谢大佬,按照您给的思路,我google修改了一下

const char *docPathChar =[docPath cStringUsingEncoding:NSUTF8StringEncoding];
printf("[+] test docPath %s\n", docPathChar);

好了,可以正常dump了

from xia0lldb.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.