4ch12dy / xia0lldb Goto Github PK

raceback (most recent call last):
File "/Users/aaabbb/xia0LLDB/src/debugme.py", line 43, in handle_command
debugme(debugger)
File "/Users/aaabbb/xia0LLDB/src/debugme.py", line 718, in debugme
images = utils.get_all_image_of_app()
File "/Users/aaabbb/xia0LLDB/src/utils.py", line 102, in get_all_image_of_app
image_name = image_str.split(",")[1]
IndexError: list index out of range
[x] happy debugging~ kill antiDebug by xia0@2019

delete

iOS 13.3出现错误后再iOS9.1上也是这个错误

(lldb) debugme
[] start patch ptrace funtion to bypass antiDebug
[+] success ptrace funtion to bypass antiDebug
[] start patch svc ins to bypass antiDebug
[-] failed to get text segment:["rror: warning: format specifies type 'unsigned long' but the argument has type 'uint64_t' (aka 'unsigned long long')\nwarning: format specifies type 'unsigned long' but the argument has type 'uint64_t' (aka 'unsigned long long')\nwarning: ISO C++11 does not allow conversion from string literal to 'char *'\nerror: Couldn't lookup symbols:\n _sprint"]
[x] happy debugging~ kill antiDebug by xia0@2019

error: module importing failed: invalid syntax (sbt.py, line 166)
File "temp.py", line 1, in

报错了

Hi there,

How to uninstall xia0LLDB? I don't see it's documented

iphone6s
ios12.1.4
error msg:

error: <user expression 3>:178:44: no matching function for call to 'NSSearchPathForDirectoriesInDomains'
NSString docPath = ((NSArray)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.4.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSPathUtilities.h:96:40: candidate function not viable: no known conversion from 'int' to 'NSSearchPathDirectory' for 1st argument
FOUNDATION_EXPORT NSArray<NSString *> *NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory directory, NSSearchPathDomainMask domainMask, BOOL expandTilde);
^

error: <user expression 3>:180:36: property 'UTF8String' not found on object of type 'NSString *'
strlcpy(npath, docPath.UTF8String, sizeof(npath));
^

[] now is image: 21,/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
[] start dump [21] image:/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
error: <user expression 4>:178:44: no matching function for call to 'NSSearchPathForDirectoriesInDomains'
NSString docPath = ((NSArray)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.4.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSPathUtilities.h:96:40: candidate function not viable: no known conversion from 'int' to 'NSSearchPathDirectory' for 1st argument
FOUNDATION_EXPORT NSArray<NSString *> *NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory directory, NSSearchPathDomainMask domainMask, BOOL expandTilde);
^

error: <user expression 4>:180:36: property 'UTF8String' not found on object of type 'NSString *'
strlcpy(npath, docPath.UTF8String, sizeof(npath));
^

[-] image info is null, skip image #

[*] Developed By xia0@201

[xia0LLDB] + Loading all scripts from /path/to/xia0LLDB/src
error: cannot add command: user command exists and force replace not set
error: cannot add command: can't replace builtin command
error: cannot add command: can't replace builtin command
error: cannot add command: user command exists and force replace not set
error: cannot add command: user command exists and force replace not set
[xia0LLDB] * Finished

(lldb) dumpdecrypted -X
[] set breakpoint at CFBundleGetMainBundle
[] will continue process and dump
[] start execute dumpdecrypted
[] delete all breakpoints
[-] failed to auto get main module, use -m option
[-] failed to auto get main module, use -m option
Traceback (most recent call last):
File "/Users/XX/xia0LLDB/src/dumpdecrypted.py", line 51, in handle_command
ret = dumpdecrypted(debugger)
File "/Users/XX/xia0LLDB/src/dumpdecrypted.py", line 546, in dumpdecrypted
images = utils.get_all_image_of_app()
File "/Users/XX/xia0LLDB/src/utils.py", line 121, in get_all_image_of_app
if app_path.startswith("/private"):
AttributeError: 'NoneType' object has no attribute 'startswith'

手机：iPhone8 plus
系统：iOS14.2
越狱方式：unc0ver7.0.0

执行dumpdecrypted -X后报错，如下：
(lldb) dumpdecrypted -X
[] set breakpoint at CFBundleGetMainBundle
[] will continue process and dump
[] start execute dumpdecrypted
[] delete all breakpoints
[+] use "target list" to get main module:/private/var/containers/Bundle/Application/C1082122-4000-4896-8B91-E6BD52F37FA9/.app/
[+] use "target list" to get main module:/private/var/containers/Bundle/Application/C1082122-4000-4896-8B91-E6BD52F37FA9/.app/
[] app dir:/var/containers/Bundle/Application/C1082122-4000-4896-8B91-E6BD52F37FA9/***.app
[-] failed to get app images from:error: while importing modules:
While building module 'Foundation' imported from LLDBModulesMemoryBuffer:1:
While building module 'Security' imported from /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSURLCredential.h:9:
In file included from :2:
In file included from /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/System/Library/Frameworks/Security.framework/Headers/Security.h:35:
In file included from /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/System/Library/Frameworks/Security.framework/Headers/SecImportExport.h:41:
/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/System/Library/Frameworks/Security.framework/Headers/SecKeychain.h:287:48: error: 'SecKeychainRef' is unavailable: not available on iOS
OSStatus SecKeychainOpen(const char *pathName, SecKeychainRef * __nonnull CF_RETURNS_RETAINED keychain);
^

/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX11.3.sdk/System/Library/Frameworks/Security.framework/Headers/SecBase.h:135:51: note: 'SecKeychainRef' has been explicitly marked unavailable here
typedef struct CF_BRIDGED_TYPE(id) __SecKeychain *SecKeychainRef

delete

(lldb) xbr -E main
Traceback (most recent call last):
File "/Users/mymac/Documents/GitHub/frida-ios-dump/xia0LLDB/src/xbr.py", line 527, in xbr
entryAddr_int = int(entryAddrStr.strip()[1:-1], 16)
ValueError: invalid literal for int() with base 16: 'rror: Execution was interrupted, reason: EXC_BAD_ACCESS (code=259, address=0x16f3db9c8).\nThe process has been returned to the state before expression evaluation'

你好，
更新到3.0以后，每次都会出现error: module importing failed: invalid pathname

error: module importing failed: invalid pathname

           https://github.com/4ch12dy/xia0LLDB
          Welcome to xia0LLDB - Python3 Edition
          ,--.          ,--.  ,--.   ,--.   ,------.  ,-----.   
,--.  ,--.`--' ,--,--. /    \ |  |   |  |   |  .-.  \ |  |) /_  
 \  `'  / ,--.' ,-.  ||  ()  ||  |   |  |   |  |  \  :|  .-.  \ 
 /  /.  \ |  |\ '-'  | \    / |  '--.|  '--.|  '--'  /|  '--' /  
'--'  '--'`--' `--`--'  `--'  `-----'`-----'`-------' `------'   

[xia0LLDB] * Version: 3.0 
[xia0LLDB] * Disabling color in output due to Xcode detected
[xia0LLDB] + Loading all scripts from /Development/GitHub/xia0LLDB/src
[xia0LLDB] * Finished 

请问是bug么？

Thank you for your scripts. They look so promising.

Unfortunately, running the debugme script on any app, results in a segmentation fault:

(lldb) debugme
[] start patch ptrace funtion to bypass anti debug
[+] ptrace funtion patach done
[] start patch svc ins to bypass anti debug
[+] use "target list" to get main module:/private/var/containers/Bundle/Application/62665631-5B78-4128-93DF-4F6DE5576C8D/test.app/test
[*] app dir:/var/containers/Bundle/Application/62665631-5B78-4128-93DF-4F6DE5576C8D/test.app
Stack dump:
0. Program arguments: /Applications/Xcode.app/Contents/Developer/usr/bin/lldb
Segmentation fault: 11

Any advice?

MacOS: Catalina
iPhone 6
iOS 12.4

===[E]===:error: <user expression 48>:10:29: definition of class NSNumber must be available to use Objective-C numeric literals NSString *c_size_str = [@(c_size) stringValue]; ^note: forward declaration of class hereerror: <user expression 48>:10:29: illegal type 'unsigned int' used in a boxed expression NSString *c_size_str = [@(c_size) stringValue]; ^~~~~~~~~error: <user expression 48>:37:73: extraneous ')' before ';' theDistance = frame_addr - (uintptr_t)implementation); ^error: <user expression 48>:57:73: extraneous ')' before ';' theDistance = frame_addr - (uintptr_t)implementation); ^error: <user expression 48>:81:31: definition of class NSNumber must be available to use Objective-C numeric literals [retStr appendString:(id)[@((uintptr_t)theDistance) stringValue]]; ^note: forward declaration of class hereerror: <user expression 48>:81:31: illegal type 'uintptr_t' (aka 'unsigned long') used in a boxed expression [retStr appendString:(id)[@((uintptr_t)theDistance) stringValue]];

6s，12.0系统
砸壳报错

error: Couldn't lookup symbols:
__Z7strrchrUa9enable_ifIXLb1EEEPci
__Z6strchrUa9enable_ifIXLb1EEEPci

error: Couldn't lookup symbols:
__Z7strrchrUa9enable_ifIXLb1EEEPci
__Z6strchrUa9enable_ifIXLb1EEEPci

error: Couldn't lookup symbols:
__Z7strrchrUa9enable_ifIXLb1EEEPci
__Z6strchrUa9enable_ifIXLb1EEEPci

error: Couldn't lookup symbols:
__Z7strrchrUa9enable_ifIXLb1EEEPci
__Z6strchrUa9enable_ifIXLb1EEEPci

[*] Developed By xia0@2019

在mac版本上使用后，会导致QT Creator无法正常调试，有办法兼容这个问题么？

(lldb) im li -o -f
"malloc_info", "ptr_refs", "cstr_refs", "find_variable", and "objc_refs" commands have been installed, use the "--help" options on these commands for detailed help.

so, consider not using abbreviations

想把debugme里面的反调试移植到frida里面，需要怎么做。

在万国觉醒上使用debugme时，在执行exp -lobjc -O --语句时失败。

手机：iPhone6
系统：iOS10.0.2
越狱方式：https://doubleh3lix.tihmstar.net/
使用最新的代码，执行lldb命令后直接执行dumpdecrypted -X然后就报错了。。

首先给个大大的赞。
Xcode终端输出的时候，颜色没有生效，效果是这样的：
frame #5: [file:[36m0x1814b1a00[0m mem:[2m0x196e65a00[0m] [33mCFNetwork[0m`__75-[__NSURLSessionLocal taskForClass:request:uploadFile:bodyData:completion:]_block_invoke + 32
请问怎么才能显示出来色彩？

rt

Hi there,

我在抖音启动到UIApplicationMain时加了断点，然后执行了debugme

提示似乎都正常也patch了，但是继续调试就会直接crash在

TikTok`___lldb_unnamed_symbol400947$$TikTok:
->  0x1071925a0 <+0>:  udf    #0x1
    0x1071925a4 <+4>:  ldr    x16, #0x8                 ; <+12>
    0x1071925a8 <+8>:  br     x16
    0x1071925ac <+12>: .long  0x0f024000                ; unknown opcode

crash 在 udf #0x1这里

(lldb) bt
* thread #24, queue = 'com.apple.root.background-qos', stop reason = EXC_BAD_INSTRUCTION (code=1, subcode=0x1)
  * frame #0: 0x00000001071925a0 TikTok`___lldb_unnamed_symbol400947$$TikTok
    frame #1: 0x0000000107193224 TikTok`___lldb_unnamed_symbol400952$$TikTok + 508
    frame #2: 0x0000000107193edc TikTok`___lldb_unnamed_symbol400954$$TikTok + 884
    frame #3: 0x0000000107199fe8 TikTok`___lldb_unnamed_symbol400972$$TikTok + 284
    frame #4: 0x0000000107199304 TikTok`___lldb_unnamed_symbol400969$$TikTok + 196

(lldb) choose WBStatus
error: expected ';' at end of declaration
error: extraneous ')' before ';'
error: expected ';' at end of declaration
error: definition of class NSNumber must be available to use Objective-C numeric literals
forward declaration of class here
error: illegal type 'uint64_t' (aka 'unsigned long long') used in a boxed expression
error: definition of class NSNumber must be available to use Objective-C numeric literals
forward declaration of class here
error: illegal type 'unsigned int' used in a boxed expression
error: definition of class NSNumber must be available to use Objective-C numeric literals
forward declaration of class here
error: illegal type 'uint64_t' (aka 'unsigned long long') used in a boxed expression
error: definition of class NSNumber must be available to use Objective-C numeric literals
forward declaration of class here
error: illegal type 'uint64_t' (aka 'unsigned long long') used in a boxed expression

Mac 10.14.6
xia0lldb 2.9
Xcode 11.3.1

Hi,
I would really appreciate if you could add more detailed documentation on how to use/run with possibly real examples of what the tool can do. I have been going over the readme/code attempting to understand how to fully utilize the tool but been failing to do so. I think a stronger "how to use" doc would significantly increase UX.

iPhone6
iOS12.3.1
Python3.6.8
MacOS

执行的指令和报错
(lldb) dumpdecrypted -X
[] set breakpoint at CFBundleGetMainBundle
[] will continue process and dump
[] start execute dumpdecrypted
[] delete all breakpoints
[-] failed to auto get main module, use -m option
[-] failed to auto get main module, use -m option
Traceback (most recent call last):
File "/Users/shiro/Downloads/xia0LLDB/src/dumpdecrypted.py", line 51, in handle_command
ret = dumpdecrypted(debugger)
File "/Users/shiro/Downloads/xia0LLDB/src/dumpdecrypted.py", line 545, in dumpdecrypted
images = utils.get_all_image_of_app()
File "/Users/shiro/Downloads/xia0LLDB/src/utils.py", line 91, in get_all_image_of_app
if app_path.startswith("/private"):
AttributeError: 'NoneType' object has no attribute 'startswith'

有点迷茫，想请教一下为什么会是执行python出问题，我对Python不是很熟

你好，可执行文件能砸壳成功，但是.framework砸壳不成功，请问这个有好的解决方案吗？

设备：iPhone6 用的checkra.in越狱的，系统12.4.5， 砸壳APP是喜马拉雅6.6.66版本

见截图

不知道是不是Aweme做了手脚导致看不到符号，还是xia0LLDB的问题？

(lldb) sbt -f "~/Downloads/block_symbol.json"
  ==========================================xia0LLDB===========================================
  BlockSymbolFile    "~/Downloads/block_symbol.json"
  =============================================================================================
  frame #0: [file:0x106348c54 mem:0x108fccc54] Aweme`___lldb_unnamed_symbol490826$$Aweme + 0 
  frame #1: [file:0x10457586c mem:0x1071f986c] Aweme`___lldb_unnamed_symbol163835$$Aweme + 1128 
  frame #2: [file:0x10a388a04 mem:0x10d00ca04] Aweme`___lldb_unnamed_symbol1098374$$Aweme + 532 
  frame #3: [file:0x10a387cd0 mem:0x10d00bcd0] Aweme`___lldb_unnamed_symbol1098363$$Aweme + 1252 
  frame #4: [file:0x10a2b7274 mem:0x10cf3b274] Aweme`___lldb_unnamed_symbol1089223$$Aweme + 108 
  frame #5: [file:0x10a387d74 mem:0x10d00bd74] Aweme`___lldb_unnamed_symbol1098366$$Aweme + 64 
  frame #6: [file:0x10a2b71e0 mem:0x10cf3b1e0] Aweme`___lldb_unnamed_symbol1089222$$Aweme + 168 
  frame #7: [file:0x10a2b7edc mem:0x10cf3bedc] Aweme`___lldb_unnamed_symbol1089234$$Aweme + 368 
  frame #8: [file:0x10a2b710c mem:0x10cf3b10c] Aweme`___lldb_unnamed_symbol1089221$$Aweme + 188 
  frame #9: [file:0x10a202724 mem:0x10ce86724] Aweme`___lldb_unnamed_symbol1081988$$Aweme + 772 
  frame #10: [file:0x10a34e374 mem:0x10cfd2374] Aweme`___lldb_unnamed_symbol1095859$$Aweme + 256 
  frame #11: [file:0x10a34e260 mem:0x10cfd2260] Aweme`___lldb_unnamed_symbol1095858$$Aweme + 96 
  frame #12: [file:0x10a2023f8 mem:0x10ce863f8] Aweme`___lldb_unnamed_symbol1081987$$Aweme + 260 
  frame #13: [file:0x10a2039f0 mem:0x10ce879f0] Aweme`___lldb_unnamed_symbol1082000$$Aweme + 152 
  frame #14: [file:0x10a202244 mem:0x10ce86244] Aweme`___lldb_unnamed_symbol1081986$$Aweme + 352 
  frame #15: [file:0x10a002234 mem:0x10cc86234] Aweme`___lldb_unnamed_symbol1060580$$Aweme + 908 
  frame #16: [file:0x10a0037b8 mem:0x10cc877b8] Aweme`___lldb_unnamed_symbol1060599$$Aweme + 264 
  frame #17: [file:0x1091fd3ac mem:0x10be813ac] Aweme`___lldb_unnamed_symbol909747$$Aweme + 212 
  frame #18: [file:0x184f39c44 mem:0x1a1d45c44] UIKitCore`-[UITextView keyboardInput:shouldInsertText:isMarkedText:] + 144 
  frame #19: [file:0x1849d9a88 mem:0x1a17e5a88] UIKitCore`-[UIKeyboardImpl callShouldInsertText:] + 72 
  frame #20: [file:0x1849ee188 mem:0x1a17fa188] UIKitCore`-[UIKeyboardImpl