limneos / classdump-dyld Goto Github PK

iPhone SE 13.2.2 w/ checkra1n jailbreak

Every time I run classdump-dyld with the -o outdir option I get the following error: 2019-11-27 12:21:17.581 classdump-dyld[43980:1265195] Could not create directory outdir. Check permissions.

The error appears if the directory already exists or not. I tried changing the outdir path to the fs root, /var/root/, /opt/, and editing permissions of the output directory with chmod 777 outdir.

Same results on both the cydia version (1.3-1) and the executble found in /iphone.

i've compiled from code but when i run for example
classdump-dyld -D /private/var/containers/Bundle/Application/F5F581E5-E214-4FB7-8193-93D4D1402DE1/MyTalkingTom.app/mytalkingtom
it just returns nothing, i've tried the sample application on ios 9.2.0 and it works fine

when i run for example
classdump-dyld /System/Library/Frameworks/UIKit.framework
or
classdump-dyld /usr/libexec/backboardd
it works fine, am i missing something?

in classdumpdyldlib/Makefile,

why libclassdumpdyld_FILES = classdumpdyldlib.mm instead of .mm? Seems a bug tome.

I can't compile until I change .mm to .xm, and in classdumpdyldlib dir there in deed only a .xm file

For example, try the Snapchat app v9.0. Dumps to about 60% & crashes

+1

Thanks

Can classdump-dyld run on mac os x?
Because non-jailbroken device can not run this tool.

Thanks very much.

Seems OSX is lack of a useable tool to dump or decryption.

Hi,

I'm using classdump-dyld to dump Instagram's headers, and have been for a long time. At some point a couple months ago, I started running into issues where it would dump a certain number of files and then crash. Note that the files are never actually written to the output folder, as if they're just stored in memory and not written until it successfully completes, which it doesn't.

Gets to 42% here:

iPhone:~ root# classdump-dyld /var/mobile/Containers/Bundle/Application/176992E6-9F75-4A3D-BB05-1C1C6D5676B0/Instagram.app/Instagram -o ~/out
  Dumping /var/mobile/Containers/Bundle/Application/176992E6-9F75-4A3D-BB05-1C1C6D5676B0/Instagram.app/Instagram...(3075 classes)  (injected with libclassdumpdyld.dylib) 
 42% [=====================                             ]  1320/3075 <IGStatusBarWindow>

Then SSH is disconnected (killed?)

Connection to localhost closed by remote host.
Connection to localhost closed.

Not sure what's going on here. It's like Instagram is intentionally causing this to prevent the app from being dumped, but that doesn't sound right.

I can't find a way to enable a verbose mode, so I'm not too sure what's going on behind the scenes.

I've also tried to inject it into Cycript and run it that way, but I run into similar issues.

Said issue:

iPhone:~ root# cycript -p Instagram
cy# dlopen("/usr/lib/libclassdumpdyld.dylib",RTLD_NOW);
(typedef void*)(0x14f02db10)
cy# dumpBundle=@encode(id(id))(dlsym(RTLD_DEFAULT,"dumpBundle"));
(extern "C" id dumpBundle(id))
cy# dumpBundle([NSBundle mainBundle ])
MS:Error: _krncall(mach_vm_read_overwrite(task, data, sizeof(*baton), reinterpret_cast<mach_vm_address_t>(baton), &error)) =4
*** _assert(status == 0):../Inject.cpp(143):InjectLibrary

Any help would be appreciated..

iPhone 6s (Happened on i5 as well), iOS 9.0

In my console log for my iPhone 5 I am getting an error every second.

Aug 16 11:38:01 Roberts-iPhone DuetLST[93] : Core Data: error: -executeRequest: encountered exception = Fatal error. The database at /var/mobile/Library/Duet/DuetLST.duetlog is corrupted. SQLite error code:11, 'database disk image is malformed' with userInfo = {
NSFilePath = "/var/mobile/Library/Duet/DuetLST.duetlog";
NSSQLiteErrorDomain = 11;
}
This only happens while my iPhone is not in "sleep mode".

1: command: classdump-dyld -o ./dyld_shared_cache_result/ -c
2: iOS Version: 13.3
3: Device:iPhoneSE
4:error message:
stringWithCString class_getImageName(protocol) empty

stringWithCString class_getImageName(protocol) empty

stringWithCString class_getImageName(protocol) empty
classdump-dyld(1038,0x102a19800) malloc: can't allocate region
*** mach_vm_map(size=32768) failed (error code=3)
classdump-dyld(1038,0x102a19800) malloc: *** set a breakpoint in malloc_error_break to debug
classdump-dyld(1038,0x102a19800) malloc: can't allocate region
*** mach_vm_map(size=32768) failed (error code=3)
classdump-dyld(1038,0x102a19800) malloc: *** set a breakpoint in malloc_error_break to debug
2020-01-09 11:07:45.006 classdump-dyld[1038:13256] *** Terminating app due to uncaught exception 'NSMallocException', reason: 'Out of memory. We suggest restarting the application. If you have an unsaved document, create a backup copy in Finder, then try to save.'
*** First throw call stack:
(0x1a423aa48 0x1a3f61fa4 0x1a4296220 0x1a4292104 0x1a41eff84 0x1a41dd66c 0x1a450f10c 0x10269c1f0 0x1a45390c8 0x102694f34 0x102691b50 0x1026986b8 0x10269b20c 0x1a403c360)
libc++abi.dylib: terminating with uncaught exception of type NSException
Abort trap: 6

Would be nice if you could ship an update to Lydia that includes the new cycript module from #8

Not really an issue - just wanted to say this is great and see if you planned to release the code.

Thanks!!

Hello,

when i try to make command, it says :

Making all for tool classdump-dyld...
make[2]: Nothing to be done for `internal-tool-compile'.
Making all in classdumpdyldlib...
Makefile:1: theos/makefiles/common.mk: No such file or directory
Theos version mismatch! common.mk [version 0] loaded in tandem with rules.mk [version 1] Check that $(THEOS) is set properly!
make[1]: *** [all] Error 1
make: *** [internal-all] Error 2

what can be the problem ? There is theos/makefiles/common.mk file in folder.

For example, UITableViewDataSource is a private class and a public protocol, so I assume what happens is the protocol gets dumped and then is overwritten when the class gets dumped, and the class dumped file attempts to import the protocol, which means the class will import itself.

Was this overlooked or is this behavior defined somewhere? And if so, why does the class still import itself...

My-Mac:classdump-dyld user123$ make

Making all for tool classdump-dyld…
==> Preprocessing main.xm…
==> Compiling main.xm (armv7)…
*main.xm:313:4: error: call to unavailable function 'system': not available on iOS
system([tryWithLib UTF8String]);
^~~~~~
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS11.4.sdk/usr/include/stdlib.h:195:6: note: candidate function has
been explicitly made unavailable
int system(const char ) __DARWIN_ALIAS_C(system);
^
1 error generated.
make[3]: *** [/Users/user123/Documents/classdump-dyld/.theos/obj/debug/armv7/main.xm.5c0a3bf6.o] Error 1
make[2]: *** [/Users/user123/Documents/classdump-dyld/.theos/obj/debug/armv7/classdump-dyld] Error 2
make[1]: *** [internal-tool-all_] Error 2
make: *** [classdump-dyld.all.tool.variables] Error 2
My-Mac:classdump-dyld user123$

Dumping /System/Library/PrivateFrameworks/NewsFoundation.framework/NewsFoundation...(15 classes)
Dumping /System/Library/PrivateFrameworks/NewsTransport.framework/NewsTransport...(204 classes)
99% [================================================= ] 202/204
2018-03-26 22:15:22.839 classdump-dyld[1189:153748] *** Assertion failure in +[SpringBoardUI load], /BuildRoot/Library/Caches/com.apple.xbs/Sources/SpringBoardUI/SpringBoard-3752.24/SpringBoardUI.m:57
2018-03-26 22:15:22.841 classdump-dyld[1189:153748] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'This process should not be linking or loading SpringBoardUI.framework (rdar://problem/26143166)'
*** First throw call stack:
(0x18672dd04 0x18597c528 0x18672dbd8 0x1870bdc24 0x19c94b818 0x18597e91c 0x18597fa84 0x104b3e4d4 0x104b43c18 0x104b44110 0x104b39018 0x104b40124 0x1861174d4 0x10499fc08 0x1049a3934 0x18611656c)
Abort trap: 6
X-4-Hack:~ root#

So i ran classdump-dyld -c -o headers
and got this error:

classdump-dyld[1672:183535] *** Terminating app due to uncaught exception 'NSRangeException', reason: '*** -[__NSSingleObjectArrayI objectAtIndex:]: index 1 beyond bounds [0 .. 0]'
*** First throw call stack:
(0x187f251b8 0x18695c55c 0x187f16420 0x10009b84c 0x10009ded4 0x10009fb84 0x186de15b8)
Abort trap: 6

Any idea of what is causing this?

Having a little problem dumping an app:

2017-10-23 23:07:23.496 BCApp[3259:162600] *** Terminating app due to uncaught exception 'NSRangeException', reason: '*** -[__NSSingleObjectArrayI objectAtIndex:]: index 1 beyond bounds [0 .. 0]'
*** First throw call stack:
(0x18eaad1b8 0x18d4e455c 0x18ea9e420 0x1025b3ef4 0x1025b5e2c 0x1025b8410 0x10253995c 0x102539b84 0x102534f2c 0x102533f50 0x102534004 0x102526438 0x10252a8f4 0x102525044)
  Done. Check "headers" directory.

In the sample output (https://github.com/limneos/classdump-dyld/blob/master/iphoneheaders/iOS7.0.3/System/Library/CoreServices/SpringBoard.app/SBFolderController.h), on line 15 (the @Class list), there's an empty comma in the list.

I have an iPad mini 2 with ios 11.1.2 jailbroken with Unc0ver.

I've downloaded and compiled the latest version however I'm having issues with no output being produced.

This following generates headers in the outdir folder as expected:
classdump-dyld -o outdir /System/Library/Frameworks/UIKit.framework

This generates no output:

classdump-dyld -o outdir /usr/libexec/backboardd
  Dumping /usr/libexec/backboardd...(96 classes)  (injected with libclassdumpdyld.dylib) 
  Writing /usr/libexec/backboardd headers to disk...
  All done for /usr/libexec/backboardd
  Done. Check "outdir" directory.

This is a app I am looking at is not encrypted and the output directory is empty:

classdump-dyld -o out /var/containers/Bundle/Application/A7F4E1DD-996F-48C4-99E5-E7803D36607B/blue.app/orange
  Done. Check "out" directory.

lipo -info /var/containers/Bundle/Application/A7F4E1DD-996F-48C4-99E5-E7803D36607B/blue.app/orange
Non-fat file: /var/containers/Bundle/Application/A7F4E1DD-996F-48C4-99E5-E7803D36607B/blue.app/orangeis architecture: arm64

otool -l /var/containers/Bundle/Application/A7F4E1DD-996F-48C4-99E5-E7803D36607B/blue.app/orange| grep -A 4 LC_ENCRYPTION_INFO
          cmd LC_ENCRYPTION_INFO_64
      cmdsize 24
     cryptoff 16384
    cryptsize 950272
      cryptid 0