search

4ch12dy / xia0LLDB

LLDB python scripts for iOS arm64 reversing by xia0
650 stars 114 forks source link

dumpdecrypted failed #8

Open sepyeight opened 4 years ago

sepyeight commented 4 years ago

iphone6s ios12.1.4 error msg:

error: <user expression 3>:178:44: no matching function for call to 'NSSearchPathForDirectoriesInDomains' NSString docPath = ((NSArray)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0]; ^~~~~~~~~~~ /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.4.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSPathUtilities.h:96:40: candidate function not viable: no known conversion from 'int' to 'NSSearchPathDirectory' for 1st argument FOUNDATION_EXPORT NSArray<NSString > NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory directory, NSSearchPathDomainMask domainMask, BOOL expandTilde); ^

error: <user expression 3>:180:36: property 'UTF8String' not found on object of type 'NSString *' strlcpy(npath, docPath.UTF8String, sizeof(npath)); ^

[] now is image: 21,/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares [] start dump [21] image:/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares error: <user expression 4>:178:44: no matching function for call to 'NSSearchPathForDirectoriesInDomains' NSString docPath = ((NSArray)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0]; ^~~~~~~~~~~ /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.4.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSPathUtilities.h:96:40: candidate function not viable: no known conversion from 'int' to 'NSSearchPathDirectory' for 1st argument FOUNDATION_EXPORT NSArray<NSString > NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory directory, NSSearchPathDomainMask domainMask, BOOL expandTilde); ^

error: <user expression 4>:180:36: property 'UTF8String' not found on object of type 'NSString *' strlcpy(npath, docPath.UTF8String, sizeof(npath)); ^

[-] image info is null, skip image #

[*] Developed By xia0@201

4ch12dy commented 4 years ago

你是不是改了文件? 这里你日志中的代码

NSString docPath = ((NSArray)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];

明显这里是一个NSString的指针,正常的代码是

NSString *docPath = ((NSArray*)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];

同理还有几处也是这样

sepyeight commented 4 years ago

没有修改文件,download下来,直接用的,报错了,我尝试修改的/tmp下面报错信息:Error writing file,所以我就彷徨了

4ch12dy commented 4 years ago

你把dumpdecrypted.py中

NSString docPath = ((NSArray)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];

处的代码贴出来看看,日志上显示这里的代码还是一样的,不是指针

sepyeight commented 4 years ago

没找到贴图片的功能,我看了一下,这里贴log的话,(*)号会识别错误,自动不见了

error: <user expression 3>:178:44: no matching function for call to 'NSSearchPathForDirectoriesInDomains'
            NSString *docPath = ((NSArray*)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];
                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.4.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSPathUtilities.h:96:40: candidate function not viable: no known conversion from 'int' to 'NSSearchPathDirectory' for 1st argument
FOUNDATION_EXPORT NSArray<NSString *> *NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory directory, NSSearchPathDomainMask domainMask, BOOL expandTilde);
                                       ^

error: <user expression 3>:180:36: property 'UTF8String' not found on object of type 'NSString *'
            strlcpy(npath, docPath.UTF8String, sizeof(npath));
                                   ^

[*] now is image: 21,/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
[*] start dump [21] image:/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
error: <user expression 4>:178:44: no matching function for call to 'NSSearchPathForDirectoriesInDomains'
            NSString *docPath = ((NSArray*)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];
                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.4.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSPathUtilities.h:96:40: candidate function not viable: no known conversion from 'int' to 'NSSearchPathDirectory' for 1st argument
FOUNDATION_EXPORT NSArray<NSString *> *NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory directory, NSSearchPathDomainMask domainMask, BOOL expandTilde);
                                       ^

error: <user expression 4>:180:36: property 'UTF8String' not found on object of type 'NSString *'
            strlcpy(npath, docPath.UTF8String, sizeof(npath));
                                   ^

[-] image info is null, skip image # 

[*] Developed By xia0@2019

我用md编辑好,贴上来好了

4ch12dy commented 4 years ago

嗯,两个问题: 1 , 将NSString *docPath = ((NSArray*)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];中的数字9改为NSDocumentDirectory

2,将strlcpy(npath, docPath.UTF8String, sizeof(npath));中的docPath.UTF8String改为[docPath UTF8String]

sepyeight commented 4 years ago

抱歉大佬,我一点也不会ObjC

error: <user expression 3>:180:37: no known method '-UTF8String'; cast the message send to the method's return type
            strlcpy(npath, [docPath UTF8String], sizeof(npath));
                           ~~~~~~~~~^~~~~~~~~~~

[*] now is image: 21,/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
[*] start dump [21] image:/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
error: <user expression 4>:180:37: no known method '-UTF8String'; cast the message send to the method's return type
            strlcpy(npath, [docPath UTF8String], sizeof(npath));
                           ~~~~~~~~~^~~~~~~~~~~

[-] image info is null, skip image #
4ch12dy commented 4 years ago

这样的话,我刚说的第二点你就不改试试。 事实上,代码都是没啥问题的,只是不同的lldb环境对代码的检测严格性有所不同

sepyeight commented 4 years ago

还是不行,报错了,麻烦大佬了

error: <user expression 3>:180:36: property 'UTF8String' not found on object of type 'NSString *'
            strlcpy(npath, docPath.UTF8String, sizeof(npath));
                                   ^

[*] now is image: 21,/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
[*] start dump [21] image:/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
error: <user expression 4>:180:36: property 'UTF8String' not found on object of type 'NSString *'
            strlcpy(npath, docPath.UTF8String, sizeof(npath));
4ch12dy commented 4 years ago

这样改,(char*)[docPath dataUsingEncoding:NSUTF8StringEncoding] 或者(char*)[(NSString*)docPath dataUsingEncoding:NSUTF8StringEncoding]以及 (const char*)[docPath dataUsingEncoding:NSUTF8StringEncoding]还有 (const char*)[docPath dataUsingEncoding:4] 再不行的话,只能换台手机了

sepyeight commented 4 years ago

没有报错,但是写文件的时候路径出错了,不行晚上我直接写死试试 [+] Executable is a plain MACH-O image [+] Opening ym??/Ares.decrypted for writing. [-] Failed opening

4ch12dy commented 4 years ago

什么app,我这边试下

sepyeight commented 4 years ago

公司内测的,从testfight下的,给我的时候装好了~~~,要是给我ipa也好啊。。。。

sepyeight commented 4 years ago

谢谢大佬,按照您给的思路,我google修改了一下

const char *docPathChar =[docPath cStringUsingEncoding:NSUTF8StringEncoding];
printf("[+] test docPath %s\n", docPathChar);

好了,可以正常dump了