search

ChiChou / bagbak

Yet another frida based iOS dumpdecrypted. Also decrypts app extensions
MIT License
1.12k stars 184 forks source link

在Dopamine越狱中出现这个问题 #130

Closed huami1314 closed 5 months ago

huami1314 commented 5 months ago

系统版本是15.4.1

x@xdeiMac ~ % /Users/x/.npm-global/bin/bagbak com.tencent.mqq -o ~/Desktop/QQ_8.9.96.229_Dump.ipa -d
remote root /private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app copy to /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload [info] pulling app bundle from device, please be patient [info] downloaded 12914 files and 732 folders [info] app bundle downloaded mach-o info /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/Frameworks/QQStartup.framework/QQStartup { path: '/var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/Frameworks/QQStartup.framework/QQStartup', type: 6, encryptInfo: { offset: 16384, size: 23592960, id: 0 }, encCmdOffset: 3488 } mach-o info /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/Frameworks/QQStartupOnLogin.framework/QQStartupOnLogin { path: '/var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/Frameworks/QQStartupOnLogin.framework/QQStartupOnLogin', type: 6, encryptInfo: { offset: 16384, size: 17580032, id: 0 }, encCmdOffset: 3504 } mach-o info /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/Frameworks/TXSoundTouch.framework/TXSoundTouch { path: '/var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/Frameworks/TXSoundTouch.framework/TXSoundTouch', type: 6, encryptInfo: { offset: 16384, size: 16384, id: 0 }, encCmdOffset: 1328 } mach-o info /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/Frameworks/UE4.framework/UE4 { path: '/var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/Frameworks/UE4.framework/UE4', type: 6, encryptInfo: { offset: 16384, size: 50577408, id: 0 }, encCmdOffset: 3104 } mach-o info /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/Frameworks/WeAppCoreSDK.framework/WeAppCoreSDK { path: '/var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/Frameworks/WeAppCoreSDK.framework/WeAppCoreSDK', type: 6, encryptInfo: { offset: 16384, size: 22609920, id: 0 }, encCmdOffset: 3408 } mach-o info /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/Frameworks/andromeda.framework/andromeda { path: '/var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/Frameworks/andromeda.framework/andromeda', type: 6, encryptInfo: { offset: 16384, size: 2228224, id: 0 }, encCmdOffset: 2200 } mach-o info /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/Frameworks/ilink.framework/ilink { path: '/var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/Frameworks/ilink.framework/ilink', type: 6, encryptInfo: { offset: 16384, size: 8060928, id: 0 }, encCmdOffset: 2912 } mach-o info /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/PlugIns/QQBroadCast.appex/QQBroadCast { path: '/var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/PlugIns/QQBroadCast.appex/QQBroadCast', type: 2, encryptInfo: { offset: 176128, size: 4096, id: 1 }, encCmdOffset: 2912 } mach-o info /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/PlugIns/QQNotificationContent.appex/QQNotificationContent { path: '/var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/PlugIns/QQNotificationContent.appex/QQNotificationContent', type: 2, encryptInfo: { offset: 65536, size: 4096, id: 1 }, encCmdOffset: 3072 } mach-o info /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/PlugIns/QQNotificationService.appex/QQNotificationService { path: '/var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/PlugIns/QQNotificationService.appex/QQNotificationService', type: 2, encryptInfo: { offset: 122880, size: 4096, id: 1 }, encCmdOffset: 3232 } mach-o info /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/PlugIns/QQShare.appex/QQShare { path: '/var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/PlugIns/QQShare.appex/QQShare', type: 2, encryptInfo: { offset: 131072, size: 4096, id: 1 }, encCmdOffset: 2992 } mach-o info /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/PlugIns/QQWidgetExtension.appex/QQWidgetExtension { path: '/var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/PlugIns/QQWidgetExtension.appex/QQWidgetExtension', type: 2, encryptInfo: { offset: 217088, size: 4096, id: 1 }, encCmdOffset: 2736 } mach-o info /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/QQ { path: '/var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload/QQ.app/QQ', type: 2, encryptInfo: { offset: 209747968, size: 4096, id: 1 }, encCmdOffset: 5472 } encrypted binaries Map(6) { 'QQ' => [ [ 'Frameworks/QQStartup.framework/QQStartup', [Object] ], [ 'Frameworks/QQStartupOnLogin.framework/QQStartupOnLogin', [Object] ], [ 'Frameworks/TXSoundTouch.framework/TXSoundTouch', [Object] ], [ 'Frameworks/UE4.framework/UE4', [Object] ], [ 'Frameworks/WeAppCoreSDK.framework/WeAppCoreSDK', [Object] ], [ 'Frameworks/andromeda.framework/andromeda', [Object] ], [ 'Frameworks/ilink.framework/ilink', [Object] ], [ 'QQ', [Object] ] ], 'PlugIns/QQBroadCast.appex/QQBroadCast' => [ [ 'PlugIns/QQBroadCast.appex/QQBroadCast', [Object] ] ], 'PlugIns/QQNotificationContent.appex/QQNotificationContent' => [ [ 'PlugIns/QQNotificationContent.appex/QQNotificationContent', [Object] ] ], 'PlugIns/QQNotificationService.appex/QQNotificationService' => [ [ 'PlugIns/QQNotificationService.appex/QQNotificationService', [Object] ] ], 'PlugIns/QQShare.appex/QQShare' => [ [ 'PlugIns/QQShare.appex/QQShare', [Object] ] ], 'PlugIns/QQWidgetExtension.appex/QQWidgetExtension' => [ [ 'PlugIns/QQWidgetExtension.appex/QQWidgetExtension', [Object] ] ] } main executable => /private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/QQ chmod: changing permissions of '/private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/QQ': Operation not permitted failed to execute "chmod +xX '/private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/QQ'", exited with code 1 pid => 10135 Failed to attach to pid 10135, skipping... Warning: Unable to dump Frameworks/QQStartup.framework/QQStartup Frameworks/QQStartupOnLogin.framework/QQStartupOnLogin Frameworks/TXSoundTouch.framework/TXSoundTouch Frameworks/UE4.framework/UE4 Frameworks/WeAppCoreSDK.framework/WeAppCoreSDK Frameworks/andromeda.framework/andromeda Frameworks/ilink.framework/ilink QQ main executable => /private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQBroadCast.appex/QQBroadCast chmod: changing permissions of '/private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQBroadCast.appex/QQBroadCast': Operation not permitted failed to execute "chmod +xX '/private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQBroadCast.appex/QQBroadCast'", exited with code 1 pid => 10138 Failed to attach to pid 10138, skipping... Warning: Unable to dump PlugIns/QQBroadCast.appex/QQBroadCast main executable => /private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQNotificationContent.appex/QQNotificationContent chmod: changing permissions of '/private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQNotificationContent.appex/QQNotificationContent': Operation not permitted failed to execute "chmod +xX '/private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQNotificationContent.appex/QQNotificationContent'", exited with code 1 pid => 10141 Failed to attach to pid 10141, skipping... Warning: Unable to dump PlugIns/QQNotificationContent.appex/QQNotificationContent main executable => /private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQNotificationService.appex/QQNotificationService chmod: changing permissions of '/private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQNotificationService.appex/QQNotificationService': Operation not permitted failed to execute "chmod +xX '/private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQNotificationService.appex/QQNotificationService'", exited with code 1 pid => 10144 Failed to attach to pid 10144, skipping... Warning: Unable to dump PlugIns/QQNotificationService.appex/QQNotificationService main executable => /private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQShare.appex/QQShare chmod: changing permissions of '/private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQShare.appex/QQShare': Operation not permitted failed to execute "chmod +xX '/private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQShare.appex/QQShare'", exited with code 1 pid => 10147 Failed to attach to pid 10147, skipping... Warning: Unable to dump PlugIns/QQShare.appex/QQShare main executable => /private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQWidgetExtension.appex/QQWidgetExtension chmod: changing permissions of '/private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQWidgetExtension.appex/QQWidgetExtension': Operation not permitted failed to execute "chmod +xX '/private/var/containers/Bundle/Application/919EF47A-8B08-44AB-8895-7327717B9896/QQ.app/PlugIns/QQWidgetExtension.appex/QQWidgetExtension'", exited with code 1 pid => 10150 Failed to attach to pid 10150, skipping... Warning: Unable to dump PlugIns/QQWidgetExtension.appex/QQWidgetExtension payload => /var/folders/sn/q4t62kj97531pgwfnfvx3dlw0000gn/T/bagbak/com.tencent.mqq/Payload

ChiChou commented 5 months ago

Dopamine seems to have issues on process spawn and I don't have such device to debug.

需要好心人赞助我一台设备来测试

ChiChou commented 5 months ago

duplicated as #106

ChiChou commented 4 months ago

针对 Dompaine 做适配。 如果有兴趣测试的话:

  1. 克隆代码仓库 git clone https://github.com/ChiChou/bagbak.git
  2. 进入目录 cd bagbak
  3. 切换 dompaine 分支 git checkout dompaine
  4. 安装依赖 npm install
  5. 测试运行 DEBUG=1 ./bin/bagbak.js com.tencent.mqq --raw -f