search

KJCracks / Clutch

Fast iOS executable dumper
3.7k stars 649 forks source link

Failed to dump com.netmarble.gdk #218

Open imlyj opened 6 years ago

imlyj commented 6 years ago

iOS version: 9.1 App bundle ID:com.netmarble.gdk App name: テリアサーガ

Log

./Clutch-2.0.4 -d com.netmarble.gdk Zipping gdk.app Error: Failed to dump with arch arm64

2018-05-24 11:22:04.997 Clutch-2.0.4[3635:290233] failed operation :( 2018-05-24 11:22:04.998 Clutch-2.0.4[3635:290233] application <NSOperationQueue: 0x154d57e00>{name = 'NSOperationQueue 0x154d57e00'} Error: Failed to dump

2018-05-24 11:22:04.999 Clutch-2.0.4[3635:290233] failed operation :( 2018-05-24 11:22:04.999 Clutch-2.0.4[3635:290233] application <NSOperationQueue: 0x154d57e00>{name = 'NSOperationQueue 0x154d57e00'} ASLR slide: 0x100058000 Dumping (arm64) Patched cryptid (64bit segment) Writing new checksum Zipping Unity-iPhone-Stickers.appex FAILED: Finished dumping com.netmarble.gdk in 37.8 seconds

miccayo commented 6 years ago

Yeah, I've been trying to dump a few applications today and some of it seemed to be specifically caused by stickers.

I was attempting to dump a game that was bundled with (iMessage) stickers, and it seemed to fail at that point. I went into the App's bundle and removed the stickers add-on (on-device) and then tried to dump again and was able to.

I'm using iOS 10.3.3.

Edit: Also, sometimes certain Frameworks fail to dump, I'm not sure why.

Tatsh commented 6 years ago

I am not sure if we can decrypt the stickers the same way we decrypt everything else, but we've not yet put in any code to arbitrarily delete things out of the app bundle that don't dump (like stickers and Watch apps) because we can't be sure the resulting bundle would install/work properly. This would need testing. Stickers should be able to dump though, because they are run on iOS but they are run from with Messages.

We have no ability to decrypt Watch apps at this time (yes dumping armv7k on an iOS device with our current code has been attempted). If someone can successfully run a Watch app on iOS, it's most likely possible to dump it. It would be better to get a public Watch jailbreak but 'nobody needs that' (as sayeth the community).

miccayo commented 6 years ago

There is a chance that you could exclude stickers, but if they are completely removed from the app's bundle it will fail to update from the App Store.

Tatsh commented 6 years ago

That's not very concerning because an installed dumped app should not trigger updates at all from the App Store. Presumably if this happened you could get a dumped app then install an update from the App Store, then it would be yours even if you never paid for it. I am pretty sure Apple has figured that out.

miccayo commented 6 years ago

I was dumping an app currently installed, that's all. The 'official' version would no longer update without a reinstall.

Tatsh commented 6 years ago

For that case we would just copy the files to a staging area before cleaning up and zipping. I don't believe we do this now (binaries are dumped to /tmp/clutch/...) but we should be.