search

KJCracks / Clutch

Fast iOS executable dumper
3.67k stars 646 forks source link

dumps the wrong app if the app name begins with number like 1.FM #257

Closed mailinglists35 closed 4 months ago

mailinglists35 commented 4 months ago

General information

Please delete the example text and fill this in:

Log

iPhone:~ root# ./Clutch-2.0.4-Debug -i | grep -- "1.FM.--FM"
68:  1.FM - Internet Radio - The Official App <1.FM.--FM>

iPhone:~ root# ./Clutch-2.0.4-Debug -v -d "1.FM.--FM"
ClutchPrint.m : 77 | using number
Now dumping com.adobe.lrmobilephone
ClutchPrint.m : 77 | ######## bundle URL file:///private/var/containers/Bundle/Application/C8B8F64E-CC79-41B2-908A-4F57D7A8B415
Preparing to dump <LrMobilePhone>
Path: /var/containers/Bundle/Application/C8B8F64E-CC79-41B2-908A-4F57D7A8B415/LrMobilePhone.app/LrMobilePhone
ClutchPrint.m : 77 | ######## bundle URL file:///private/var/containers/Bundle/Application/C8B8F64E-CC79-41B2-908A-4F57D7A8B415/LrMobilePhone.app/Frameworks/
Preparing to dump <PhotoCaptureDelegates>
Path: /var/containers/Bundle/Application/C8B8F64E-CC79-41B2-908A-4F57D7A8B415/LrMobilePhone.app/Frameworks/PhotoCaptureDelegates.framework/PhotoCaptureDelegates
ClutchPrint.m : 77 | ######## bundle URL file:///private/var/containers/Bundle/Application/C8B8F64E-CC79-41B2-908A-4F57D7A8B415/LrMobilePhone.app/Frameworks/
Preparing to dump <PhotoCaptureFramework>
Path: /var/containers/Bundle/Application/C8B8F64E-CC79-41B2-908A-4F57D7A8B415/LrMobilePhone.app/Frameworks/PhotoCaptureFramework.framework/PhotoCaptureFramework
ClutchPrint.m : 77 | ######## bundle URL file:///private/var/containers/Bundle/Application/C8B8F64E-CC79-41B2-908A-4F57D7A8B415/LrMobilePhone.app/PlugIns/
Preparing to dump <CameraWidgetPhone>
Path: /var/containers/Bundle/Application/C8B8F64E-CC79-41B2-908A-4F57D7A8B415/LrMobilePhone.app/PlugIns/CameraWidgetPhone.appex/CameraWidgetPhone
Zipping LrMobilePhone.app
ClutchPrint.m : 77 | Finding compatible dumper for binary <CameraWidgetPhone> with arch cputype: 12
ClutchPrint.m : 77 | Segment cputype: 12, cpusubtype: 9
ClutchPrint.m : 77 | Device cputype: 12, cpusubtype: 9
ClutchPrint.m : 77 | Dumper supports cputype 16777228
ClutchPrint.m : 77 | Dumper <ARM64Dumper> does not support the armv7 architecture
ClutchPrint.m : 77 | <ARM64Dumper: 0x17f8af70> cannot dump binary <CameraWidgetPhone> (arch armv7). Dumper not compatible, finding another dumper
ClutchPrint.m : 77 | Segment cputype: 12, cpusubtype: 9
ClutchPrint.m : 77 | Device cputype: 12, cpusubtype: 9
ClutchPrint.m : 77 | Dumper supports cputype 12
ClutchPrint.m : 77 | Found compatible dumper <ARMDumper: 0x17f8af70> for binary <CameraWidgetPhone> with arch armv7
ClutchPrint.m : 77 | 32bit Dumping: arch armv7 offset 16384
ClutchPrint.m : 77 | Finding compatible dumper for binary <PhotoCaptureDelegates> with arch cputype: 12
ClutchPrint.m : 77 | Segment cputype: 12, cpusubtype: 9
ClutchPrint.m : 77 | Device cputype: 12, cpusubtype: 9
ClutchPrint.m : 77 | Dumper supports cputype 12
ClutchPrint.m : 77 | Found compatible dumper <FrameworkDumper: 0x17f8ce80> for binary <PhotoCaptureDelegates> with arch armv7
ClutchPrint.m : 77 | FOUND __TEXT SEGMENT
ClutchPrint.m : 77 | FOUND ENCRYPTION INFO: cryptoff 16384 | cryptsize 16384 | cryptid 1
ClutchPrint.m : 77 | FOUND CODE SIGNATURE: dataoff 72880 | datasize 10464
ClutchPrint.m : 77 | binary path /var/containers/Bundle/Application/C8B8F64E-CC79-41B2-908A-4F57D7A8B415/LrMobilePhone.app/PlugIns/CameraWidgetPhone.appex/CameraWidgetPhone
ClutchPrint.m : 77 | found all required load commands for <CameraWidgetPhone> armv7
ClutchPrint.m : 77 | to MH_PIE or not to MH_PIE, that is the question
ClutchPrint.m : 77 | 32bit dumping: arch armv7 offset 16384
ClutchPrint.m : 77 | FOUND __TEXT SEGMENT
ClutchPrint.m : 77 | FOUND ENCRYPTION INFO: cryptoff 16384 | cryptsize 98304 | cryptid 1
ClutchPrint.m : 77 | FOUND CODE SIGNATURE: dataoff 275968 | datasize 10672
ClutchPrint.m : 77 | starting to ldid
ClutchPrint.m : 77 | got the pid 3687 /var/containers/Bundle/Application/C8B8F64E-CC79-41B2-908A-4F57D7A8B415/LrMobilePhone.app/PlugIns/CameraWidgetPhone.appex/CameraWidgetPhone
ClutchPrint.m : 77 | hello it's me
ClutchPrint.m : 77 | 16384 275968 603979776
ClutchPrint.m : 77 | Found CSSLOT_CODEDIRECTORY
ClutchPrint.m : 77 | hello from the other side
ClutchPrint.m : 77 | 16384 72880 738197504
ClutchPrint.m : 77 | Found CSSLOT_CODEDIRECTORY
ClutchPrint.m : 77 | Found main binary mach-o image @ 0x38000!
ASLR slide: 0x38000
ClutchPrint.m : 77 | checksum size 360
Dumping <CameraWidgetPhone> (armv7)
Patched cryptid (32bit segment)
Writing new checksum
ClutchPrint.m : 77 | Done writing checksum
ClutchPrint.m : 77 | done dumping
ClutchPrint.m : 77 | Sucessfully dumped armv7 segment of <CameraWidgetPhone>
ClutchPrint.m : 77 | Finding compatible dumper for binary <PhotoCaptureFramework> with arch cputype: 12
ClutchPrint.m : 77 | Segment cputype: 12, cpusubtype: 9
ClutchPrint.m : 77 | Device cputype: 12, cpusubtype: 9
ClutchPrint.m : 77 | Dumper supports cputype 12
ClutchPrint.m : 77 | Found compatible dumper <FrameworkDumper: 0x17ee75f0> for binary <PhotoCaptureFramework> with arch armv7
ClutchPrint.m : 77 | 32bit dumping: arch armv7 offset 16384
ClutchPrint.m : 77 | FOUND __TEXT SEGMENT
ClutchPrint.m : 77 | FOUND ENCRYPTION INFO: cryptoff 16384 | cryptsize 901120 | cryptid 1
ClutchPrint.m : 77 | FOUND CODE SIGNATURE: dataoff 2900368 | datasize 23488
ClutchPrint.m : 77 | starting to ldid
ClutchPrint.m : 77 | hello it's me
ClutchPrint.m : 77 | 16384 2900368 603979776
ClutchPrint.m : 77 | Found CSSLOT_CODEDIRECTORY
ClutchPrint.m : 77 | hello from the other side
ClutchPrint.m : 77 | i must have called a thousand times!
ClutchPrint.m : 77 | hello potato posix_spawn /var/tmp/clutch/7927C347-8BC2-4358-ADE4-27C5F9346F7E/clutch
ClutchPrint.m : 77 | Child pid: 3688
ClutchPrint.m : 77 | i must have called a thousand times!
ClutchPrint.m : 77 | hello potato posix_spawn /var/tmp/clutch/034B2DCC-90A3-4E37-8856-BE829C26DFA1/clutch
ClutchPrint.m : 77 | Child pid: 3689
ClutchPrint.m : 77 | Finding compatible dumper for binary <LrMobilePhone> with arch cputype: 12
ClutchPrint.m : 77 | Segment cputype: 12, cpusubtype: 9
ClutchPrint.m : 77 | Device cputype: 12, cpusubtype: 9
ClutchPrint.m : 77 | Dumper supports cputype 16777228
ClutchPrint.m : 77 | Dumper <ARM64Dumper> does not support the armv7 architecture
ClutchPrint.m : 77 | <ARM64Dumper: 0x17faa500> cannot dump binary <LrMobilePhone> (arch armv7). Dumper not compatible, finding another dumper
ClutchPrint.m : 77 | Segment cputype: 12, cpusubtype: 9
ClutchPrint.m : 77 | Device cputype: 12, cpusubtype: 9
ClutchPrint.m : 77 | Dumper supports cputype 12
ClutchPrint.m : 77 | Found compatible dumper <ARMDumper: 0x17faa500> for binary <LrMobilePhone> with arch armv7
ClutchPrint.m : 77 | 32bit Dumping: arch armv7 offset 16384
ClutchPrint.m : 77 | FOUND __TEXT SEGMENT
ClutchPrint.m : 77 | FOUND ENCRYPTION INFO: cryptoff 16384 | cryptsize 17514496 | cryptid 1
ClutchPrint.m : 77 | FOUND CODE SIGNATURE: dataoff 19879280 | datasize 107168
ClutchPrint.m : 77 | binary path /var/containers/Bundle/Application/C8B8F64E-CC79-41B2-908A-4F57D7A8B415/LrMobilePhone.app/LrMobilePhone
ClutchPrint.m : 77 | found all required load commands for <LrMobilePhone> armv7
ClutchPrint.m : 77 | to MH_PIE or not to MH_PIE, that is the question
ClutchPrint.m : 77 | got the pid 3690 /var/containers/Bundle/Application/C8B8F64E-CC79-41B2-908A-4F57D7A8B415/LrMobilePhone.app/LrMobilePhone
ClutchPrint.m : 77 | 16384 19879280 738197504
ClutchPrint.m : 77 | Found CSSLOT_CODEDIRECTORY
ClutchPrint.m : 77 | Found main binary mach-o image @ 0xdf000!
ASLR slide: 0xdf000
ClutchPrint.m : 77 | checksum size 97080
Dumping <LrMobilePhone> (armv7)
Patched cryptid (32bit segment)
Dumping <PhotoCaptureDelegates> armv7
Dumping <PhotoCaptureFramework> armv7
Successfully dumped framework PhotoCaptureDelegates!
ClutchPrint.m : 77 | Child exited with status 0
ClutchPrint.m : 77 | Sucessfully dumped armv7 segment of <PhotoCaptureDelegates>
Successfully dumped framework PhotoCaptureFramework!
ClutchPrint.m : 77 | Child exited with status 0
ClutchPrint.m : 77 | Sucessfully dumped armv7 segment of <PhotoCaptureFramework>
Writing new checksum
ClutchPrint.m : 77 | Done writing checksum
ClutchPrint.m : 77 | done dumping
ClutchPrint.m : 77 | Sucessfully dumped armv7 segment of <LrMobilePhone>
Zipping PhotoCaptureDelegates.framework
Zipping PhotoCaptureFramework.framework
Zipping CameraWidgetPhone.appex
DONE: /private/var/mobile/Documents/Dumped/com.adobe.lrmobilephone-iOS8.1-(Clutch-2.0.4 DEBUG).ipa
Finished dumping com.adobe.lrmobilephone in 36.4 seconds

tried escaping 1\.FM\.\-\-FM, no success. it blindly thinks I asked for the app ordered number when the app name begins with a number.

mailinglists35 commented 4 months ago

duplicate of https://github.com/KJCracks/Clutch/issues/175