Cannot crack app - Githubissues

KJCracks / Clutch

Fast iOS executable dumper

3.71k stars 646 forks source link

Cannot crack app #84

Closed Tatsh closed 9 years ago

Tatsh commented 9 years ago

Using iOS 8.1.1 and Clutch 2.0 PB4. Clutch < 2 could never crack this completely.

# uname -a
Darwin Tatshphone 14.0.0 Darwin Kernel Version 14.0.0: Mon Nov  3 22:27:30 PST 2014; root:xnu-2783.3.22~1/RELEASE_ARM64_T7000 iPhone7,1 arm64 N56AP Darwin
# clutch
Usage: clutch [OPTIONS]
-b --binary-dump <value> Only dump binary files from specified bundleID 
-d --dump <value>        Dump specified bundleID into .ipa file 
-i --print-installed     Print installed applications 
   --clean               Clean /var/tmp/clutch directory 
   --version             Display version and exit 
-? --help                Display this help and exit

Output for American Airlines (com.aa.AmericanAirlines) which has extensions and a WatchKit extension:

[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 130] | <ARM64Dumper: 0x13dfe42c0> cannot dump binary <Binary: 0x13dfd5990, executable: AAToday> with arch armv7
[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 146] | Found compatible dumper <FrameworkDumper: 0x13dfe44a0> for binary <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> with arch armv7
[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 146] | Found compatible dumper <ARMDumper: 0x13f053930> for binary <Binary: 0x13dfd5990, executable: AAToday> with arch armv7
[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 130] | <ARM64Dumper: 0x13dfe5070> cannot dump binary <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> with arch armv7
[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 146] | Found compatible dumper <ARMDumper: 0x13dfe5070> for binary <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> with arch armv7
[0;32mDEBUG[0m | ARMDumper.m:-[ARMDumper dumpBinary] [Line 92] | <ARMDumper: 0x13dfe5070> armv7 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> FOUND __TEXT SEGMENT
[0;32mDEBUG[0m | ARMDumper.m:-[ARMDumper dumpBinary] [Line 82] | <ARMDumper: 0x13dfe5070> armv7 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> FOUND ENCRYPTION INFO: cryptoff 16384 | cryptsize 147456 | cryptid 1
[0;32mDEBUG[0m | ARMDumper.m:-[ARMDumper dumpBinary] [Line 74] | <ARMDumper: 0x13dfe5070> armv7 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> FOUND CODE SIGNATURE: dataoff 216064 | datasize 11696
[0;32mDEBUG[0m | ARMDumper.m:-[ARMDumper dumpBinary] [Line 111] | <ARMDumper: 0x13dfe5070> armv7 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> found all required load commands for <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> armv7
[0;32mDEBUG[0m | ARMDumper.m:-[ARMDumper dumpBinary] [Line 92] | <ARMDumper: 0x13f053930> armv7 <Binary: 0x13dfd5990, executable: AAToday> FOUND __TEXT SEGMENT
[0;32mDEBUG[0m | ARMDumper.m:-[ARMDumper dumpBinary] [Line 82] | <ARMDumper: 0x13f053930> armv7 <Binary: 0x13dfd5990, executable: AAToday> FOUND ENCRYPTION INFO: cryptoff 16384 | cryptsize 16384 | cryptid 1
[0;32mDEBUG[0m | ASLRDisabler.m:+[ASLRDisabler slideForPID:] [Line 51] | Found main binary mach-o image @ 0x7a000!

[0;32mDEBUG[0m | ARMDumper.m:-[ARMDumper dumpBinary] [Line 74] | <ARMDumper: 0x13f053930> armv7 <Binary: 0x13dfd5990, executable: AAToday> FOUND CODE SIGNATURE: dataoff 53792 | datasize 10880
[0;32mDEBUG[0m | ARMDumper.m:-[ARMDumper dumpBinary] [Line 111] | <ARMDumper: 0x13f053930> armv7 <Binary: 0x13dfd5990, executable: AAToday> found all required load commands for <Binary: 0x13dfd5990, executable: AAToday> armv7
[0;32mDEBUG[0m | FrameworkDumper.m:-[FrameworkDumper dumpBinary] [Line 93] | <FrameworkDumper: 0x13dfe44a0> armv7 <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> FOUND __TEXT SEGMENT
[0;32mDEBUG[0m | FrameworkDumper.m:-[FrameworkDumper dumpBinary] [Line 83] | <FrameworkDumper: 0x13dfe44a0> armv7 <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> FOUND ENCRYPTION INFO: cryptoff 16384 | cryptsize 49152 | cryptid 1
[0;32mDEBUG[0m | FrameworkDumper.m:-[FrameworkDumper dumpBinary] [Line 75] | <FrameworkDumper: 0x13dfe44a0> armv7 <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> FOUND CODE SIGNATURE: dataoff 101360 | datasize 10416
[0;32mDEBUG[0m | ASLRDisabler.m:+[ASLRDisabler slideForPID:] [Line 51] | Found main binary mach-o image @ 0xab000!

[0;32mDEBUG[0m | FrameworkDumper.m:-[FrameworkDumper dumpBinary] [Line 170] | <FrameworkDumper: 0x13dfe44a0> armv7 <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> Child pid: 7583
[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 146] | Found compatible dumper <FrameworkDumper: 0x13f06d400> for binary <Binary: 0x13dfd1360, executable: AmericanKit> with arch armv7
[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 146] | Found compatible dumper <ARM64Dumper: 0x13f053930> for binary <Binary: 0x13dfd5990, executable: AAToday> with arch arm64
[0;32mDEBUG[0m | ARM64Dumper.m:-[ARM64Dumper dumpBinary] [Line 89] | <ARM64Dumper: 0x13f053930> arm64 <Binary: 0x13dfd5990, executable: AAToday> FOUND __TEXT SEGMENT
[0;32mDEBUG[0m | ARM64Dumper.m:-[ARM64Dumper dumpBinary] [Line 79] | <ARM64Dumper: 0x13f053930> arm64 <Binary: 0x13dfd5990, executable: AAToday> FOUND ENCRYPTION INFO: cryptoff 16384 | cryptsize 16384 | cryptid 1
[0;32mDEBUG[0m | ARM64Dumper.m:-[ARM64Dumper dumpBinary] [Line 71] | <ARM64Dumper: 0x13f053930> arm64 <Binary: 0x13dfd5990, executable: AAToday> FOUND CODE SIGNATURE: dataoff 53904 | datasize 10880
[0;32mDEBUG[0m | ARM64Dumper.m:-[ARM64Dumper dumpBinary] [Line 108] | <ARM64Dumper: 0x13f053930> arm64 <Binary: 0x13dfd5990, executable: AAToday> found all required load commands for <Binary: 0x13dfd5990, executable: AAToday> arm64
sh: line 0: kill: (7585) - No such process
[0;32mDEBUG[0m | FrameworkDumper.m:-[FrameworkDumper dumpBinary] [Line 93] | <FrameworkDumper: 0x13f06d400> armv7 <Binary: 0x13dfd1360, executable: AmericanKit> FOUND __TEXT SEGMENT
[0;32mDEBUG[0m | FrameworkDumper.m:-[FrameworkDumper dumpBinary] [Line 83] | <FrameworkDumper: 0x13f06d400> armv7 <Binary: 0x13dfd1360, executable: AmericanKit> FOUND ENCRYPTION INFO: cryptoff 16384 | cryptsize 1163264 | cryptid 1
[0;32mDEBUG[0m | FrameworkDumper.m:-[FrameworkDumper dumpBinary] [Line 75] | <FrameworkDumper: 0x13f06d400> armv7 <Binary: 0x13dfd1360, executable: AmericanKit> FOUND CODE SIGNATURE: dataoff 1686848 | datasize 18352
[0;32mDEBUG[0m | FrameworkDumper.m:-[FrameworkDumper dumpBinary] [Line 170] | <FrameworkDumper: 0x13f06d400> armv7 <Binary: 0x13dfd1360, executable: AmericanKit> Child pid: 7587
[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 146] | Found compatible dumper <ARM64Dumper: 0x13dfe5070> for binary <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> with arch arm64
[0;32mDEBUG[0m | ARM64Dumper.m:-[ARM64Dumper dumpBinary] [Line 89] | <ARM64Dumper: 0x13dfe5070> arm64 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> FOUND __TEXT SEGMENT
[0;32mDEBUG[0m | ARM64Dumper.m:-[ARM64Dumper dumpBinary] [Line 79] | <ARM64Dumper: 0x13dfe5070> arm64 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> FOUND ENCRYPTION INFO: cryptoff 16384 | cryptsize 147456 | cryptid 1
[0;32mDEBUG[0m | ARM64Dumper.m:-[ARM64Dumper dumpBinary] [Line 71] | <ARM64Dumper: 0x13dfe5070> arm64 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> FOUND CODE SIGNATURE: dataoff 232608 | datasize 11776
[0;32mDEBUG[0m | ARM64Dumper.m:-[ARM64Dumper dumpBinary] [Line 108] | <ARM64Dumper: 0x13dfe5070> arm64 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> found all required load commands for <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> arm64
[0;32mDEBUG[0m | ASLRDisabler.m:+[ASLRDisabler slideForPID:] [Line 51] | Found main binary mach-o image @ 0x100060000!

[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 130] | <ARM64Dumper: 0x13f0561e0> cannot dump binary <Binary: 0x13dfc89f0, executable: AmericanAirlines> with arch armv7
[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 146] | Found compatible dumper <ARMDumper: 0x13dfe4380> for binary <Binary: 0x13dfc89f0, executable: AmericanAirlines> with arch armv7
[0;32mDEBUG[0m | FrameworkDumper.m:-[FrameworkDumper dumpBinary] [Line 172] | <FrameworkDumper: 0x13dfe44a0> armv7 <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> Child exited with status 0
[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 130] | <FrameworkDumper: 0x13dfe44a0> cannot dump binary <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> with arch arm64
[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 146] | Found compatible dumper <Framework64Dumper: 0x13dfe44a0> for binary <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> with arch arm64
[0;32mDEBUG[0m | Framework64Dumper.m:-[Framework64Dumper dumpBinary] [Line 91] | <Framework64Dumper: 0x13dfe44a0> arm64 <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> FOUND __TEXT SEGMENT
[0;32mDEBUG[0m | Framework64Dumper.m:-[Framework64Dumper dumpBinary] [Line 81] | <Framework64Dumper: 0x13dfe44a0> arm64 <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> FOUND ENCRYPTION INFO: cryptoff 16384 | cryptsize 49152 | cryptid 1
[0;32mDEBUG[0m | Framework64Dumper.m:-[Framework64Dumper dumpBinary] [Line 73] | <Framework64Dumper: 0x13dfe44a0> arm64 <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> FOUND CODE SIGNATURE: dataoff 101936 | datasize 10416
[0;32mDump | [0m <ARMDumper: 0x13f053930> armv7 <Binary: 0x13dfd5990, executable: AAToday> swapping archs
[0;32mDump | [0m <FrameworkDumper: 0x13dfe44a0> armv7 <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> swapping archs
[0;32mDump | [0m <ARMDumper: 0x13dfe5070> armv7 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> swapping archs
[0;32mDump | [0m <ARMDumper: 0x13dfe5070> armv7 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> wrote new header to binary
[0;32mDump | [0m <ARMDumper: 0x13dfe5070> armv7 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> 32bit dumping: arch armv7 offset 16384
[0;32mDump | [0m <ARMDumper: 0x13f053930> armv7 <Binary: 0x13dfd5990, executable: AAToday> wrote new header to binary
[0;32mDump | [0m <ARMDumper: 0x13f053930> armv7 <Binary: 0x13dfd5990, executable: AAToday> 32bit dumping: arch armv7 offset 16384
[0;32mDump | [0m <ARMDumper: 0x13dfe5070> armv7 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> to MH_PIE or not to MH_PIE, that is the question
[0;32mDump | [0m <FrameworkDumper: 0x13dfe44a0> armv7 <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> wrote new header to binary
[0;32mDump | [0m <FrameworkDumper: 0x13dfe44a0> armv7 <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> 32bit dumping: arch armv7 offset 16384
[0;32mDump | [0m <ARMDumper: 0x13dfe5070> armv7 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> ASLR slide: 0x7a000
[0;32mDump | [0m <ARMDumper: 0x13f053930> armv7 <Binary: 0x13dfd5990, executable: AAToday> to MH_PIE or not to MH_PIE, that is the question
[0;32mDump | [0m <ARMDumper: 0x13f053930> armv7 <Binary: 0x13dfd5990, executable: AAToday> ASLR slide: 0xab000
[0;32mDump | [0m <FrameworkDumper: 0x13f06d400> armv7 <Binary: 0x13dfd1360, executable: AmericanKit> swapping archs
Finished dumping binary <Binary: 0x13dfd5990, executable: AAToday> armv7 with result: 1
[0;32mDump | [0m <ARM64Dumper: 0x13f053930> arm64 <Binary: 0x13dfd5990, executable: AAToday> 64bit dumping: arch arm64 offset 81920
[0;32mDump | [0m <ARM64Dumper: 0x13f053930> arm64 <Binary: 0x13dfd5990, executable: AAToday> to MH_PIE or not to MH_PIE, that is the question
[0;32mDump | [0m <ARM64Dumper: 0x13f053930> arm64 <Binary: 0x13dfd5990, executable: AAToday> ERROR: Could not obtain mach port, did you sign with proper entitlements?
Failed to dump binary <Binary: 0x13dfd5990, executable: AAToday> with arch arm64
[0;32mDump | [0m <FrameworkDumper: 0x13f06d400> armv7 <Binary: 0x13dfd1360, executable: AmericanKit> wrote new header to binary
[0;32mDump | [0m <FrameworkDumper: 0x13f06d400> armv7 <Binary: 0x13dfd1360, executable: AmericanKit> 32bit dumping: arch armv7 offset 16384
Finished dumping binary <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> armv7 with result: 1
[0;32mDump | [0m <ARM64Dumper: 0x13dfe5070> arm64 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> 64bit dumping: arch arm64 offset 245760
[0;32mDump | [0m <ARM64Dumper: 0x13dfe5070> arm64 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> to MH_PIE or not to MH_PIE, that is the question
[0;32mDump | [0m <ARM64Dumper: 0x13dfe5070> arm64 <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> ASLR slide: 0x100060000
Finished dumping binary <Binary: 0x13dfd8790, executable: AmericanAirlines WatchKit Extension> arm64 with result: 1
[0;32mDump | [0m <ARMDumper: 0x13dfe4380> armv7 <Binary: 0x13dfc89f0, executable: AmericanAirlines> swapping archs
Finished dumping binary <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> armv7 with result: 1
[0;32mDump | [0m <Framework64Dumper: 0x13dfe44a0> arm64 <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> 64bit dumping: arch arm64 offset 131072
[0;32mDump | [0m <ARMDumper: 0x13dfe4380> armv7 <Binary: 0x13dfc89f0, executable: AmericanAirlines> wrote new header to binary
[0;32mDump | [0m <ARMDumper: 0x13dfe4380> armv7 <Binary: 0x13dfc89f0, executable: AmericanAirlines> 32bit dumpi[0;32mDEBUG[0m | ARMDumper.m:-[ARMDumper dumpBinary] [Line 92] | <ARMDumper: 0x13dfe4380> armv7 <Binary: 0x13dfc89f0, executable: AmericanAirlines> FOUND __TEXT SEGMENT
[0;32mDEBUG[0m | ARMDumper.m:-[ARMDumper dumpBinary] [Line 82] | <ARMDumper: 0x13dfe4380> armv7 <Binary: 0x13dfc89f0, executable: AmericanAirlines> FOUND ENCRYPTION INFO: cryptoff 16384 | cryptsize 9830400 | cryptid 1
[0;32mDEBUG[0m | ARMDumper.m:-[ARMDumper dumpBinary] [Line 74] | <ARMDumper: 0x13dfe4380> armv7 <Binary: 0x13dfc89f0, executable: AmericanAirlines> FOUND CODE SIGNATURE: dataoff 11366416 | datasize 66656
[0;32mDEBUG[0m | ARMDumper.m:-[ARMDumper dumpBinary] [Line 111] | <ARMDumper: 0x13dfe4380> armv7 <Binary: 0x13dfc89f0, executable: AmericanAirlines> found all required load commands for <Binary: 0x13dfc89f0, executable: AmericanAirlines> armv7
[0;32mDEBUG[0m | ASLRDisabler.m:+[ASLRDisabler slideForPID:] [Line 51] | Found main binary mach-o image @ 0xea000!

[0;32mDEBUG[0m | FrameworkDumper.m:-[FrameworkDumper dumpBinary] [Line 172] | <FrameworkDumper: 0x13f06d400> armv7 <Binary: 0x13dfd1360, executable: AmericanKit> Child exited with status 0
[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 130] | <FrameworkDumper: 0x13f1011f0> cannot dump binary <Binary: 0x13dfd1360, executable: AmericanKit> with arch arm64
[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 146] | Found compatible dumper <Framework64Dumper: 0x13f1011f0> for binary <Binary: 0x13dfd1360, executable: AmericanKit> with arch arm64
[0;32mDEBUG[0m | Framework64Dumper.m:-[Framework64Dumper dumpBinary] [Line 91] | <Framework64Dumper: 0x13f1011f0> arm64 <Binary: 0x13dfd1360, executable: AmericanKit> FOUND __TEXT SEGMENT
[0;32mDEBUG[0m | Framework64Dumper.m:-[Framework64Dumper dumpBinary] [Line 81] | <Framework64Dumper: 0x13f1011f0> arm64 <Binary: 0x13dfd1360, executable: AmericanKit> FOUND ENCRYPTION INFO: cryptoff 16384 | cryptsize 1228800 | cryptid 1
[0;32mDEBUG[0m | Framework64Dumper.m:-[Framework64Dumper dumpBinary] [Line 73] | <Framework64Dumper: 0x13f1011f0> arm64 <Binary: 0x13dfd1360, executable: AmericanKit> FOUND CODE SIGNATURE: dataoff 1905424 | datasize 19440
[0;32mDEBUG[0m | BundleDumpOperation.m:-[BundleDumpOperation main] [Line 146] | Found compatible dumper <ARM64Dumper: 0x13f04c950> for binary <Binary: 0x13dfc89f0, executable: AmericanAirlines> with arch arm64
[0;32mDEBUG[0m | ARM64Dumper.m:-[ARM64Dumper dumpBinary] [Line 89] | <ARM64Dumper: 0x13f04c950> arm64 <Binary: 0x13dfc89f0, executable: AmericanAirlines> FOUND __TEXT SEGMENT
[0;32mDEBUG[0m | ARM64Dumper.m:-[ARM64Dumper dumpBinary] [Line 79] | <ARM64Dumper: 0x13f04c950> arm64 <Binary: 0x13dfc89f0, executable: AmericanAirlines> FOUND ENCRYPTION INFO: cryptoff 16384 | cryptsize 10633216 | cryptid 1
[0;32mDEBUG[0m | ARM64Dumper.m:-[ARM64Dumper dumpBinary] [Line 71] | <ARM64Dumper: 0x13f04c950> arm64 <Binary: 0x13dfc89f0, executable: AmericanAirlines> FOUND CODE SIGNATURE: dataoff 12537824 | datasize 72352
[0;32mDEBUG[0m | ARM64Dumper.m:-[ARM64Dumper dumpBinary] [Line 108] | <ARM64Dumper: 0x13f04c950> arm64 <Binary: 0x13dfc89f0, executable: AmericanAirlines> found all required load commands for <Binary: 0x13dfc89f0, executable: AmericanAirlines> arm64
[0;32mDEBUG[0m | ASLRDisabler.m:+[ASLRDisabler slideForPID:] [Line 51] | Found main binary mach-o image @ 0x1000d0000!

[0;32mDEBUG[0m | ZipOperation.m:-[ZipOperation main] [Line 76] | Zipping AmericanKit.framework
[0;32mDEBUG[0m | ZipOperation.m:-[ZipOperation main] [Line 76] | Zipping FPCUtilitiesKit.framework
[0;32mDEBUG[0m | ZipOperation.m:-[ZipOperation main] [Line 76] | Zipping AAToday.appex
[0;32mDEBUG[0m | ZipOperation.m:-[ZipOperation main] [Line 76] | Zipping AmericanAirlines WatchKit Extension.appex
ng: arch armv7 offset 16384
[0;32mDump | [0m <ARMDumper: 0x13dfe4380> armv7 <Binary: 0x13dfc89f0, executable: AmericanAirlines> to MH_PIE or not to MH_PIE, that is the question
[0;32mDump | [0m <ARMDumper: 0x13dfe4380> armv7 <Binary: 0x13dfc89f0, executable: AmericanAirlines> ASLR slide: 0xea000
Finished dumping binary <Binary: 0x13dfd3310, executable: FPCUtilitiesKit> arm64 with result: 1
Finished dumping binary <Binary: 0x13dfd1360, executable: AmericanKit> armv7 with result: 1
[0;32mDump | [0m <Framework64Dumper: 0x13f1011f0> arm64 <Binary: 0x13dfd1360, executable: AmericanKit> 64bit dumping: arch arm64 offset 1736704
Finished dumping binary <Binary: 0x13dfd1360, executable: AmericanKit> arm64 with result: 1
Finished dumping binary <Binary: 0x13dfc89f0, executable: AmericanAirlines> armv7 with result: 1
[0;32mDump | [0m <ARM64Dumper: 0x13f04c950> arm64 <Binary: 0x13dfc89f0, executable: AmericanAirlines> 64bit dumping: arch arm64 offset 11452416
[0;32mDump | [0m <ARM64Dumper: 0x13f04c950> arm64 <Binary: 0x13dfc89f0, executable: AmericanAirlines> to MH_PIE or not to MH_PIE, that is the question
[0;32mDump | [0m <ARM64Dumper: 0x13f04c950> arm64 <Binary: 0x13dfc89f0, executable: AmericanAirlines> ASLR slide: 0x1000d0000
Finished dumping binary <Binary: 0x13dfc89f0, executable: AmericanAirlines> arm64 with result: 1
FAILED: <AmericanAirlines bundleID: com.aa.AmericanAirlines>

eni9889 commented 9 years ago

Same issue here

Tatsh commented 9 years ago

Testing out 2.0 RC right now. Most apps work although some still do not. This may be caused WatchKit or similar since I am not on >= iOS 8.2 (8.1.1 on my iPhone). I will post more logs for failed apps later.

Tatsh commented 9 years ago

Tested all my apps installed. These failed on both iPad (8.1.2) and iPhone (8.1.1):

YouTube 10.11.11546
FedEx Mobile 7.4
BofA 6.2.2 (iPad and iPhone versions)
LastPass 3.1.8
UPS 3.1.0
Twitter 6.26.1 (has not worked since Watch extension was added)
American Airlines 3.12.1 (has not worked since version 3.7.0; has a Today extension and a Watch extension)
credit sesame 2.7.3 (worked at version 2.7.0 with old Clutch)

Tatsh commented 9 years ago

Think you need to watch out on WatchKit extensions. They don't appear to be decrypted at all. I opened one in IDA Pro with ARM set as the architecture (WatchKit applets are ARMv7K), and all I get there is one subroutine and _mh_execute_header(). Yet the app dumped 'successfully'.

Mila432 commented 9 years ago

iPad:~ root# clutch -b jp.Marvelous.Dboku Dump | <ARMDumper: 0x148825f90> armv7 <Binary: 0x148813a60, executable: アイランド> swapping archs Dump | <ARMDumper: 0x148825f90> armv7 <Binary: 0x148813a60, executable: アイランド> wrote new header to binary Dump | <ARMDumper: 0x148825f90> armv7 <Binary: 0x148813a60, executable: アイランド> 32bit dumping: arch armv7 offset 16384 Failed to dump binary <Binary: 0x148813a60, executable: アイランド> with arch armv7 Dump | <ARM64Dumper: 0x146db0520> arm64 <Binary: 0x148813a60, executable: アイランド> 64bit dumping: arch arm64 offset 10436608 Failed to dump binary <Binary: 0x148813a60, executable: アイランド> with arch arm64 Failed to dump binary <Binary: 0x148813a60, executable: アイランド> FAILED: <アイランド bundleID: jp.Marvelous.Dboku> iPad:~ root#

LeoNatan commented 9 years ago

iPhone-5S:/User root# ./Clutch -d com.sap.mcm.release         
Dump |  <ARMDumper: 0x156d3def0> armv7 <Binary: 0x156e13a30, executable: Mobile Docs> swapping archs
Dump |  <ARMDumper: 0x156d3def0> armv7 <Binary: 0x156e13a30, executable: Mobile Docs> wrote new header to binary
Dump |  <ARMDumper: 0x156d3def0> armv7 <Binary: 0x156e13a30, executable: Mobile Docs> 32bit dumping: arch armv7 offset 16384
Dump |  <ARMDumper: 0x156d3def0> armv7 <Binary: 0x156e13a30, executable: Mobile Docs> to MH_PIE or not to MH_PIE, that is the question
Dump |  <ARMDumper: 0x156d3def0> armv7 <Binary: 0x156e13a30, executable: Mobile Docs> ERROR: Could not obtain mach port, did you sign with proper entitlements?
sh: line 0: kill: (1976) - No such process
Killed: 9

Sm4rt commented 9 years ago

Device: iPad mini 3 iOS Version: iOS 8.0, JB TaiG. Clutch Version: Clutch 2.0.RC2. AppName: Asphalt 8 1.9.1 (Latest, May 21,2015).

Issue: iPad:~ root# Clutch -b com.gameloft.asphalt8 Dump | <ARMDumper: 0x1565514e0> armv7 <Binary: 0x15654bb00, executable: watchkitextension> swapping archs Dump | <ARMDumper: 0x1565524d0> armv7 <Binary: 0x15654bac0, executable: todayextension> swapping archs Dump | <ARMDumper: 0x1565514e0> armv7 <Binary: 0x15654bb00, executable: watchkitextension> wrote new header to binary Dump | <ARMDumper: 0x1565514e0> armv7 <Binary: 0x15654bb00, executable: watchkitextension> 32bit dumping: arch armv7 offset 16384 Dump | <ARMDumper: 0x1565514e0> armv7 <Binary: 0x15654bb00, executable: watchkitextension> to MH_PIE or not to MH_PIE, that is the question Dump | <ARMDumper: 0x1565524d0> armv7 <Binary: 0x15654bac0, executable: todayextension> wrote new header to binary Dump | <ARMDumper: 0x1565524d0> armv7 <Binary: 0x15654bac0, executable: todayextension> 32bit dumping: arch armv7 offset 16384 Dump | <ARMDumper: 0x1565524d0> armv7 <Binary: 0x15654bac0, executable: todayextension> to MH_PIE or not to MH_PIE, that is the question Dump | <ARMDumper: 0x1565524d0> armv7 <Binary: 0x15654bac0, executable: todayextension> ASLR slide: 0x32000 Dump | <ARMDumper: 0x1565514e0> armv7 <Binary: 0x15654bb00, executable: watchkitextension> ASLR slide: 0x5c000 Finished dumping binary <Binary: 0x15654bac0, executable: todayextension> armv7 with result: 1 Dump | <ARM64Dumper: 0x1565524d0> arm64 <Binary: 0x15654bac0, executable: todayextension> 64bit dumping: arch arm64 offset 196608 Dump | <ARM64Dumper: 0x1565524d0> arm64 <Binary: 0x15654bac0, executable: todayextension> to MH_PIE or not to MH_PIE, that is the question Finished dumping binary <Binary: 0x15654bb00, executable: watchkitextension> armv7 with result: 1 Dump | <ARM64Dumper: 0x156649ad0> arm64 <Binary: 0x15654bb00, executable: watchkitextension> 64bit dumping: arch arm64 offset 262144 Dump | <ARM64Dumper: 0x156649ad0> arm64 <Binary: 0x15654bb00, executable: watchkitextension> to MH_PIE or not to MH_PIE, that is the question Dump | <ARM64Dumper: 0x1565524d0> arm64 <Binary: 0x15654bac0, executable: todayextension> ASLR slide: 0x10007c000 Dump | <ARM64Dumper: 0x156649ad0> arm64 <Binary: 0x15654bb00, executable: watchkitextension> ASLR slide: 0x1000f0000 Finished dumping binary <Binary: 0x15654bac0, executable: todayextension> arm64 with result: 1 Finished dumping binary <Binary: 0x15654bb00, executable: watchkitextension> arm64 with result: 1 Dump | <ARMDumper: 0x15654fa70> armv7 <Binary: 0x156632240, executable: Asphalt8> swapping archs Dump | <ARMDumper: 0x15654fa70> armv7 <Binary: 0x156632240, executable: Asphalt8> wrote new header to binary Dump | <ARMDumper: 0x15654fa70> armv7 <Binary: 0x156632240, executable: Asphalt8> 32bit dumping: arch armv7 offset 16384 Dump | <ARMDumper: 0x15654fa70> armv7 <Binary: 0x156632240, executable: Asphalt8> to MH_PIE or not to MH_PIE, that is the question Dump | <ARMDumper: 0x15654fa70> armv7 <Binary: 0x156632240, executable: Asphalt8> ERROR: Could not obtain mach port, did you sign with proper entitlements? Killed: 9 iPad:~ root#