Clutch failed to dump


#1

Hey guys I just started to study reverse engineering and I am dumping an app with Clutch and most of app is dumped successfully, just one framework I am getting an error, is there some trick or tip? Any suggesting would be helpful :slightly_smiling_face:, here is the output I got when I tried:

Clutch -d com.ftapps.operadora
2018-02-24 10:29:13.062 Clutch[958:120975] command: Dump specified bundleID into .ipa file
Zipping Operadora.app
Error: Failed to dump <Operadora Watch Extension>

2018-02-24 10:29:13.378 Clutch[958:120996] failed operation :(
2018-02-24 10:29:13.378 Clutch[958:120996] application <NSOperationQueue: 0x1751d9c0>{name = 'NSOperationQueue 0x1751d9c0'}
ASLR slide: 0x4e000
Dumping <Operadora Portabilidade> (armv7)
Patched cryptid (32bit segment)
ASLR slide: 0x52000
Dumping <Operadora Consultar> (armv7)
Patched cryptid (32bit segment)
Writing new checksum
Writing new checksum
ASLR slide: 0xa1000
Dumping <Operadora> (armv7)
Patched cryptid (32bit segment)
2018-02-24 10:29:13.912 clutch[962:121005] command: Only dump binary files from specified bundleID
2018-02-24 10:29:13.920 clutch[962:121005] -[__NSCFString unsignedIntValue]: unrecognized selector sent to instance 0x17d5c850
2018-02-24 10:29:13.925 clutch[962:121005] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[__NSCFString unsignedIntValue]: unrecognized selector sent to instance 0x17d5c850'
*** First throw call stack:
(0x208ff91b 0x2009ae17 0x209052b5 0x20902ee1 0x2082e238 0x42d65 0x204b7873)
libc++abi.dylib: terminating with uncaught exception of type NSException
Error: Failed to dump <OperadoraKit> with arch armv7

2018-02-24 10:29:13.933 Clutch[958:120997] failed operation :(
2018-02-24 10:29:13.935 Clutch[958:120997] application <NSOperationQueue: 0x1751e450>{name = 'NSOperationQueue 0x1751e450'}
Error: Failed to dump <OperadoraKit>

2018-02-24 10:29:13.945 Clutch[958:120997] failed operation :(
2018-02-24 10:29:13.946 Clutch[958:120997] application <NSOperationQueue: 0x1751e450>{name = 'NSOperationQueue 0x1751e450'}
Writing new checksum
Zipping Operadora Watch Extension.appex
Zipping OperadoraKit.framework
Zipping Operadora Consultar.appex
Zipping Operadora Portabilidade.appex
FAILED: <Operadora bundleID: com.ftapps.operadora>
Finished dumping com.ftapps.operadora in 5.1 seconds

#2

You can try frida-ios-dump.


#3

Thank you! I am gonna try it.


#4

It works fine! Thank you!