LLVM Profile Error: "default.profraw"


#22

按照上面的做了吗?


#23

No entries for “@executable_path/qqauthlogin.dylib” exist to remove

换成自己的路径后没搜到


#24

你是这个IPA吗?


#25

在您的 有链接为证 44逆向直播盒子MT·Box-iOS客户端 这个链接的帖子中下载的ipa 报了default.profraw 的错误 搜索来到了这个帖子下


#26

总结下 报这个错是因为代码调用了 exit(0) [个人猜测]

  • 下面的代码是我让你们移除的dylib里面看到的
void __cdecl -[CCZAuth gotoAuth:](CCZAuth *self, SEL a2, id a3)
{
  __int64 v3; // ST20_8
  __int64 v4; // ST10_8
  void *v5; // [xsp+30h] [xbp-20h]
  __int64 v6; // [xsp+38h] [xbp-18h]
  SEL v7; // [xsp+40h] [xbp-10h]
  CCZAuth *v8; // [xsp+48h] [xbp-8h]

  v8 = self;
  v7 = a2;
  v6 = 0LL;
  objc_storeStrong(&v6, a3);
  objc_msgSend(
    &OBJC_CLASS___NSString,
    "stringWithFormat:",
    CFSTR("%@"),
    CFSTR("http://cloud.bmob.cn/d97e4b57e793c4e7/checkStatus?"));
  v3 = objc_retainAutoreleasedReturnValue();
  objc_msgSend(&OBJC_CLASS___NSMutableString, "stringWithString:", v3);
  v5 = (void *)objc_retainAutoreleasedReturnValue();
  objc_release(v3);
  objc_msgSend(&OBJC_CLASS___NSString, "stringWithFormat:", CFSTR("bundleID=%@"), v6);
  v4 = objc_retainAutoreleasedReturnValue();
  objc_msgSend(v5, "appendString:", v4);
  objc_release(v4);
  -[CCZAuth baseNetworkRequestURL:completeBlock:](
    v8,
    "baseNetworkRequestURL:completeBlock:",
    v5,
    &__block_literal_global_54);
  objc_storeStrong(&v5, 0LL);
  objc_storeStrong(&v6, 0LL);
}
  • 下面的代码是上面的网络请求的block回调
void ___20-[CCZAuth gotoAuth:]_block_invoke(void * _block, struct NSData * arg1, struct NSURLResponse * arg2, struct NSError * arg3) {
    *((r31 - 0x80) + 0x70) = r29;
    *((r31 - 0x80) + 0x78) = r30;
    r29 = (r31 - 0x80) + 0x70;
    *(r29 + 0xfffffffffffffff8) = _block;
    *(r29 + 0xfffffffffffffff0) = zero_extend_64(0x0);
    *((r31 - 0x80) + 0x10) = _block;
    *((r31 - 0x80) + 0x8) = arg2;
    r31 = arg3;
    objc_storeStrong(r29 - 0x10, arg1);
    *(r29 + 0xffffffffffffffe8) = zero_extend_64(0x0);
    objc_storeStrong(r29 - 0x18, *(r31 + 0x8));
    *(r29 + 0xffffffffffffffe0) = zero_extend_64(0x0);
    objc_storeStrong(r29 - 0x20, r31);
    *(r29 + 0xffffffffffffffd8) = *(r31 + 0x10);
    *(r29 + 0xffffffffffffffd0) = [*(r29 + 0xffffffffffffffe8) retain];
    *(r31 + 0x38) = [*(r29 + 0xffffffffffffffd0) statusCode];
    if (((*(r29 + 0xffffffffffffffe0) == 0x0) && (*(r31 + 0x38) == 0xc8)) && ([*(r29 + 0xfffffffffffffff0) length] != 0x0)) {
            *(r31 + 0x30) = [[0x88b0 alloc] initWithData:*(r29 + 0xfffffffffffffff0) encoding:r31 | 0x4];
            if ((*(r31 + 0x30) != 0x0) && ([*(r31 + 0x30) length] != 0x0)) {
                    *(r31 + 0x28) = [[0x88b8 alloc] init];
                    r0 = *(r31 + 0x28);
                    objc_msgSend(r0, 0x8000 + "/Library/MobileSubstrate/DynamicLibraries/qqauthlogin.dylib");
                    r29 = r29;
                    *(r31 + 0x20) = [[*(r31 + 0x28) dateFromString:*(r31 + 0x30)] retain];
                    [*(r31 + 0x20) timeIntervalSinceNow];
                    s1 = 0x3ff0000000000000;
                    asm{ fcvt       s2, d0 };
                    *(r31 + 0x1c) = s2;
                    if (*(r31 + 0x1c) > s1) {
                            objc_storeStrong(r31 + 0x20, zero_extend_64(0x0));
                            objc_storeStrong(r31 + 0x28, zero_extend_64(0x0));
                            objc_storeStrong(r31 + 0x30, zero_extend_64(0x0));
                            objc_storeStrong(r29 - 0x30, zero_extend_64(0x0));
                            objc_storeStrong(r29 - 0x20, zero_extend_64(0x0));
                            objc_storeStrong(r29 - 0x18, zero_extend_64(0x0));
                            objc_storeStrong(r29 - 0x10, zero_extend_64(0x0));
                    }
                    else {
                            exit(zero_extend_64(0x0));
                    }
            }
            else {
                    exit(zero_extend_64(0x0));
            }
    }
    else {
            exit(zero_extend_64(0x0));
    }
    return;
}

  • 从代码里大概可以看出 原作者为了防止别人重签他的App,在登陆的时候做了一下网络请求检测http://cloud.bmob.cn/d97e4b57e793c4e7/checkStatus?,参数是APP的bundleID.

  • 如果Bundleid不对name就会强制退出,报错日志:
    LLVM Profile Error: “default.profraw”

  • 有的人可能就要问了Bundleid和原来一样也是这个
    LLVM Profile Error: “default.profraw”报错日志怎么回事?

  • 相信聪明的读者应该点了下上面那个链接,网址已经失效了,所以即使你是正确的Bundleid也会强制退出,进而报上面的错误日志

  • 所以我给出了最终的解决方案,那就是移除qqauthlogin.dylib

  • 移除方法 /opt/optool uninstall -p “@executable_path/qqauthlogin.dylib” -t /Users/wangleilei03/Desktop/Demo/Demo/TargetApp/xianyu.app/JuZhibo

最后说下 default.profraw 其实是iOS / 目录下的一个文件


iPhone:~ root# ls
Application\ Support/  Media/              WeChat.decrypted
Containers/            MonkeyDevBuilds/    dumpdecrypted.dylib*
Documents/             MonkeyDevPackages/
Library/               QQ.decrypted
iPhone:~ root# cd /
iPhone:/ root# ls
Applications/                                          cores/
Developer/                                             default.profraw
Library/                                               dev/
System/                                                etc@
User@                                                  lib/
bin/                                                   mnt/
boot/                                                  private/


#28

发下你的移除命令和报错日志.


#29

bogon:~ niegang$ /opt/optool uninstall -p “@executable_path/qqauthlogin.dylib” -t /Users/niegang/Desktop/MonkeyLive/MonkeyLive/TargetApp/xianyu.app/JuZhibo
Found FAT Header
Found thin header…
Found thin header…
No entries for “@executable_path/qqauthlogin.dylib” exist to remove
bogon:~ niegang$


#30

不好意思 刚出去有点事情


#31

:man_facepalming:Hell no


#32

你的标点符号和我的不一样


#33

果然是这样 已经解决了 之前直接粘贴的 却是中文引号 感谢指出