[ SOLVED ] Classdump Error: Cannot find offset for address XXXXX in stringAtAddress:

babbu · 2018 年1 月 3 日 17:04

Hi everyone,

What I want

I’m trying to dump WhatsApp Messenger app’s headers.
After hours and hours I’m still stuck on this task.

My config:

I’ve tried the following on:

iPhone 5C with iOS 8.2
iPhone 6 with iOS 9.3.2
and my computer is running on MacOS Sierra

What I’ve tried

I’ve tried to decrypt the bundle app using both Clutch2 and dumpdecrypted.
It worked only with Clutch2
After the binary is decrypted it’s impossible for me to get class-dump working.
I always have the same error:

$ ./class-dump WhatsAppClutched-ios8-v3\ 2/Payload/WhatsApp.app/WhatsApp -o ./headers
2018-01-03 17:46:00.994 class-dump[22529:4570161] Error: Cannot find offset for address 0x6800f3c2 in stringAtAddress:
$

Note that I’ve tried to decrypt the binary either by running Clutch -b <bundleId> or Clutch -d <bundleId. Both commands give me an output without error but after that, class-dump does not work at all.

I’m using the latest release of class-dump, I’ve tried to directly use the source code and build it but I have other issues by doing this.

Please, could someone solve my issue OR at least dump up to date headers for me ?

PS: note that it work perfectly when I do this operation with another app like Snapchat for instance…

Bests,

Babbu

Zhang · 2018 年1 月 3 日 17:37

Usually this is caused by swift code embedded with ObjC code.
Try this fork https://github.com/BlueCocoa/class-dump
or use runtime-dump https://github.com/limneos/classdump-dyld

babbu · 2018 年1 月 3 日 19:03

Zhang thanks for your fast answer !

Unfortunately it does not seem to work with the BlueCocoa’s repository too.

What I’ve done:

git clone <path-to-the-repo>
cd repo-dir
xcodebuild clean build

After the build (with success status), I use the file located at repo-dir/build/Release/classdump

Error :

I’ve got the following error

Do I do something wrong ? Thanks for your help !

PS: I did not tested the classdump-dydl yet.

Zhang · 2018 年1 月 3 日 23:07

Then your best bet is runtime dump then. Or someone else might be able to point out their fork is fully working?

AloneMonkey · 2018 年1 月 4 日 02:30

You can try this

github.com

AloneMonkey/MonkeyDev/blob/master/bin/class-dump

Ïúíþ
 H__PAGEZERO¸__TEXTÐÐ__text__TEXT@í@__stubs__TEXT.,.,__stub_helper__TEXT¸.H¸.__gcc_except_tab__TEXT3T3__cstring__TEXTT9×pT9__objc_methname__TEXT+ªÇJ+ª__objc_classname__TEXTòôþòô__objc_methtype__TEXTðùäðù__const__TEXTà
Pà
__unwind_info__TEXT0ô0__eh_frame__TEXT(ØÁ(Ø__DATAÐÐp__nl_symbol_ptr__DATAÐÐl__got__DATAÐèÐn__la_symbol_ptr__DATAøÐ`øÐ__mod_init_func__DATAXÔXÔ	__const__DATA`Ô`Ô__cfstring__DATApØ`NpØ__objc_classlist__DATAÐ&(Ð&__objc_nlclslist__DATAø(ø(__objc_catlist__DATA)@)__objc_protolist__DATA@)0@)__objc_imageinfo__DATAp)p)__objc_const__DATAx)ÀÌx)__objc_selrefs__DATA8ö08ö__objc_protorefs__DATAh
	h
	__objc_classrefs__DATAx
	°x
	__objc_superrefs__DATA(	(	__objc_ivar__DATA0	à0	__objc_data__DATA	à	__data__DATAð/	ð/	__bss__DATA3	ð__common__DATAF	H__LINKEDITP	@	ôó"0@	øøG	O	
Y	X
ðn	-XPppÀ)÷ /usr/lib/dyldòB 3'HÑ>5Î3$

*(àÃ`,/System/Library/Frameworks/Foundation.framework/Versions/C/Foundation8ä/usr/lib/libobjc.A.dylib8ä/usr/lib/libSystem.B.dylibh/System/Library/Frameworks/CoreFoundation.framework/Versions/A/CoreFoundation&Øf	à)¸m	8UHåHì@HEàH}øHuðHuøHÇEøHuàH5½	HuèH5ÂæHÇèxHuøHÇH}øHÇH}ØH÷HuØHEÐèHEÐHøHÃýH5æHÇè,H5mæHÇèHuøH=R	H>H>HÏè1ÒÖHEøH
;	HÈHÇè*HqýH5*æHÇèÒH5æHÇèÃHMøH5	H<1H1è½H<ýH5íåHÇèH5ÖåHÇèHMøH5Ó	H<1H1èH÷üH5°åHÇèXH5åHÇèIHMøH5	H<1H1èCHÊüH5såHÇèHUøH5håHÇèHMøHe	H4HH÷èÿHEøH
R	ÇÿÿÿÿHEøH
@	ÇDHEøH
5	ÆHEøHÇèÅ1ÉÎH}øHEÈèÞHEÈHÄ@]ÃfUHåHì HE°H}ÀHu¸HÇE°HÇHÖè¨HEÀH5»äHÇèSHÇèuHÂH×HEèNHEHø1ÀÁH}ÀH5äHà¾HMHxÿÿÿÿÒHÇè-HM°H5`äHÏHxÿÿÿHpÿÿÿHhÿÿÿÿÒHÇEèHEàHEèHEÐHEàHEØHEÐHMØHMøHEðHEðHMøHEHM H5äHpÿÿÿLELM HÇHhÿÿÿHMèyHÇèHE¨HpÿÿÿHÇèpE1ÒDÖHE¨H}¨AÃAãE¶ÓEÓD]ÏÇEHÇèoéÆEÏÇE1ÀÆHM°HÏèO¾EÏHÄ ]ÃUHåHì@1À¹@ÊLÿÿÿL
F½M	LMøH½hÿÿÿHµ`ÿÿÿLÇÆèMHhÿÿÿH5)ãH×è©HÇèËHÿÿÿHxÿÿÿAºEÐH5ãHÇHÿÿÿètHøHÿÿÿ

This file has been truncated. show original

babbu · 2018 年1 月 4 日 19:59

Thank you, this class-dump binary was definitely my best bet ! It worked like a charm !

babbu · 2018 年1 月 4 日 20:00

Zhang, thank you for your time, the other version of class-dump given by AloneMonkey solved my issue. So I did not tried the runtime dump yet.

Thanks again for your time.

13409795771 · 2018 年1 月 6 日 16:11

I still don’t work , How did you reinstall class-dump ?

13409795771 · 2018 年1 月 6 日 16:11

I still don’t work , How did you reinstall class-dump ? thank you

babbu · 2018 年1 月 6 日 21:15

You don’t really have ton install class dump per say. I’ve just downloaded the class-dump binary at link given by AloneMonkey (here: https://github.com/AloneMonkey/MonkeyDev/blob/master/bin/class-dump).

Then, I’ve juste used it as any other binary.

zhangkn · 2018 年1 月 7 日 04:40

I just tried it, but also successfully dumped a mixture of Mach-O files,3q

wxq491216 · 2019 年1 月 19 日 06:10

尝试用它来获取dyld_shared_cache_arm64中库的头文件，还是会报类似的错误。

Cannot find offset for address 0x1b2595898 in dataOffsetForAddress

babbu · 2019 年7 月 29 日 15:30

I can not read your message since I’m english speaker only, but have you tried to decrypt the App first and dump headers then?