引子
工欲善其事,必先利其器
由于 sariku 和 coolstar 的那档子事,cycript在ios11用不了,所以我就搜了个bfinject (是个fork, master的那个oudated了)
运行 bash bfinject -P Reddit -L cycript
之后, cycript终于可以运行了
问题
在GitHub link中可以看到如下:
Note: bfinject does not work on Electra if “Tweaks” is enabled. Reboot and re-run Electra without tweaks in order to use bfinject. If you see errors with “thread_create”, this is the problem.
而事实上运行相同命令会导致如下的 output/error:
iPad:~/bfinject_ root# bash bfinject -P Reddit -L test
[+] Electra detected.
[+] Injecting into '/var/containers/Bundle/Application/9A7E97E6-31A7-4D69-8D93- 15371F5DAD99/Tabs.app/Tabs'
[+] Getting Team ID from target application...
[+] Thinning dylib into non-fat arm64 image
[+] Signing injectable .dylib with Team ID 8Z842TTS95 and platform entitlements...
[bfinject4realz] Calling task_for_pid() for PID 3881.
[bfinject4realz] Calling thread_create() on PID 3881
[bfinject4realz] ERROR: thread_create() returned 4
[bfinject4realz] Failed to create thread in remote process.
This most likely is caused by "Tweaks" being enabled in Electra.
Please try rebooting and re-jailbreaking with "Tweaks" disabled.
[+] So long and thanks for all the fish.
所以就想问下
- 为什么在 Tweaks enabled 的时候 thread_create() 会失败
- Electra 的 Tweaks toggle 到底 toggle 了啥
#update-1
在thread creation issue 中 这位GitHub user提供了许多信息@stek29, 以下是从他的comment抄过来的
stek29 commented on 27 Jan
@Sacmunraga I’m just trying to say that the only reason it didn’t work is because of TF_PLATFORM flag being set on apps you were trying to inject into. You should contact jailbreakd to let it set your TF_PLATFORM too.
从中可以简单明了地看出 TF_PLATFORM 是问题的来源 【如果你没看出来的话 this the right forum for you to be in