最近在重签一个APP后,遇到的奇怪提示。

重签的是TG这个app,用xcode脚本重签,结果一运行就黑屏,xcode下提示。有没有朋友有签重TG的经验,可否分享一下?
2022-01-08 12:52:39.446259+0800 *****[47037:5211074] [Warning] Trying to set delaysTouchesBegan to NO on a system gate gesture recognizer - this is unsupported and will have undesired side effects

2022-01-08 12:52:39.452006+0800 *****[47037:5211074] [unspecified] container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled

Architecture: arm64

Embedded signature, length: 4864

2022-01-08 12:52:39.457749+0800 *****[47037:5211074] [Presentation] Attempt to present <UIAlertController: 0x11e816a00> on <_TtC7DisplayP33_83BFFE1175986BF91B85BE8424379B0424WindowRootViewController: 0x11dd07830> (from <_TtC7DisplayP33_83BFFE1175986BF91B85BE8424379B0424WindowRootViewController: 0x11dd07830>) whose view is not in the window hierarchy.

用ios APP singer单独签,签出来的也是黑屏。倒是不闪退。群里的老铁们说这个是开源的。不会加什么签名验证之类的吧

1 个赞

#import <CaptainHook/CaptainHook.h>

/* fix blank screen */
CHDeclareClass(NSFileManager);
CHOptimizedMethod1(self, NSURL *, NSFileManager, containerURLForSecurityApplicationGroupIdentifier, NSString *, groupIdentifier) {
NSString *sandboxDocumentsPath = [NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES) objectAtIndex:0];
[self createDirectoryAtPath:[sandboxDocumentsPath stringByAppendingPathComponent:@“OrigAppGroup”] withIntermediateDirectories:YES attributes:nil error:nil];
return [NSURL fileURLWithPath:[NSString stringWithFormat:@"%@/OrigAppGroup", sandboxDocumentsPath]];
}

/* fix “The application is missing required entitlement com.apple.developer.icloud-services” */
CHDeclareClass(CKContainer);
CHOptimizedMethod1(self, id, CKContainer, _initWithContainerIdentifier, id, arg1){
return nil;
}

CHConstructor {
@autoreleasepool {
CHLoadLateClass(CKContainer);
CHHook(1, CKContainer, _initWithContainerIdentifier);

CHLoadLateClass(NSFileManager);
CHHook(1, NSFileManager, containerURLForSecurityApplicationGroupIdentifier);

}
}

2 个赞

你的描述文件没有加AppGroup

感谢老铁!666

大佬,查了下记录,您居然回复了我两条提问,谢谢!可否加您个联系方式?

我也碰到了同样的问题,跪求大佬联系方式,重金感谢

app group重签后需要修改,全局唯一,不能用别人的ID。app代码也要相应的修改使用新的ID。

我也是最近才刚明白,关于container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled 的错误的根源以及如何解决的。

container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled

  • 错误原因:没有app group的访问权限 -》导致app代码调用
NSFileManager 的
- (NSURL *)containerURLForSecurityApplicationGroupIdentifier:(NSString *)groupIdentifier

返回null=空,导致报此错误。

  • 解决办法:

2种:

  • 用代码hook掉containerURLForSecurityApplicationGroupIdentifier
    • 返回一个假的路径,或类似真实的路径
  • 给app加app group的权限entitlement
    • 对应着 client is not entitled 就是指的是这个:client=客户端=当前app,not entitled=没有entitlement=没有权限

具体操作:

用代码hook掉containerURLForSecurityApplicationGroupIdentifier

我之前的iOSOpenDev的代码,供参考:

%hook NSFileManager

- (NSURL *)containerURLForSecurityApplicationGroupIdentifier:(NSString *)groupIdentifier{
// method 1: just return a fake name
//    NSString* appGroupName = @"OrigAppGroup";
//    NSString* appGroupName = @"group.com.xxx.yyy.zzz";
//    NSArray *pathList = NSSearchPathForDirectoriesInDomains(NSDocumentDirectory, NSUserDomainMask, YES);
//    NSString *sandboxDocPath = [pathList objectAtIndex:0];
//    NSString *AppGroupPathRoot = sandboxDocPath;

    // method 2: try use real app group path
    NSString* appGroupName = @"0A849C8E-757E-4C18-BE18-385EAD73C8B1"; // got by hook real app
    NSString* AppGroupPathRoot = @"/private/var/mobile/Containers/Shared/AppGroup/";

    NSString* fullAppGroupPath = [AppGroupPathRoot stringByAppendingPathComponent: appGroupName];
    [self createDirectoryAtPath:fullAppGroupPath withIntermediateDirectories:YES attributes:nil error:nil];
    NSURL* hookedAppGroupUrl = [NSURL fileURLWithPath:fullAppGroupPath];
    iosLogInfo("groupIdentifier=%@, AppGroupPathRoot=%@, appGroupName=%@, fullAppGroupPath=%@ -> hookedAppGroupUrl=%@", groupIdentifier, AppGroupPathRoot, appGroupName, fullAppGroupPath, hookedAppGroupUrl);
    // file:///private/var/mobile/Containers/Shared/AppGroup/0A849C8E-757E-4C18-BE18-385EAD73C8B1/
    return hookedAppGroupUrl;
}

%end

给app加app group的权限entitlement

核心步骤:
Xcode-》Signing&Capabilities-》+Capability -》 App Group

-》输入对应的:group.xxx.xxx.xxx

其中 xxx.xxx.xxx 是原始app的包名bundle id

-》如果原始包名对应的group名:group.xxx.xxx.xxx,无法使用(Apple内部会连到开发者中心,去同步和确认,由于和别人已有的app的包名重复,可能会导致无法使用),则改为自己的包名即可。

如此,codesign+entitlement出来的app,就有了App Group,后续containerURLForSecurityApplicationGroupIdentifier即可正常返回内容,不会报错了。

1 个赞

大佬,我刚学习逆向,也遇到了这个问题,想请教一下答案的那段代码需要通过什么方式执行?

解决方案中的代码,放到你的代码中,就可以了。两年前的问题了,记不清了

好的,我再研究一下,感谢!

你好,最近在使用企业证书重签名app的时候,遇到了一个问题。mobileprovision文件带了app group,但是被签名的app没有group功能,也没有内置entitlements,重签名后使用蒲公英安装提示无法验证完整性,想问下跟这个mobileprovision勾选了app group有关系吗?