[求助]App在越狱机子上打开就闪退的,怎么砸壳?

技能讨论
42

对了,如果你的应用是刚安装的,可以用 ls -lrt 进行时间排序,最下面的那个就是了。

43

不需要那么麻烦啊,都有越狱手机了,自己写一个获取手机上所有APP及路径的Demo也不难啊。

+ (void)installedApplications {
    Class lsawsc = objc_getClass("LSApplicationWorkspace");
    NSObject* workspace = [lsawsc performSelector:NSSelectorFromString(@"defaultWorkspace")];
    NSArray *apps = [workspace performSelector:NSSelectorFromString(@"allInstalledApplications")];
    Class LSApplicationProxy_class = objc_getClass("LSApplicationProxy");
    for (int i = 0; i < apps.count; i++) {
        NSObject *temp = apps[i];
        if ([temp isKindOfClass:LSApplicationProxy_class]) {
            NSString *appBundleId = [temp performSelector:NSSelectorFromString(@"applicationIdentifier")];
            NSString *appName = [temp performSelector:NSSelectorFromString(@"localizedName")];
            NSString * type = [temp performSelector:NSSelectorFromString(@"applicationType")];
            NSString * shortVersionString = [temp performSelector:NSSelectorFromString(@"shortVersionString")];
            NSString * containerURL = [[temp performSelector:NSSelectorFromString(@"containerURL")] path];
            NSString * resourcesDirectoryURL = [[temp performSelector:NSSelectorFromString(@"resourcesDirectoryURL")] path];
            NSString * bundleExecutable = [temp performSelector:NSSelectorFromString(@"bundleExecutable")];
            NSLog(@"应用类型: %@", type);
            NSLog(@"BundleId: %@", appBundleId);
            NSLog(@"Name: %@", appName);
            NSLog(@"Version: %@", shortVersionString);
            NSLog(@"沙盒路径: %@", containerURL);
            NSLog(@"App包路径: %@", resourcesDirectoryURL);
            NSLog(@"TargetName: %@", bundleExecutable);
            NSLog(@"=============================================");
        }
    }
}
1 个赞
44

棒,哈哈哈,粗暴

45

这个问题找不到解决方案 :rofl:

46

python也升级了,
xia0LLDB也重装了,

依然没救

image
image1126×792 98.7 KB

47

感觉你没挂debugsever。

窗口1:iproxy 1234 1234
窗口2:iproxy 2222 22
窗口3:issh debug -x backboard /var/containers/Bundle/Application/7B8641C3-1C26-493D-8065-CF7259087190/xx.app/xx
窗口4:lldb → dumpdecrypted -X

4个窗口都要保持着。你是不是关掉了窗口3?

48

我试了下,关闭窗口3,就出现跟你一样的错误。所以,你肯定是关闭了窗口3,还是根本没挂成功?
你可以把窗口3执行结果截图给大佬们问问。

49

窗口3没有关掉

窗口1执行命令后一直出去等待状态, 待窗口4lldb后立刻收到响应

image
image1132×242 30.4 KB

下图为窗口3, 执行命令后无需等待直接返回

image
image1340×628 112 KB

50

你的debugserver没挂载上

51

哪里有问题哦?

52

我用爱思助手 看

53

:rofl: :rofl: :rofl: 好有道理。

54

帖子不能沉啊

55

没看出你挂debugserver的问题,但是就是没挂上。这个就要你自己去找下原因。

我这边是这样的:

image
image887×572 64.2 KB

挂debugserver的时候,App开自动打开,并卡在加载页面。

56

我这边确实也自动打开了App.但是窗口3会自动的结束命令, 退出到键入状态, debugserver 我也重签名了

57 
(lldb) dumpdecrypted -X
[*] set breakpoint at CFBundleGetMainBundle
[*] will continue process and dump
[*] start execute dumpdecrypted
[*] delete all breakpoints
[+] use "target list" to get main module:/private/var/containers/Bundle/Application/C0CC7CBA-D8C5-4AE6-B09D-7520449093E0/Smoke.app/Smoke
[+] use "target list" to get main module:/private/var/containers/Bundle/Application/C0CC7CBA-D8C5-4AE6-B09D-7520449093E0/Smoke.app/Smoke
[*] app dir:/var/containers/Bundle/Application/C0CC7CBA-D8C5-4AE6-B09D-7520449093E0/Smoke.app
[*] start to dump...

Traceback (most recent call last):
  File "/Users/jingwan/xia0LLDB/src/dumpdecrypted.py", line 51, in handle_command
    ret = dumpdecrypted(debugger)
  File "/Users/jingwan/xia0LLDB/src/dumpdecrypted.py", line 554, in dumpdecrypted
    entryAddr_int = int(entryAddrStr.strip()[1:-1], 16)
ValueError: invalid literal for int() with base 16: '0x00000001008075a4\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0\\0'
(lldb) 
[1]+  Stopped                 lldb

这个错误该怎么解决

58

everyone draw 这个APP帮砸壳下呗,我从APPstore下载下来了IPA是pre-thinned6386230926043255785.thinned.signed.dpkg.ipa 这个样子的,打不开。