APP砸壳后安装闪退?

需求: 新人商店下来APP使用dumpdecrypted砸壳后打包签名安装闪退如何解决?
**日志:
Incident Identifier: 0414FAE5-A2DB-4216-BCA6-6D12335D558D
CrashReporter Key: 98e79c6fc9f3a2ef9d9ae4c955ce8ecdd5c749ba
Hardware Model: iPhone6,2
Process: talkmeim [4363]
Path: /private/var/containers/Bundle/Application/FA2A4B96-A036-4412-A1AB-409021E31CF6/demo.app/talkmeim
Identifier: com.onewapp.demo
Version: 6444 (6.4.4)
AppStoreTools: 13C90b
Code Type: ARM-64 (Native)
Role: Non UI
Parent Process: launchd [1]
Coalition: com.cpca.demo [5498]

Date/Time: 2022-03-08 23:38:44.6261 +0800
Launch Time: 2022-03-08 23:38:43.0057 +0800
OS Version: iPhone OS 12.5.5 (16H62)
Baseband Version: 10.80.02
Report Version: 104Exception Type: EXC_BREAKPOINT (SIGTRAP)
Exception Codes: 0x0000000000000001, 0x0000000100d3b20c
Termination Signal: Trace/BPT trap: 5
Termination Reason: Namespace SIGNAL, Code 0x5
Terminating Process: exc handler [4363]
Triggered by Thread: 0

Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 talkmeim 0x0000000100d3b20c 0x100c74000 + 815628
1 talkmeim 0x0000000100d39bf4 0x100c74000 + 809972
2 talkmeim 0x0000000100e62484 0x100c74000 + 2024580
3 talkmeim 0x0000000100e623d8 0x100c74000 + 2024408
4 talkmeim 0x0000000100e62300 0x100c74000 + 2024192
5 libdispatch.dylib 0x000000018f6e17d4 _dispatch_client_callout + 16
6 libdispatch.dylib 0x000000018f684eb8 _dispatch_once_callout + 28
7 libswiftCore.dylib 0x00000001bd8a8e40 swift_once + 40
8 talkmeim 0x0000000100e622f0 0x100c74000 + 2024176
9 talkmeim 0x0000000100c7e9f8 0x100c74000 + 43512
10 talkmeim 0x0000000100cde268 0x100c74000 + 434792
11 UIKitCore 0x00000001bc4b90f0 -[UIApplication _handleDelegateCallbacksWithOptions:isSuspended:restoreState:] + 412
12 UIKitCore 0x00000001bc4ba854 -[UIApplication _callInitializationDelegatesForMainScene:transitionContext:] + 3352
13 UIKitCore 0x00000001bc4bffe0 -[UIApplication _runWithMainScene:transitionContext:completion:] + 1540
14 UIKitCore 0x00000001bbd832a4 __111-[__UICanvasLifecycleMonitor_Compatability _scheduleFirstCommitForScene:transition:firstActivation:completion:]_block_invoke + 776
15 UIKitCore 0x00000001bbd8b83c +[_UICanvas _enqueuePostSettingUpdateTransactionBlock:] + 160
16 UIKitCore 0x00000001bbd82f28 -[__UICanvasLifecycleMonitor_Compatability _scheduleFirstCommitForScene:transition:firstActivation:completion:] + 236
17 UIKitCore 0x00000001bbd83818 -[__UICanvasLifecycleMonitor_Compatability activateEventsOnly:withContext:completion:] + 1064
18 UIKitCore 0x00000001bbd81b64 __82-[_UIApplicationCanvas _transitionLifecycleStateWithTransitionContext:completion:]_block_invoke + 744
19 UIKitCore 0x00000001bbd8182c -[_UIApplicationCanvas _transitionLifecycleStateWithTransitionContext:completion:] + 428
20 UIKitCore 0x00000001bbd8636c __125-[_UICanvasLifecycleSettingsDiffAction performActionsForCanvas:withUpdatedScene:settingsDiff:fromSettings:transitionContext:]_block_invoke + 220
21 UIKitCore 0x00000001bbd87150 _performActionsWithDelayForTransitionContext + 112
22 UIKitCore 0x00000001bbd86224 -[_UICanvasLifecycleSettingsDiffAction performActionsForCanvas:withUpdatedScene:settingsDiff:fromSettings:transitionContext:] + 244
23 UIKitCore 0x00000001bbd8af24 -[_UICanvas scene:didUpdateWithDiff:transitionContext:completion:] + 360
24 UIKitCore 0x00000001bc4be5e8 -[UIApplication workspace:didCreateScene:withTransitionContext:completion:] + 540
25 UIKitCore 0x00000001bc0bae04 -[UIApplicationSceneClientAgent scene:didInitializeWithEvent:completion:] + 360
26 FrontBoardServices 0x00000001926209fc -[FBSSceneImpl _didCreateWithTransitionContext:completion:] + 440
27 FrontBoardServices 0x000000019262a40c __56-[FBSWorkspace client:handleCreateScene:withCompletion:]_block_invoke_2 + 256
28 FrontBoardServices 0x0000000192629c14 __40-[FBSWorkspace _performDelegateCallOut:]_block_invoke + 64
29 libdispatch.dylib 0x000000018f6e17d4 _dispatch_client_callout + 16
30 libdispatch.dylib 0x000000018f6865dc _dispatch_block_invoke_direct$VARIANT$mp + 224
31 FrontBoardServices 0x000000019265b040 FBSSERIALQUEUE_IS_CALLING_OUT_TO_A_BLOCK + 40
32 FrontBoardServices 0x000000019265acdc -[FBSSerialQueue _performNext] + 408
33 FrontBoardServices 0x000000019265b294 -[FBSSerialQueue _performNextFromRunLoopSource] + 52
34 CoreFoundation 0x000000018fc34f1c CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE0_PERFORM_FUNCTION + 24
35 CoreFoundation 0x000000018fc34e9c __CFRunLoopDoSource0 + 88
36 CoreFoundation 0x000000018fc34784 __CFRunLoopDoSources0 + 176
37 CoreFoundation 0x000000018fc2f6c0 __CFRunLoopRun + 1004
38 CoreFoundation 0x000000018fc2efb4 CFRunLoopRunSpecific + 436
39 GraphicsServices 0x0000000191e3179c GSEventRunModal + 104
40 UIKitCore 0x00000001bc4c1c38 UIApplicationMain + 212
41 talkmeim 0x0000000100d10694 0x100c74000 + 640660
42 libdyld.dylib 0x000000018f6f28e0 start + 4

Thread 1:
0 libsystem_pthread.dylib 0x000000018f8c4cd0 start_wqthread + 0

Thread 2:
0 libsystem_pthread.dylib 0x000000018f8c4cd0 start_wqthread + 0

Thread 3 name: JavaScriptCore bmalloc scavenger
Thread 3:
0 libsystem_kernel.dylib 0x000000018f83eee4 __psynch_cvwait + 8
1 libsystem_pthread.dylib 0x000000018f8b9cf8 _pthread_cond_wait$VARIANT$mp + 636
2 libc++.1.dylib 0x000000018ee15090 std::__1::condition_variable::wait+ 32912 (std::__1::unique_lockstd::__1::mutex&) + 24
3 JavaScriptCore 0x0000000196ecbaa0 void std::__1::condition_variable_any::wait<std::__1::unique_lockbmalloc::Mutex >+ 567968 (std::__1::unique_lockbmalloc::Mutex&) + 108
4 JavaScriptCore 0x0000000196ecfa94 bmalloc::Scavenger::threadRunLoop+ 584340 () + 176
5 JavaScriptCore 0x0000000196ecf20c bmalloc::Scavenger::Scavenger+ 582156 (std::__1::lock_guardbmalloc::Mutex&) + 0
6 JavaScriptCore 0x0000000196ed0c4c std::__1::__thread_specific_ptrstd::__1::__thread_struct::set_pointer+ 588876 (std::__1::__thread_struct*) + 0
7 libsystem_pthread.dylib 0x000000018f8c12c0 _pthread_body + 128
8 libsystem_pthread.dylib 0x000000018f8c1220 _pthread_start + 44
9 libsystem_pthread.dylib 0x000000018f8c4cdc thread_start + 4

Thread 4 name: WebThread
Thread 4:
0 libsystem_kernel.dylib 0x000000018f8340f4 mach_msg_trap + 8
1 libsystem_kernel.dylib 0x000000018f8335a0 mach_msg + 72
2 CoreFoundation 0x000000018fc34914 __CFRunLoopServiceMachPort + 236
3 CoreFoundation 0x000000018fc2f824 __CFRunLoopRun + 1360
4 CoreFoundation 0x000000018fc2efb4 CFRunLoopRunSpecific + 436
5 WebCore 0x000000019892b5c0 RunWebThread+ 3876288 (void*) + 600
6 libsystem_pthread.dylib 0x000000018f8c12c0 _pthread_body + 128
7 libsystem_pthread.dylib 0x000000018f8c1220 _pthread_start + 44
8 libsystem_pthread.dylib 0x000000018f8c4cdc thread_start + 4

Thread 5:
0 libsystem_pthread.dylib 0x000000018f8c4cd0 start_wqthread + 0

操作步骤: 二进制文件动态库都已经砸壳解密 打包签名运行闪退
请问各位大佬解决思路

0 talkmeim 0x0000000100d3b20c 0x100c74000 + 815628

Hopper或者IDA静态分析,进去看看

dispatch_once 盲猜初始化apns或者appgroup炸了

appgroup 问题

1 个赞

group共享数据的问题, 在以下代码崩溃

[[NSFileManager defaultManager] containerURLForSecurityApplicationGroupIdentifier:@"groupid"];

崩溃是由于重签名了,没有更改原有的groupIdentifier , 方法返回nil。

解决方法:hook 上面的方法,传入你重新设置的group identifier 。
参考以下链接
https://www.jianshu.com/p/72d1b39c6b62

我使用monkeyDev 解决了这个问题