MonkeyDev iOS逆向 某音22.8.0 为啥重签名启动闪退

AwemeCore 的 _awemeMain中的 svc 我已经nop掉了

image1280×800 84.3 KB

具体报错信息

image1144×1646 341 KB

**2022-11-16 18:14:01.561546+0800 Aweme[15921:250675] You've implemented -[<UIApplicationDelegate> application:performFetchWithCompletionHandler:], but you still need to add "fetch" to the list of your supported UIBackgroundModes in your Info.plist.**

**2022-11-16 18:14:01.561630+0800 Aweme[15921:250675] You've implemented -[<UIApplicationDelegate> application:didReceiveRemoteNotification:fetchCompletionHandler:], but you still need to add "remote-notification" to the list of your supported UIBackgroundModes in your Info.plist.**

**2022-11-16 18:14:01.810115+0800 Aweme[15921:250880] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[__NSCFConstantString stringByAppendingString:]: nil argument'**

***** First throw call stack:**

**(0x194bcea48 0x1948f5fa4 0x194e85708 0x1104148a0 0x1081e0fe0 0x1081e0e58 0x1081e0c0c 0x1148aa820 0x11a17ebd8 0x11a1804c8 0x1081e0bb8 0x1082160cc 0x110a43d8c 0x110a3ef9c 0x110a3ef38 0x11a17ebd8 0x11a1804c8 0x10821c6fc 0x110a9c6b0 0x112da3530 0x1081cea8c 0x1081d4208 0x11635b7e8 0x1081dbf8c 0x1081dbe60 0x1081dbd7c 0x1081dbca4 0x1103f5620 0x109d08414 0x1081c8c40 0x109d07fe4 0x194f933a0 0x194e9d0c8 0x194f95628 0x194e9cd60 0x194f96020 0x194f95aec 0x11a17d7fc 0x11a17ebd8 0x11a1817dc 0x11a180c5c 0x11a190160 0x11a190a88 0x1948eab48 0x1948ed760)**

**libc++abi.dylib: terminating with uncaught exception of type NSException**

*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '*** -[__NSCFConstantString stringByAppendingString:]: nil argument'

bt

(lldb) bt
* thread #3, queue = 'NSOperationQueue 0x11a6302d0 (QOS: USER_INTERACTIVE)', stop reason = signal SIGABRT
  * frame #0: 0x00000001949c5ec4 libsystem_kernel.dylib`__pthread_kill + 8
    frame #1: 0x00000001948e11d8 libsystem_pthread.dylib`pthread_kill$VARIANT$mp + 136
    frame #2: 0x0000000194835844 libsystem_c.dylib`abort + 100
    frame #3: 0x000000019498e7d4 libc++abi.dylib`abort_message + 128
    frame #4: 0x000000019498e9c4 libc++abi.dylib`demangling_terminate_handler() + 296
    frame #5: 0x00000001948f6258 libobjc.A.dylib`_objc_terminate() + 124
    frame #6: 0x000000019499b304 libc++abi.dylib`std::__terminate(void (*)()) + 16
    frame #7: 0x000000019499b29c libc++abi.dylib`std::terminate() + 44
    frame #8: 0x00000001948f61dc libobjc.A.dylib`objc_terminate + 12
    frame #9: 0x000000011a17ebec libdispatch.dylib`_dispatch_client_callout + 36
    frame #10: 0x000000011a1804c8 libdispatch.dylib`_dispatch_once_callout + 84
    frame #11: 0x00000001081e0bb8 AwemeCore`___lldb_unnamed_symbol7897 + 60
    frame #12: 0x00000001082160cc AwemeCore`___lldb_unnamed_symbol9648 + 24
    frame #13: 0x0000000110a43d8c AwemeCore`___lldb_unnamed_symbol1308679 + 64
    frame #14: 0x0000000110a3ef9c AwemeCore`___lldb_unnamed_symbol1308629 + 76
    frame #15: 0x0000000110a3ef38 AwemeCore`___lldb_unnamed_symbol1308628 + 32
    frame #16: 0x000000011a17ebd8 libdispatch.dylib`_dispatch_client_callout + 16
    frame #17: 0x000000011a1804c8 libdispatch.dylib`_dispatch_once_callout + 84
    frame #18: 0x000000010821c6fc AwemeCore`___lldb_unnamed_symbol9878 + 60
    frame #19: 0x0000000110a9c6b0 AwemeCore`___lldb_unnamed_symbol1312477 + 48
    frame #20: 0x0000000112da3530 AwemeCore`___lldb_unnamed_symbol1704461 + 112
    frame #21: 0x00000001081cea8c AwemeCore`___lldb_unnamed_symbol7422 + 324
    frame #22: 0x00000001081d4208 AwemeCore`___lldb_unnamed_symbol7562 + 212
    frame #23: 0x000000011635b7e8 AwemeCore`hts_get_protocol + 108
    frame #24: 0x00000001081dbf8c AwemeCore`___lldb_unnamed_symbol7787 + 24
    frame #25: 0x00000001081dbe60 AwemeCore`___lldb_unnamed_symbol7785 + 92
    frame #26: 0x00000001081dbd7c AwemeCore`___lldb_unnamed_symbol7784 + 100
    frame #27: 0x00000001081dbca4 AwemeCore`___lldb_unnamed_symbol7782 + 200
    frame #28: 0x00000001103f5620 AwemeCore`___lldb_unnamed_symbol1229206 + 64
    frame #29: 0x0000000109d08414 AwemeCore`___lldb_unnamed_symbol220699 + 296
    frame #30: 0x00000001081c8c40 AwemeCore`___lldb_unnamed_symbol7198 + 256
    frame #31: 0x0000000109d07fe4 AwemeCore`___lldb_unnamed_symbol220643 + 40
    frame #32: 0x0000000194f933a0 Foundation`__NSBLOCKOPERATION_IS_CALLING_OUT_TO_A_BLOCK__ + 16
    frame #33: 0x0000000194e9d0c8 Foundation`-[NSBlockOperation main] + 100
    frame #34: 0x0000000194f95628 Foundation`__NSOPERATION_IS_INVOKING_MAIN__ + 20
    frame #35: 0x0000000194e9cd60 Foundation`-[NSOperation start] + 732
    frame #36: 0x0000000194f96020 Foundation`__NSOPERATIONQUEUE_IS_STARTING_AN_OPERATION__ + 20
    frame #37: 0x0000000194f95aec Foundation`__NSOQSchedule_f + 180
    frame #38: 0x000000011a17d7fc libdispatch.dylib`_dispatch_call_block_and_release + 24
    frame #39: 0x000000011a17ebd8 libdispatch.dylib`_dispatch_client_callout + 16
    frame #40: 0x000000011a1817dc libdispatch.dylib`_dispatch_continuation_pop + 524
    frame #41: 0x000000011a180c5c libdispatch.dylib`_dispatch_async_redirect_invoke + 624
    frame #42: 0x000000011a190160 libdispatch.dylib`_dispatch_root_queue_drain + 376
    frame #43: 0x000000011a190a88 libdispatch.dylib`_dispatch_worker_thread2 + 156
    frame #44: 0x00000001948eab48 libsystem_pthread.dylib`_pthread_wqthread + 212

Xcode Settings

image1286×648 106 KB

image1490×724 64.1 KB

请问有大佬遇见类似的问题吗?

重签名校验不是做在这里的吧

那个nop svc 0x80吗? 那个是反调试的 重签名校验怎么去

你好，请问你是如何定位到svc的位置呢，有什么方法没