环境:iphone 5s, ios 8.1, optool, codesign, xcode 9, ios-deploy
练习文章来源:
codesign指令如下:
/usr/bin/codesign --force --sign SDKLFJ4909543J34L3KL4J529455FJD03J3KL4J5L3 FridaGadget.dylib
/usr/bin/codesign --force --sign SDKLFJ4909543J34L3KL4J529455FJD03J3KL4J5L3 --entitlements entitlements.plist UnCrackable\ Level\ 1
insert optool指令是如下:
~/Projects/optool/build/Release/optool install -c load -p “FridaGadget.dylib” -t UnCrackable\ Level\ 1
安装指令如下:
ios-deploy --debug --bundle …/UnCrackable\ Level\ 1.app
问题:按照群裡一篇教学文章的原连结文章,做了重签名的练习,但是在执行ios-deploy指令安装重签名的app到最后一步就会产生错误,错误讯息如下:
(lldb) connect
(lldb) run
success
dyld: Library not loaded: FridaGadget.dylib
Referenced from: /private/var/mobile/Containers/Bundle/Application/A1797A5D-81E9-43EB-8232-1E27E6E47C17/UnCrackable Level 1.app/UnCrackable Level 1
Reason: image not found
Process 36082 stopped
* thread #1, stop reason = EXC_BREAKPOINT (code=1, subcode=0x12003d088)
frame #0: 0x000000012003d088 dyld`dyld_fatal_error
dyld`dyld_fatal_error:
-> 0x12003d088 <+0>: brk #0x3
dyld`dyldbootstrap::start:
0x12003d08c <+0>: stp x28, x27, [sp, #-0x60]!
0x12003d090 <+4>: stp x26, x25, [sp, #0x10]
0x12003d094 <+8>: stp x24, x23, [sp, #0x20]
Target 0: (dyld) stopped.
但我已经尽量按照英文原文版去实作所有细节,只要我optool uninstall 拿掉FridaGadget.dylib载入指令的话,app就可以正常被ios-deploy发佈在手机上。
我尝试过把get task allow 改成no 或者 yes,如果是yes那就会出现dylib image not found,如果是no一样会失败,错误讯息如下:
Platform: remote-ios
Connected: no
SDK Path: "/Users/wz/Library/Developer/Xcode/iOS DeviceSupport/8.1.2 (12B440)/Symbols"
(lldb) target create "/Users/wz/Projects/owasp-mstg/Crackmes/iOS/Level_01/Payload/UnCrackable Level 1.app"
Current executable set to '/Users/wz/Projects/owasp-mstg/Crackmes/iOS/Level_01/Payload/UnCrackable Level 1.app' (arm64).
(lldb) script fruitstrap_device_app="/private/var/mobile/Containers/Bundle/Application/1BE9E452-AEBC-4068-AFDF-35483AB03CE7/UnCrackable Level 1.app"
(lldb) script fruitstrap_connect_url="connect://127.0.0.1:64421"
(lldb) target modules search-paths add /usr "/Users/wz/Library/Developer/Xcode/iOS DeviceSupport/8.1.2 (12B440)/Symbols/usr" /System "/Users/wz/Library/Developer/Xcode/iOS DeviceSupport/8.1.2 (12B440)/Symbols/System" "/private/var/mobile/Containers/Bundle/Application/1BE9E452-AEBC-4068-AFDF-35483AB03CE7" "/Users/wz/Projects/owasp-mstg/Crackmes/iOS/Level_01/Payload" "/var/mobile/Containers/Bundle/Application/1BE9E452-AEBC-4068-AFDF-35483AB03CE7" "/Users/wz/Projects/owasp-mstg/Crackmes/iOS/Level_01/Payload" /Developer "/Users/wz/Library/Developer/Xcode/iOS DeviceSupport/8.1.2 (12B440)/Symbols/Developer"
(lldb) command script import "/tmp/5A99D8BC-DF4A-47A4-A06F-7BD9E01E8EF1/fruitstrap_212f3ab4ef6ddc90b21ad816a3e7cd5223b6af52.py"
(lldb) command script add -f fruitstrap_212f3ab4ef6ddc90b21ad816a3e7cd5223b6af52.connect_command connect
(lldb) command script add -s asynchronous -f fruitstrap_212f3ab4ef6ddc90b21ad816a3e7cd5223b6af52.run_command run
(lldb) command script add -s asynchronous -f fruitstrap_212f3ab4ef6ddc90b21ad816a3e7cd5223b6af52.autoexit_command autoexit
(lldb) command script add -s asynchronous -f fruitstrap_212f3ab4ef6ddc90b21ad816a3e7cd5223b6af52.safequit_command safequit
(lldb) connect
(lldb) run
error: process launch failed: failed to get the task for process 36226
(lldb)
感觉应该是要是YES才是正确的,但dylib image not found到底是什麽原因呢?能否请大神们给予小弟指点,万分感谢!