unity游戏hook不进去

写了一个注入dylib的tweak来获取应用运行中的网络和应用信息的,但发现一些unity游戏没办法注入,也没有在二进制找到__RESTRICT。也看不出做了啥,无从下手


游戏:‎App Store 上的“OL盛り”

逆向小白有大神帮忙看下吗 :joy:

看下substrate日志,我猜是架构错了

另外,没注入进去和注入进去了没Hook上是完全两个概念

提示: 程序的主二进制可能没链接UIKit

1631260186.264 INFO substitute-launcher(2540): startup
1631260186.270 DEBUG substitute-launcher(2540): completed in 6 ms
1631260192.585 DEBUG xpcproxy(2541): Only accepting explicit executable name for library insertion
1631260192.585 INFO xpcproxy(2541): startup
1631260192.585 DEBUG xpcproxy(2541): SafeMode path is /var/tmp/.safemode-479189F59952157C23C3233744EE177477571321
1631260192.586 DEBUG xpcproxy(2541): completed in 1 ms
1631260192.627 INFO OL(2541): startup
1631260192.644 INFO OL(2541): Injecting /Library/MobileSubstrate/DynamicLibraries/AppSyncUnified-FrontBoard.dylib
1631260192.645 DEBUG OL(2541): Injection of /Library/MobileSubstrate/DynamicLibraries/AppSyncUnified-FrontBoard.dylib completed in 1 ms
1631260192.645 DEBUG OL(2541): /Library/MobileSubstrate/DynamicLibraries/AppSyncUnified-FrontBoard.dylib used 64 kbytes of memory
1631260192.645 DEBUG OL(2541): completed in 20 ms
1631260197.356 DEBUG xpcproxy(2542): Only accepting explicit executable name for library insertion
1631260197.357 INFO xpcproxy(2542): startup
1631260197.357 DEBUG xpcproxy(2542): SafeMode path is /var/tmp/.safemode-479189F59952157C23C3233744EE177477571321
1631260197.358 DEBUG xpcproxy(2542): completed in 1 ms
1631260197.381 INFO mobile_diagnostics_relay(2542): startup
1631260197.382 DEBUG mobile_diagnostics_relay(2542): SafeMode path is /var/tmp/.safemode-F823902198C5AF11AEE2F4DADA3EE94CAA12BAFB
1631260197.383 DEBUG mobile_diagnostics_relay(2542): completed in 2 ms
1631260199.784 DEBUG xpcproxy(2543): Only accepting explicit executable name for library insertion
1631260199.784 INFO xpcproxy(2543): startup
1631260199.785 DEBUG xpcproxy(2543): SafeMode path is /var/tmp/.safemode-479189F59952157C23C3233744EE177477571321
1631260199.787 DEBUG xpcproxy(2543): completed in 3 ms
1631260199.817 INFO mobile_house_arrest(2543): startup
1631260199.824 DEBUG mobile_house_arrest(2543): SafeMode path is /var/tmp/.safemode-4FA743B7C6F67783EF6BA6636BF2FD1E85BFF490
1631260199.826 DEBUG mobile_house_arrest(2543): completed in 11 ms
1631260204.038 DEBUG xpcproxy(2544): Only accepting explicit executable name for library insertion
1631260204.038 INFO xpcproxy(2544): startup
1631260204.039 DEBUG xpcproxy(2544): SafeMode path is /var/tmp/.safemode-479189F59952157C23C3233744EE177477571321
1631260204.039 DEBUG xpcproxy(2544): completed in 1 ms
1631260204.050 INFO mobile_house_arrest(2544): startup
1631260204.052 DEBUG mobile_house_arrest(2544): SafeMode path is /var/tmp/.safemode-4FA743B7C6F67783EF6BA6636BF2FD1E85BFF490
1631260204.053 DEBUG mobile_house_arrest(2544): completed in 3 ms
1631260204.511 DEBUG xpcproxy(2545): Only accepting explicit executable name for library insertion
1631260204.511 INFO xpcproxy(2545): startup
1631260204.512 DEBUG xpcproxy(2545): SafeMode path is /var/tmp/.safemode-479189F59952157C23C3233744EE177477571321
1631260204.512 DEBUG xpcproxy(2545): completed in 1 ms
1631260204.586 INFO Preferences(2545): startup
1631260204.628 INFO Preferences(2545): Injecting /Library/MobileSubstrate/DynamicLibraries/0Shadow.dylib
1631260204.637 DEBUG Preferences(2545): Injection of /Library/MobileSubstrate/DynamicLibraries/0Shadow.dylib completed in 9 ms
1631260204.637 DEBUG Preferences(2545): /Library/MobileSubstrate/DynamicLibraries/0Shadow.dylib used 320 kbytes of memory
1631260204.637 INFO Preferences(2545): Injecting /Library/MobileSubstrate/DynamicLibraries/AppSyncUnified-FrontBoard.dylib
1631260204.639 DEBUG Preferences(2545): Injection of /Library/MobileSubstrate/DynamicLibraries/AppSyncUnified-FrontBoard.dylib completed in 1 ms
1631260204.639 DEBUG Preferences(2545): /Library/MobileSubstrate/DynamicLibraries/AppSyncUnified-FrontBoard.dylib used 32 kbytes of memory
1631260204.639 INFO Preferences(2545): Injecting /Library/MobileSubstrate/DynamicLibraries/FLEXTweak.dylib
1631260204.641 ERROR Preferences(2545): Injection of /Library/MobileSubstrate/DynamicLibraries/FLEXTweak.dylib failed: ‘dlopen(/Library/MobileSubstrate/DynamicLibraries/FLEXTweak.dylib, 9): no suitable image found. Did find:
/Library/MobileSubstrate/DynamicLibraries/FLEXTweak.dylib: malformed mach-o: load commands size (2248) > mach-o file size (0)
/Library/MobileSubstrate/DynamicLibraries/FLEXTweak.dylib: stat() failed with errno=60’
1631260204.641 INFO Preferences(2545): Injecting /Library/MobileSubstrate/DynamicLibraries/FLEXible.dylib
1631260204.643 DEBUG Preferences(2545): Injection of /Library/MobileSubstrate/DynamicLibraries/FLEXible.dylib completed in 1 ms
1631260204.643 DEBUG Preferences(2545): /Library/MobileSubstrate/DynamicLibraries/FLEXible.dylib used 64 kbytes of memory
1631260204.643 INFO Preferences(2545): Injecting /Library/MobileSubstrate/DynamicLibraries/PreferenceLoader.dylib
1631260204.647 DEBUG Preferences(2545): Injection of /Library/MobileSubstrate/DynamicLibraries/PreferenceLoader.dylib completed in 3 ms
1631260204.647 DEBUG Preferences(2545): /Library/MobileSubstrate/DynamicLibraries/PreferenceLoader.dylib used 240 kbytes of memory
1631260204.647 INFO Preferences(2545): Injecting /Library/MobileSubstrate/DynamicLibraries/Reveal2Loader.dylib
1631260204.649 DEBUG Preferences(2545): Injection of /Library/MobileSubstrate/DynamicLibraries/Reveal2Loader.dylib completed in 2 ms
1631260204.649 DEBUG Preferences(2545): /Library/MobileSubstrate/DynamicLibraries/Reveal2Loader.dylib used 16 kbytes of memory
1631260204.649 DEBUG Preferences(2545): completed in 65 ms
1631260208.316 DEBUG xpcproxy(2546): Only accepting explicit executable name for library insertion
1631260208.316 INFO xpcproxy(2546): startup
1631260208.317 DEBUG xpcproxy(2546): SafeMode path is /var/tmp/.safemode-479189F59952157C23C3233744EE177477571321
1631260208.317 DEBUG xpcproxy(2546): completed in 0 ms
1631260208.331 INFO mobile_house_arrest(2546): startup
1631260208.332 DEBUG mobile_house_arrest(2546): SafeMode path is /var/tmp/.safemode-4FA743B7C6F67783EF6BA6636BF2FD1E85BFF490
1631260208.333 DEBUG mobile_house_arrest(2546): completed in 2 ms
1631260209.214 INFO substitute-launcher(2547): startup
1631260209.217 DEBUG substitute-launcher(2547): completed in 5 ms
1631260212.619 DEBUG xpcproxy(2548): Only accepting explicit executable name for library insertion
1631260212.619 INFO xpcproxy(2548): startup
1631260212.620 DEBUG xpcproxy(2548): SafeMode path is /var/tmp/.safemode-479189F59952157C23C3233744EE177477571321
1631260212.621 DEBUG xpcproxy(2548): completed in 1 ms
1631260212.639 INFO mobile_house_arrest(2548): startup
1631260212.642 DEBUG mobile_house_arrest(2548): SafeMode path is /var/tmp/.safemode-4FA743B7C6F67783EF6BA6636BF2FD1E85BFF490
1631260212.643 DEBUG mobile_house_arrest(2548): completed in 4 ms
1631260216.845 DEBUG xpcproxy(2549): Only accepting explicit executable name for library insertion
1631260216.845 INFO xpcproxy(2549): startup
1631260216.846 DEBUG xpcproxy(2549): SafeMode path is /var/tmp/.safemode-479189F59952157C23C3233744EE177477571321
1631260216.850 DEBUG xpcproxy(2549): completed in 5 ms
1631260216.893 INFO mobile_house_arrest(2549): startup
1631260216.895 DEBUG mobile_house_arrest(2549): SafeMode path is /var/tmp/.safemode-4FA743B7C6F67783EF6BA6636BF2FD1E85BFF490
1631260216.896 DEBUG mobile_house_arrest(2549): completed in 5 ms
1631260221.186 DEBUG xpcproxy(2550): Only accepting explicit executable name for library insertion
1631260221.186 INFO xpcproxy(2550): startup
1631260221.187 DEBUG xpcproxy(2550): SafeMode path is /var/tmp/.safemode-479189F59952157C23C3233744EE177477571321
1631260221.188 DEBUG xpcproxy(2550): completed in 1 ms
1631260221.208 INFO mobile_house_arrest(2550): startup
1631260221.212 DEBUG mobile_house_arrest(2550): SafeMode path is /var/tmp/.safemode-4FA743B7C6F67783EF6BA6636BF2FD1E85BFF490
1631260221.213 DEBUG mobile_house_arrest(2550): completed in 6 ms
1631260225.440 DEBUG xpcproxy(2551): Only accepting explicit executable name for library insertion
1631260225.440 INFO xpcproxy(2551): startup
1631260225.440 DEBUG xpcproxy(2551): SafeMode path is /var/tmp/.safemode-479189F59952157C23C3233744EE177477571321
1631260225.441 DEBUG xpcproxy(2551): completed in 1 ms
1631260225.462 INFO mobile_house_arrest(2551): startup
1631260225.465 DEBUG mobile_house_arrest(2551): SafeMode path is /var/tmp/.safemode-4FA743B7C6F67783EF6BA6636BF2FD1E85BFF490
1631260225.466 DEBUG mobile_house_arrest(2551): completed in 5 ms
我的库是FLEXTweak.dylib这个

reveal和一些常见的三方dylib都注入不了好像

好,我研究看看,谢谢

是不是只要我的dylib链接到的而主程序没链接的都需要我手动dlopen?大佬 :sunglasses:

这写了报错原因啊

好,谢谢,虽然我也看不出这是啥问题 :joy:

懂了,确实啊,没想到这层,忘了tweak作用于com.apple.UIKit :joy:

这么点函数,unity是用了Framework形式加载的吧。
手动dlopen后再注入