tobefuturer / restore-symbol Goto Github PK
View Code? Open in Web Editor NEWA reverse engineering tool to restore stripped symbol table for iOS app.
A reverse engineering tool to restore stripped symbol table for iOS app.
我的可执行文件只有arm64一个arch,不是FAT。烧机器的时候Xcode报cpu无法识别的错误,我用MachOView看了一下,arch是(???)。
Showing All Messages
No such file or directory: '/Users/jiadeyu/Desktop/540Crash/restore-symbol-master/class-dump/Source/CDStructureTable.m'
IOS 10 越狱设备
恢复符号后 拷贝回去 闪退 已经安装了appsync,
请问君哥 什么情况啊。
restore-symbol.pch:15:9: fatal error:
'CDExtensions.h' file not found
#import "CDExtensions.h"
^~~~~~~~~~~~~~~~
1 error generated.
maximum recursion depth exceeded while calling a Python object
Traceback (most recent call last):
出错在这一行
superBlockName = findBlockName(superBlockFuncAddr)
I have replaced the class dump by https://github.com/nygard/class-dump
and get an error
/restore-symbol/class-dump/Source/CDLCBuildVersion.m:18:14: error: use of undeclared identifier 'PLATFORM_IOSMAC'
maybe this issue could be fine nygard/class-dump#92
不好意思,因为我之前都是直接在控制台直接使用 lldb 远程动态调试的。看了博主的文章,直接在 Xcode 里面进行 lldb 调试还能直接看到调用栈,感觉很方便。
想请教下博主如何直接在 Xcode 里面对第三方应用进行调试呢?
➜ restore-symbol git:(master) ./restore-symbol /Applications/WeChat.app/Contents/MacOS/WeChat -o /Applications/WeChat.app/Contents/MacOS/WeChat_
=========== Start =============
Scan OC method in mach-o-file.
2021-03-19 22:07:48.900 restore-symbol[18374:183787] *** Assertion failure in -[CDObjectiveC2Processor loadClassAtAddress:], CDObjectiveC2Processor.m:258
2021-03-19 22:07:48.901 restore-symbol[18374:183787] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Invalid parameter not satisfying: moduleName.length == length'
*** First throw call stack:
(
0 CoreFoundation 0x00007fff204f06af __exceptionPreprocess + 242
1 libobjc.A.dylib 0x00007fff202283c9 objc_exception_throw + 48
2 CoreFoundation 0x00007fff20519512 +[NSException raise:format:arguments:] + 88
3 Foundation 0x00007fff212d56c9 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 191
4 restore-symbol 0x00000001098cc33f -[CDObjectiveC2Processor loadClassAtAddress:] + 2709
5 restore-symbol 0x00000001098ca09a -[CDObjectiveC2Processor loadClasses] + 224
6 restore-symbol 0x00000001098c753f -[CDObjectiveCProcessor process] + 381
7 restore-symbol 0x00000001098b5f69 -[CDClassDump processObjectiveCData] + 300
8 restore-symbol 0x00000001098abaa7 restore_symbol + 823
9 restore-symbol 0x00000001098b352a main + 514
10 libdyld.dylib 0x00007fff20399621 start + 1
)
libc++abi.dylib: terminating with uncaught exception of type NSException
[1] 18374 abort ./restore-symbol /Applications/WeChat.app/Contents/MacOS/WeChat -o
The following build commands failed:
CompileC build/restore-symbol.build/Release/restore-symbol.build/Objects-normal/x86_64/CDStructureTable.o class-dump/Source/CDStructureTable.m normal x86_64 objective-c com.apple.compilers.llvm.clang.1_0.compiler
当class-dump遇到Warning: Parsing instance variable type failed时,貌似restore-symbol就中断工作了?
class-dump遇到这种Warning时,好像只是跳过了那个类。但是restore-symbol的整个过程好像就中断了,仅恢复了少量的符号条目。比如在恢复爱艺奇的符号表的时候。
有好多APP存在objc-swfit混编,restore-symbol 依赖的class-dump 现在不能 dump swift 的函数,请问前辈有什么办法吗?还望不吝赐教.....
你好,我使用了你的restore-symbol,发现sub_开头的函数名还是没有恢复,两个dylib的大小是一样的,请指教一下!
=========== Start =============
Scan OC method in mach-o-file.
2021-01-23 11:30:50.577 restore-symbol[48655:1461929] *** Assertion failure in -[CDObjectiveC2Processor loadClassAtAddress:], CDObjectiveC2Processor.m:258
2021-01-23 11:30:50.578 restore-symbol[48655:1461929] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Invalid parameter not satisfying: moduleName.length == length'
*** First throw call stack:
(
0 CoreFoundation 0x00007fff204af6af __exceptionPreprocess + 242
1 libobjc.A.dylib 0x00007fff201e73c9 objc_exception_throw + 48
2 CoreFoundation 0x00007fff204d8512 +[NSException raise:format:arguments:] + 88
3 Foundation 0x00007fff212946c9 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 191
4 restore-symbol 0x0000000107a2934f -[CDObjectiveC2Processor loadClassAtAddress:] + 2709
5 restore-symbol 0x0000000107a270aa -[CDObjectiveC2Processor loadClasses] + 224
6 restore-symbol 0x0000000107a2454f -[CDObjectiveCProcessor process] + 381
7 restore-symbol 0x0000000107a12f79 -[CDClassDump processObjectiveCData] + 300
8 restore-symbol 0x0000000107a08ab7 restore_symbol + 823
9 restore-symbol 0x0000000107a1053a main + 514
10 libdyld.dylib 0x00007fff20358621 start + 1
)
Scan OC method in mach-o-file.
2018-11-25 14:37:54.450 restore-symbol[8066:588336] *** Assertion failure in -[CDObjectiveC2Processor loadClassAtAddress:], /Users/yifang/restore-symbol/class-dump/Source/CDObjectiveC2Processor.m:258
2018-11-25 14:37:54.452 restore-symbol[8066:588336] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Invalid parameter not satisfying: moduleName.length == length'
*** First throw call stack:
(
0 CoreFoundation 0x00007fff4a479e65 __exceptionPreprocess + 256
1 libobjc.A.dylib 0x00007fff764d4720 objc_exception_throw + 48
2 CoreFoundation 0x00007fff4a494ab2 +[NSException raise:format:arguments:] + 98
3 Foundation 0x00007fff4c838d1d -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 194
4 restore-symbol 0x000000010f53a821 -[CDObjectiveC2Processor loadClassAtAddress:] + 2826
5 restore-symbol 0x000000010f53831c -[CDObjectiveC2Processor loadClasses] + 243
6 restore-symbol 0x000000010f53563c -[CDObjectiveCProcessor process] + 391
7 restore-symbol 0x000000010f522e9b -[CDClassDump processObjectiveCData] + 344
8 restore-symbol 0x000000010f51828f restore_symbol + 831
9 restore-symbol 0x000000010f520212 main + 482
10 libdyld.dylib 0x00007fff775a308d start + 1
11 ??? 0x0000000000000006 0x0 + 6
)
libc++abi.dylib: terminating with uncaught exception of type NSException
Abort trap: 6
I want use Xcode and lldb debug ios apps like author, but don't know how to, thanks for help.
现在的class-dump不支持swift
请问下,block符号的恢复步骤也是拿最初的二进制文件嘛,而不是已经恢复了OC符号的二进制来作为下一步的输入?
恢复的是macOS端的可执行文件,最后debug的时候无法symbolic断点
c++在ida上可以看到 但是堆栈没有看到是不是没有恢复呢
1.我把WhatsApp瘦身以后,只剩armv7的架构,执行./restore-symbol,报错入下图,求教
2.我安装采用的是你写的命令行安装的
git clone --recursive https://github.com/tobefuturer/restore-symbol.git
cd restore-symbol && make
./restore-symbol
Error: Cannot find offset for address 0x201a5a5d188 in dataOffsetForAddress:
请问怎么回事
./restore-symbol WeChat.app/WeChat -o WeChat_symbol
这样不对吗?
执行失败:
Restore-symbol supports armv7 and arm64 archtecture, but not support fat file. Please use lipo to thin the image file first.
make
** BUILD FAILED **
The following build commands failed:
CompileC build/restore-symbol.build/Release/restore-symbol.build/Objects-normal/x86_64/CDStructureTable.o class-dump/Source/CDStructureTable.m normal x86_64 objective-c com.apple.compilers.llvm.clang.1_0.compiler
(1 failure)
make: *** [restore-symbol] Error 65
使用这个工具,执行的时候提示“Error: Couldn't get local architecture!” 然后本地的同名文件夹被强制删除了!那里面有我很重要的资料!!!
*** Assertion failure in -[CDObjectiveC2Processor loadClassAtAddress:], ~/restore-symbol/class-dump/Source/CDObjectiveC2Processor.m:258
2018-12-05 16:03:43.945 restore-symbol[887:6136039] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Invalid parameter not satisfying: moduleName.length == length'
*** First throw call stack:
(
0 CoreFoundation 0x00007fff485f3e65 __exceptionPreprocess + 256
1 libobjc.A.dylib 0x00007fff7464f720 objc_exception_throw + 48
2 CoreFoundation 0x00007fff4860eab2 +[NSException raise:format:arguments:] + 98
3 Foundation 0x00007fff4a9b2d1d -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 194
4 restore-symbol 0x000000010f0f634b -[CDObjectiveC2Processor loadClassAtAddress:] + 2821
5 restore-symbol 0x000000010f0f3e4e -[CDObjectiveC2Processor loadClasses] + 243
6 restore-symbol 0x000000010f0f1158 -[CDObjectiveCProcessor process] + 391
7 restore-symbol 0x000000010f0de9aa -[CDClassDump processObjectiveCData] + 344
8 restore-symbol 0x000000010f0d3dff restore_symbol + 831
9 restore-symbol 0x000000010f0dbd36 main + 482
10 libdyld.dylib 0x00007fff7571e08d start + 1
11 ??? 0x0000000000000004 0x0 + 4
)
libc++abi.dylib: terminating with uncaught exception of type NSException
[1] 887 abort ./restore-symbol Douban_arm64 -o Douban_64
=========== Start =============
Scan OC method in mach-o-file.
Scan OC method finish.
Parse symbols in json file.
Parse finish.
2017-12-27 21:07:14.885 restore-symbol[62865:724524] Address(1c5001) not found in the image
作者你好,请问如何用xcode调试其他app的,多谢!
还原部落冲突
第一次用Clutch dump 出来binary, 然后restore-symbol 显示是fat file,然后lipo -thin armv7。 就可以restore了。
第二次用Clutch dump ipa 文件,然后把mach-o文件拷贝出来,显示无法识别architecture, 再次lipo, 然后restore,重签名。
然后安装,安装以后,游戏就卡在同意条款的地方,一直谈条款。所以如果是fat file 还要在用lipo 把armv7 和 arm64 打包回去。
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.