按照狗神的贴子操作
注入的dylib(只是打印一句log)是运行了,就是打印一个回显(========run_cmd begin: …===========),但是NZT却挂了。能帮忙看下什么情况不?
May 20 11:12:35 iPhone NZT[605] : NZT(605,0x331649dc) malloc: *** error for object 0x6c83e1: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
log如下:
May 20 11:12:35 iPhone SpringBoard[56] : Can’t find any path
May 20 11:12:35 iPhone SpringBoard[56] : themedPath:/var/mobile/Media/PandaHome/res/ShortcutIcon.bundle/res/icon/ghost_green_48@2x.png
May 20 11:12:35 iPhone SpringBoard[56] : END
May 20 11:12:35 iPhone SpringBoard[56] : CGImageSourceCreateWithFile [end]:
May 20 11:12:35 iPhone NZT[605] : ========run_cmd begin: …===========
May 20 11:12:35 iPhone NZT[605] : NZT(605,0x331649dc) malloc: *** error for object 0x6c83e1: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
May 20 11:12:35 iPhone ReportCrash[607] : MS:Notice: Injecting: (null) ReportCrash
May 20 11:12:35 iPhone ReportCrash[607] : MS:Error: binary does not support this cpu type
May 20 11:12:35 iPhone ReportCrash[607] : MS:Error: failure to check PHNetWorkOpt.dylib
May 20 11:12:35 iPhone ReportCrash[607] : MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/SBPandaHome.dylib
May 20 11:12:35 iPhone ReportCrash[607] : PandaHomeInitialize
May 20 11:12:35 iPhone ReportCrash[607] : MS
message not found [_UIAssetManager imageNamed:scale:idiom:subtype:cachingOptions:]
May 20 11:12:35 iPhone ReportCrash[607] : identifier (null)
May 20 11:12:35 iPhone ReportCrash[607] : folderBackground: (null)
May 20 11:12:35 iPhone ReportCrash[607] : reload
May 20 11:12:35 iPhone ReportCrash[607] : newversion
May 20 11:12:35 iPhone ReportCrash[607] : themes:(
)
May 20 11:12:35 iPhone ReportCrash[607] : themeInfoPlist: {
}
May 20 11:12:35 iPhone ReportCrash[607] : isIOS5
May 20 11:12:35 iPhone ReportCrash[607] : InitSafariWeb
May 20 11:12:35 iPhone ReportCrash[607] : UIKit had loaded.
May 20 11:12:35 iPhone ReportCrash[607] : _UIImageWithName:0x1884f9064
May 20 11:12:35 iPhone ReportCrash[607] : UIKit has end Load
May 20 11:12:35 iPhone ReportCrash[607] : _Z24GetFileNameForThisActionmPcRb: 0x0
May 20 11:12:35 iPhone ReportCrash[607] : _Z24GetFileNameForThisActionmPcmRb: 0x0
May 20 11:12:35 iPhone ReportCrash[607] : _Z24GetFileNameForThisActionjPcjRb: 0x1833162e4
May 20 11:12:35 iPhone ReportCrash[607] : ImageIO end
May 20 11:12:35 iPhone ReportCrash[607] : CPBitmapCreateImagesFromPath: 0x189c18a34
May 20 11:12:35 iPhone ReportCrash[607] : open sound library end
May 20 11:12:35 iPhone ReportCrash[607] : MS nil class argument for selector imageNamed:
May 20 11:12:35 iPhone ReportCrash[607] : MS nil class argument for selector initWithName:inBundle:
May 20 11:12:35 iPhone ReportCrash[607] : getTheme,FILE:(
“SMSBackground.png”,
“SMSBackground.jpg”,
“SMSBackground@2x.png”,
“SMSBackground@2x.jpg”,
“SMSBackground-568h@2x.png”,
“SMSBackground-375w-667h@2x.png”,
“SMSBackground-414w-736h@3x.png”
)
May 20 11:12:35 iPhone ReportCrash[607] : path: (null)
May 20 11:12:35 iPhone ReportCrash[607] : init finish
May 20 11:12:35 iPhone ReportCrash[607] : initWith
May 20 11:12:35 iPhone ReportCrash[607] : services
May 20 11:12:35 iPhone ReportCrash[607] : task_set_exception_ports(B07, 400, 1503, 0, 0) failed with error (4: (os/kern) invalid argument)
May 20 11:12:35 iPhone ReportCrash[607] : ReportCrash acting against PID 605
May 20 11:12:36 iPhone ReportCrash[607] : Formulating crash report for process NZT[605]
May 20 11:12:36 iPhone com.apple.xpc.launchd1 : Service exited due to signal: Abort trap: 6
May 20 11:12:36 iPhone ReportCrash[607] : Saved report to /Library/Logs/CrashReporter/NZT_2016-05-20-111235_iPhone.ips
May 20 11:12:36 iPhone SpringBoard[56] : Application ‘UIKitApplication:NZT[0xf60b]’ crashed.
May 20 11:12:36 iPhone SpringBoard[56] : NSBundle$localizedStringForKey$value$table
May 20 11:12:36 iPhone SpringBoard[56] : WB:Debug:NSBundle(com.apple.springboard) localizedStringForKey:“SEARCH_BAR_PLACEHOLDER_LOCAL_ONLY” value:"" table:“SpringBoard”
然后我尝试注入其他的root的App
也可以打印出来dylib的log( ========run_cmd begin: …===========),是不是NZT做了什么反注入的措施呢?试了好几个其他root的应用都可以起来,就NZT的应用起来会挂掉。显示这个log
May 20 11:12:35 iPhone NZT[605] : NZT(605,0x331649dc) malloc: *** error for object 0x6c83e1: pointer being freed was not allocated
*** set a breakpoint in malloc_error_break to debug
log如下:
May 20 11:49:30 iPhone SpringBoard[56] : Can’t find any path
May 20 11:49:30 iPhone SpringBoard[56] : themedPath:/var/mobile/Media/PandaHome/res/ShortcutIcon.bundle/res/icon/ghost_green_48@2x.png
May 20 11:49:30 iPhone SpringBoard[56] : END
May 20 11:49:30 iPhone SpringBoard[56] : CGImageSourceCreateWithFile [end]:
May 20 11:49:30 iPhone PandaHome[815] : MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/NZT.dylib
May 20 11:49:30 iPhone PandaHome[815] : MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/NZTPasteBoard.dylib
May 20 11:49:30 iPhone PandaHome[815] : MS:Error: binary does not support this cpu type
May 20 11:49:30 iPhone PandaHome[815] : MS:Error: failure to check PHNetWorkOpt.dylib
May 20 11:49:30 iPhone PandaHome[815] : MS:Notice: Loading: /Library/MobileSubstrate/DynamicLibraries/SBPandaHome.dylib
May 20 11:49:31 iPhone PandaHome[815] : PandaHomeInitialize
May 20 11:49:31 iPhone PandaHome[815] : MS message not found [_UIAssetManager imageNamed:scale:idiom:subtype:cachingOptions:]
May 20 11:49:31 iPhone PandaHome[815] : identifier com.91.sj.iphone.PandaHome
May 20 11:49:31 iPhone PandaHome[815] : folderBackground: (null)
May 20 11:49:31 iPhone PandaHome[815] : reload
May 20 11:49:31 iPhone PandaHome[815] : newversion
May 20 11:49:31 iPhone PandaHome[815] : themes:(
)
May 20 11:49:31 iPhone PandaHome[815] : themeInfoPlist: {
}
May 20 11:49:31 iPhone PandaHome[815] : isIOS5
May 20 11:49:31 iPhone PandaHome[815] : InitSafariWeb
May 20 11:49:31 iPhone PandaHome[815] : UIKit had loaded.
May 20 11:49:31 iPhone PandaHome[815] : _UIImageWithName:0x187199064
May 20 11:49:31 iPhone PandaHome[815] : UIKit has end Load
May 20 11:49:31 iPhone PandaHome[815] : _Z24GetFileNameForThisActionmPcRb: 0x0
May 20 11:49:31 iPhone PandaHome[815] : _Z24GetFileNameForThisActionmPcmRb: 0x0
May 20 11:49:31 iPhone PandaHome[815] : _Z24GetFileNameForThisActionjPcjRb: 0x181fb62e4
May 20 11:49:31 iPhone PandaHome[815] : ImageIO end
May 20 11:49:31 iPhone PandaHome[815] : CPBitmapCreateImagesFromPath: 0x1888b8a34
May 20 11:49:31 iPhone PandaHome[815] : open sound library end
May 20 11:49:31 iPhone PandaHome[815] : MS nil class argument for selector imageNamed:
May 20 11:49:31 iPhone PandaHome[815] : MS nil class argument for selector initWithName:inBundle:
May 20 11:49:31 iPhone PandaHome[815] : getTheme,FILE:(
“SMSBackground.png”,
“SMSBackground.jpg”,
“SMSBackground@2x.png”,
“SMSBackground@2x.jpg”,
“SMSBackground-568h@2x.png”,
“SMSBackground-375w-667h@2x.png”,
“SMSBackground-414w-736h@3x.png”
)
May 20 11:49:31 iPhone PandaHome[815] : path: (null)
May 20 11:49:31 iPhone PandaHome[815] : init finish
May 20 11:49:31 iPhone PandaHome[815] : initWith
May 20 11:49:31 iPhone PandaHome[815] : services
May 20 11:49:31 iPhone PandaHome[815] : ========run_cmd begin: …===========
May 20 11:49:31 iPhone PandaHome[815] : assertion failed: 12B440: libxpc.dylib + 71820 [A4F17798-F3DE-3FBC-85E3-F569762F0EB9]: 0x7d
May 20 11:49:31 iPhone Unknown[815] :
May 20 11:49:31 iPhone PandaHome[815] : NSBundle$pathForResource:Assets,ofType:car,inDirectory:(null)
May 20 11:49:31 iPhone PandaHome[815] : getTheme,FILE:(
“Bundles/com.apple.uikit.Artwork/Assets.car”,
“Folders/Artwork.bundle/Assets.car”
)
May 20 11:49:31 iPhone PandaHome[815] : path: (null)
May 20 11:49:31 iPhone PandaHome[815] : Can’t find any path
May 20 11:49:31 iPhone PandaHome[815] : CoreLocation: Could not get ideal gyro update interval, assuming 0.005000 s