iOS 9.3.3中使用dumpdecrypted砸壳,killed:9

从gihub中下载的源码,因为Xcode7.3的9.3的sdk没有privateframeworks,所以是下载的iOS 9.2的idk,把它的privateframeworks 放到iOS9.3的sdk的/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/PrivateFrameworks目录下,然后make的dumpdecrypted,但是放到对应的Documents下,然后运行,出现Killed:9的错误

1 个赞

把Makefile中的一句改成这样试试:

GCC_BASE = $(GCC_BIN) -Os $(CFLAGS) -Wimplicit -isysroot $(SDK) -F$(SDK)/System/Library/Frameworks# -F$(SDK)/System/Library/PrivateFrameworks

即注释掉PrivateFrameworks的部分

还是不行,还是killed:9报错

1 个赞

我也遇到这个情况了,也是9.3.3的

而且我在执行砸壳命令的时候,随便写了个dylib的名字,报同样的错误,所以我感觉不是dumpdecrypted的问题,是DYLD_INSERT_LIBRARIES的问题?

估计得靠大神来解决了,我cycript -p app也有问题

iphonedevwiki上有讲到iOS9.3.3上的一些问题,其中说到killed:9的问题:

#Killed: 9
Pangu9 causes many command-line tools to not work, with the error “Killed: 9”

This can be solved by running “ldid -S which <command>

还有

This occurs due to the change in the 32-bit pagesize on 64-bit CPUs in iOS 9. The libraries noted above need to be rebuilt with “-Wl,-segalign,4000”.
要重新rebuilt。:sob:

ldid -S dylib就行了

我这边执行这句还是不行

我也卡在这里,请问有解决了的吗。

我直接用 xxx.app 这样也能dump出头文件,是没壳的原因吗??

#查询到github上面的一个 方法对我有效,你可以试试。


1, copy dumpdecrypted.dylib into /usr/lib. Make sure it has appropriate permissions so that user mobile can read and execute it

-rwxr-xr-x 1 root wheel 197528 Aug 14 16:22 dumpdecrypted.dylib

2, change user to mobile:

su mobile

3, change directory into somewhere that mobile can write to:

cd /var/mobile/Documents

4, execute the command with absolute paths:

DYLD_INSERT_LIBRARIES=/usr/lib/dumpdecrypted.dylib /var/containers/Bundle/Application/59CEB222-4C4D-4A34-BC0F-8D38B9E3853D/MyApp.app/MyApp

5, then, you’ll have the MyApp.decrypted file in the current directory

Tested on Pangu jailbroken iOS 9.3.3

7 个赞

成功了,谢谢

I think it is something related to the Sandbox. The reason behind this potential problem has been already explained in the last paragraph on page 136 in the book “iOS App Reverse Engineering”.

“Copy dumpdecrypted.dylib into /usr/lib” is not necessary if you have already put it into the right “Document” directory.

The only thing to fix is to:

  1. make sure the permissions of “mobile” are at least read (even only read is enough, tested in iOS 9.3.2) and execute.

  2. “su mobile” and execute it again.

还是报错Killed:9,求直指教

你是怎么解决的,我怎么还是报这个错误呢?

验证成功了,谢谢!

Good… Thanks…

success ~~~yeah