xia0LLDB dumpdecrypted failed

iphone6s ios12.1.4 error msg:

error: <user expression 3>:178:44: no matching function for call to 'NSSearchPathForDirectoriesInDomains' NSString docPath = ((NSArray)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0]; ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.4.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSPathUtilities.h:96:40: candidate function not viable: no known conversion from 'int' to 'NSSearchPathDirectory' for 1st argument FOUNDATION_EXPORT NSArray<NSString *> *NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory directory, NSSearchPathDomainMask domainMask, BOOL expandTilde); ^

error: <user expression 3>:180:36: property 'UTF8String' not found on object of type 'NSString *' strlcpy(npath, docPath.UTF8String, sizeof(npath)); ^

[] now is image: 21,/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares [] start dump [21] image:/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares error: <user expression 4>:178:44: no matching function for call to 'NSSearchPathForDirectoriesInDomains' NSString docPath = ((NSArray)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0]; ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.4.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSPathUtilities.h:96:40: candidate function not viable: no known conversion from 'int' to 'NSSearchPathDirectory' for 1st argument FOUNDATION_EXPORT NSArray<NSString *> *NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory directory, NSSearchPathDomainMask domainMask, BOOL expandTilde); ^

error: <user expression 4>:180:36: property 'UTF8String' not found on object of type 'NSString *' strlcpy(npath, docPath.UTF8String, sizeof(npath)); ^

[-] image info is null, skip image #

[*] Developed By xia0@201

Apr 07 '20 09:04 sepyeight

你是不是改了文件？这里你日志中的代码

NSString docPath = ((NSArray)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];

明显这里是一个NSString的指针，正常的代码是

NSString *docPath = ((NSArray*)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];

同理还有几处也是这样

Apr 07 '20 09:04 4ch12dy

没有修改文件，download下来，直接用的，报错了，我尝试修改的/tmp下面报错信息：Error writing file，所以我就彷徨了

Apr 07 '20 10:04 sepyeight

你把dumpdecrypted.py中

NSString docPath = ((NSArray)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];

处的代码贴出来看看，日志上显示这里的代码还是一样的，不是指针

Apr 07 '20 10:04 4ch12dy

没找到贴图片的功能，我看了一下，这里贴log的话，（*）号会识别错误，自动不见了

error: <user expression 3>:178:44: no matching function for call to 'NSSearchPathForDirectoriesInDomains'
            NSString *docPath = ((NSArray*)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];
                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.4.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSPathUtilities.h:96:40: candidate function not viable: no known conversion from 'int' to 'NSSearchPathDirectory' for 1st argument
FOUNDATION_EXPORT NSArray<NSString *> *NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory directory, NSSearchPathDomainMask domainMask, BOOL expandTilde);
                                       ^

error: <user expression 3>:180:36: property 'UTF8String' not found on object of type 'NSString *'
            strlcpy(npath, docPath.UTF8String, sizeof(npath));
                                   ^

[*] now is image: 21,/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
[*] start dump [21] image:/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
error: <user expression 4>:178:44: no matching function for call to 'NSSearchPathForDirectoriesInDomains'
            NSString *docPath = ((NSArray*)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];
                                           ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS13.4.sdk/System/Library/Frameworks/Foundation.framework/Headers/NSPathUtilities.h:96:40: candidate function not viable: no known conversion from 'int' to 'NSSearchPathDirectory' for 1st argument
FOUNDATION_EXPORT NSArray<NSString *> *NSSearchPathForDirectoriesInDomains(NSSearchPathDirectory directory, NSSearchPathDomainMask domainMask, BOOL expandTilde);
                                       ^

error: <user expression 4>:180:36: property 'UTF8String' not found on object of type 'NSString *'
            strlcpy(npath, docPath.UTF8String, sizeof(npath));
                                   ^

[-] image info is null, skip image # 




[*] Developed By xia0@2019

我用md编辑好，贴上来好了

Apr 07 '20 10:04 sepyeight

嗯，两个问题： 1 ，将NSString *docPath = ((NSArray*)NSSearchPathForDirectoriesInDomains(9, 1, YES))[0];中的数字9改为NSDocumentDirectory

2，将strlcpy(npath, docPath.UTF8String, sizeof(npath));中的docPath.UTF8String改为[docPath UTF8String]

Apr 07 '20 10:04 4ch12dy

抱歉大佬，我一点也不会ObjC

error: <user expression 3>:180:37: no known method '-UTF8String'; cast the message send to the method's return type
            strlcpy(npath, [docPath UTF8String], sizeof(npath));
                           ~~~~~~~~~^~~~~~~~~~~

[*] now is image: 21,/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
[*] start dump [21] image:/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
error: <user expression 4>:180:37: no known method '-UTF8String'; cast the message send to the method's return type
            strlcpy(npath, [docPath UTF8String], sizeof(npath));
                           ~~~~~~~~~^~~~~~~~~~~

[-] image info is null, skip image #

Apr 07 '20 10:04 sepyeight

这样的话，我刚说的第二点你就不改试试。事实上，代码都是没啥问题的，只是不同的lldb环境对代码的检测严格性有所不同

Apr 07 '20 10:04 4ch12dy

还是不行，报错了，麻烦大佬了

error: <user expression 3>:180:36: property 'UTF8String' not found on object of type 'NSString *'
            strlcpy(npath, docPath.UTF8String, sizeof(npath));
                                   ^

[*] now is image: 21,/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
[*] start dump [21] image:/private/var/containers/Bundle/Application/FB625427-A2F0-43C4-85BF-7AE57499EB42/Ingeek Premium.app/Frameworks/Ares.framework/Ares
error: <user expression 4>:180:36: property 'UTF8String' not found on object of type 'NSString *'
            strlcpy(npath, docPath.UTF8String, sizeof(npath));

Apr 07 '20 10:04 sepyeight

这样改，(char*)[docPath dataUsingEncoding:NSUTF8StringEncoding] 或者(char*)[(NSString*)docPath dataUsingEncoding:NSUTF8StringEncoding]以及 (const char*)[docPath dataUsingEncoding:NSUTF8StringEncoding]还有 (const char*)[docPath dataUsingEncoding:4] 再不行的话，只能换台手机了

Apr 07 '20 10:04 4ch12dy

没有报错，但是写文件的时候路径出错了，不行晚上我直接写死试试 [+] Executable is a plain MACH-O image [+] Opening ym??/Ares.decrypted for writing. [-] Failed opening

Apr 07 '20 10:04 sepyeight

什么app，我这边试下

Apr 07 '20 10:04 4ch12dy

公司内测的，从testfight下的，给我的时候装好了～～～，要是给我ipa也好啊。。。。

Apr 07 '20 10:04 sepyeight

谢谢大佬，按照您给的思路，我google修改了一下

const char *docPathChar =[docPath cStringUsingEncoding:NSUTF8StringEncoding];
printf("[+] test docPath %s\n", docPathChar);

好了，可以正常dump了

Apr 07 '20 12:04 sepyeight