odourless
odourless copied to clipboard
xiaozhuai
inject failed, Unable to bind, “_fstat$INODE64” not found in “/usr/lib/libSystem.B.dylib”
BigSur 11.5.2 Mac mini (M1, 2020)
daemon.log:
I: finder pid: 1599
E: inject failed, Unable to bind, “_fstat$INODE64” not found in “/usr/lib/libSystem.B.dylib”
我尝试kill掉Finder进程,但在Finder进程重新启动时,依旧提示相同的错误
ruyenet@RuyeNets-Mini ~ % csrutil status
System Integrity Protection status: disabled.
ruyenet@RuyeNets-Mini ~ % csrutil authenticated-root status
Authenticated Root status: disabled
ruyenet@RuyeNets-Mini ~ % uname -a
Darwin RuyeNets-Mini.lan 20.6.0 Darwin Kernel Version 20.6.0: Wed Jun 23 00:26:27 PDT 2021; root:xnu-7195.141.2~5/RELEASE_ARM64_T8101 arm64
ruyenet@RuyeNets-Mini ~ % uname -m
arm64
I: finder pid: 3355
E: inject failed, Incompatible Mach-O image
kill 3355
I: finder restarted, pid: 3393
E: inject failed, Incompatible Mach-O image
@Ruyenet 下载的是arm64版的吗?如果还是不行的话,我得找个M1芯片的mac测试一下,现在这个是在我的x86_64的mbp上交叉编译的。或者你可以尝试一下在你的Mac mini上编译一下。
git clone --recursive https://github.com/xiaozhuai/odourless
cd odourless
./download-frida-libs.sh
cmake -DCMAKE_BUILD_TYPE=Release -DCMAKE_OSX_ARCHITECTURES=arm64 -B build .
cmake --build build -- install -j8
open build/dist
arm64 版本,注入失败,我也来自编译一个试试
I: finder pid: 912
E: inject failed, Incompatible Mach-O image
arm64 版本,注入失败,我也来自编译一个试试
I: finder pid: 912 E: inject failed, Incompatible Mach-O image
貌似是 frida 的问题,项目下面有相关的 issue,用最新版本 15.1.14 编译运行,还是同样的问题
@xiaozhuai 我调试了 frida 的代码,发现是https://github.com/frida/frida-gum/blob/7df5759c078f1f0d7db746f1bab6892a56da8520/gum/gumdarwinmodule.c#L2154 这个方法里的cpusubtype变量读取不对,我强制指定为GUM_DARWIN_CPU_SUBTYPE_ARM64E后,编译了 arm64 位版本的 frida,并且按照 https://github.com/frida/frida/issues/1717 https://frida.re/news/2020/07/24/frida-12-11-released 解决m1兼容性问题后,然后与 odourless 一起编译,运行现在报这个错,这个错就是 1717 issue 里的错误,但不应该啊,我已经解决了这个错。有办法推进吗?
PS: 命令行用 frida "访达"能够注入:
@xiaozhuai 用我改了代码编译后的 frida,arm64 和 arm64e 版本的 odourless 都可以打开,但都报这个错。 arm64: Odourless-arm64-1.0.0.zip arm64e: Odourless-arm64e-1.0.0.zip
@zjns 看不出问题 file /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder 先确定一下Finder究竟是arm64还是arm64e吧
file /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
[17:18] ~ $ file /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder
/System/Library/CoreServices/Finder.app/Contents/MacOS/Finder: Mach-O universal binary with 2 architectures: [x86_64:Mach-O 64-bit executable x86_64] [arm64e]
/System/Library/CoreServices/Finder.app/Contents/MacOS/Finder (for architecture x86_64): Mach-O 64-bit executable x86_64
/System/Library/CoreServices/Finder.app/Contents/MacOS/Finder (for architecture arm64e): Mach-O 64-bit executable arm64e
[17:19] ~ $
arm64e @xiaozhuai
https://frida.re/news/2020/07/24/frida-12-11-released/
sudo nvram boot-args="-arm64e_preview_abi"
尝试上面的命令,然后重启再试试
https://frida.re/news/2020/07/24/frida-12-11-released/
sudo nvram boot-args="-arm64e_preview_abi"尝试上面的命令,然后重启再试试
在这条评论里我就试了这行命令了,不行 https://github.com/xiaozhuai/odourless/issues/6#issuecomment-999391389
@zjns @RuyeNet 试试这个,编译成了universal版
~~Odourless-universal-1.2.0.zip~~
下面这个👇🏻 Odourless-universal-1.2.0.zip
@zjns @RuyeNet 试试这个,编译成了universal版 ~Odourless-universal-1.2.0.zip~ 下面这个👇🏻 Odourless-universal-1.2.0.zip
还是不行,但是报错不一样了
辛苦再试一下下面的版本: Odourless-universal-1.2.0.zip
@zjns @RuyeNet 试试这个,编译成了universal版 ~Odourless-universal-1.2.0.zip~ 下面这个👇🏻 Odourless-universal-1.2.0.zip
还是不行,但是报错不一样了
辛苦再试一下下面的版本: Odourless-universal-1.2.0.zip
不行
