Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

debugme issues #3

Open
secretpray opened this issue Oct 4, 2019 · 15 comments
Open

debugme issues #3

secretpray opened this issue Oct 4, 2019 · 15 comments

Comments

@secretpray
Copy link

(lldb) debugme
[] start patch ptrace funtion to bypass antiDebug
[+] success ptrace funtion to bypass antiDebug
[] start patch svc ins to bypass antiDebug
[-] failed to get text segment:["rror: warning: format specifies type 'unsigned long' but the argument has type 'uint64_t' (aka 'unsigned long long')\nwarning: format specifies type 'unsigned long' but the argument has type 'uint64_t' (aka 'unsigned long long')\nwarning: ISO C++11 does not allow conversion from string literal to 'char *'\nerror: Couldn't lookup symbols:\n _sprint"]
[x] happy debugging~ kill antiDebug by xia0@2019
@secretpray
Copy link
Author

Error in choose.py

$ lldb

[traceOC]: trace ObjectC function call
traceOC
more usage, try "traceOC -h"

[xutil]: some util tool for debug, this command is flexable and some options maybe remove future
xutil [-b addr, -s module, -l dylib]
more usage, try "xutil -h"
error: module importing failed: invalid syntax (choose.py, line 274)
File "temp.py", line 1, in

error: module importing failed: Missing parentheses in call to 'print'. Did you mean print('please specify the param, for example: "-[UIView initWithFrame:]"')? (xbr.py, line 531)
File "temp.py", line 1, in

error: module importing failed: invalid syntax (dumpdecrypted.py, line 431)
File "temp.py", line 1, in

@4ch12dy
Copy link
Owner

4ch12dy commented Oct 5, 2019

Error in choose.py

$ lldb

[traceOC]: trace ObjectC function call

traceOC
more usage, try "traceOC -h"
[xutil]: some util tool for debug, this command is flexable and some options maybe remove future
xutil [-b addr, -s module, -l dylib]
more usage, try "xutil -h"
error: module importing failed: invalid syntax (choose.py, line 274)
File "temp.py", line 1, in

error: module importing failed: Missing parentheses in call to 'print'. Did you mean print('please specify the param, for example: "-[UIView initWithFrame:]"')? (xbr.py, line 531)
File "temp.py", line 1, in

error: module importing failed: invalid syntax (dumpdecrypted.py, line 431)
File "temp.py", line 1, in

traceOC还没完成…

@4ch12dy
Copy link
Owner

4ch12dy commented Oct 5, 2019

你那是什么app,我这边测试下

@wxq491216
Copy link

➜ gif lldb
========
[traceOC]: trace ObjectC function call
traceOC
more usage, try "traceOC -h"
========
[xutil]: some util tool for debug, this command is flexable and some options maybe remove future
xutil [-b addr, -s module, -l dylib]
more usage, try "xutil -h"
error: module importing failed: invalid syntax (choose.py, line 274)
File "temp.py", line 1, in
error: module importing failed: Missing parentheses in call to 'print'. Did you mean print('please specify the param, for example: "-[UIView initWithFrame:]"')? (xbr.py, line 531)
File "temp.py", line 1, in
pcc
error: module importing failed: invalid syntax (dumpdecrypted.py, line 431)
File "temp.py", line 1, in
========
[debugme]: kill anti-debug in lldb
debugme
more usage, try "debugme -h"
========
[info]: get basic info of process/function/module/address/...
info [-m moduleName, -a address, -f funtionName, -u UserDefaults]
more usage, try "info -h"
error: module importing failed: invalid syntax (sbt.py, line 166)
File "temp.py", line 1, in

不论什么app,一连上lldb就会报这个错误,xbr完全用不了

@4ch12dy
Copy link
Owner

4ch12dy commented Oct 9, 2019
edited

使用的最新的xia0LLDB吗,我这边测了下没有复现这个问题。从错误上看起来像是Python文件解析错误,是不是用的Python3?

@wxq491216
Copy link

python -V
Python 2.7.10

默认要用python3么?

@4ch12dy
Copy link
Owner

4ch12dy commented Oct 9, 2019

用python2

@wxq491216
Copy link

看起来应该是python环境造成的,没安装python3之前是正常的。安装python3之后就出现这个问题了,但实际上mac默认用的是python2。还在摸索该怎么解决!

@wxq491216
Copy link

This error is done with bellow command:

defaults write com.apple.dt.lldb DefaultPythonVersion 2

The newest xcode11 use python3 defaultly, so this command change the python version from 3 to 2

@4ch12dy
Copy link
Owner

4ch12dy commented Oct 10, 2019

thanks! I will update xia0LLDB with python3 soon.

@4ch12dy 4ch12dy mentioned this issue Oct 17, 2019
Closed
@colordancer
Copy link

[-] failed to get text segment:["rror: warning: format specifies type 'unsigned long' but the argument has type 'uint64_t' (aka 'unsigned long long')\nwarning: format specifies type 'unsigned long' but the argument has type 'uint64_t' (aka 'unsigned long long')\nwarning: ISO C++11 does not allow conversion from string literal to 'char *'\nerror: Couldn't lookup symbols:\n _sprint"]

Couldn't lookup symbols:\n _sprint,这个bug解了吗

@4ch12dy
Copy link
Owner

4ch12dy commented Oct 28, 2019
edited

Couldn't lookup symbols:\n _sprint,这个bug解了吗

什么app,我这边测下看看

@colordancer
Copy link

Couldn't lookup symbols:\n _sprint,这个bug解了吗

什么app,我这边测下看看

kwai_gif,6.9.1
image

@4ch12dy
Copy link
Owner

4ch12dy commented Oct 28, 2019
edited

执行时机的问题,因为lldb attach以后,还没加载各个模块。参考这篇文章
http://4ch12dy.site/2019/09/23/lldb-dumpdecrypted/lldb-dumpdecrypted/
在xbr -E main 以后执行debugme(在执行之前一定要删除所有断点)

不过需要说明的一点在于,debugme主要针对ptrace以及恶心的svc内联汇编的反调试,其他方式的话debugme暂时没解决

另外补充一点在于某手的可执行文件里面并不包含关键代码,都在另一个dylib里面。所以需要手动分析

@colordancer
Copy link

执行时机的问题,因为lldb attach以后,还没加载各个模块。参考这篇文章
http://4ch12dy.site/2019/09/23/lldb-dumpdecrypted/lldb-dumpdecrypted/
在xbr -E main 以后执行debugme(在执行之前一定要删除所有断点)

不过需要说明的一点在于,debugme主要针对ptrace以及恶心的svc内联汇编的反调试,其他方式的话debugme暂时没解决

另外补充一点在于某手的可执行文件里面并不包含关键代码,都在另一个dylib里面。所以需要手动分析

哈哈,谢谢

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@colordancer @wxq491216 @4ch12dy @secretpray