tobefuturer / restore-symbol Goto Github PK

View Code? Open in Web Editor NEW

1.3K 33.0 352.0 274 KB

A reverse engineering tool to restore stripped symbol table for iOS app.

Objective-C 77.72% Makefile 1.49% Python 20.79%

restore-symbol's Introduction

restore-symbol

A reverse engineering tool to restore stripped symbol table for iOS app.

Example: restore symbol for Alipay

How to use

Just restore symbol of oc method

1. Download source code and compile.


git clone --recursive https://github.com/tobefuturer/restore-symbol.git
cd restore-symbol && make
./restore-symbol

1. Restore symbol using this command. It will output a new mach-o file with symbol.


./restore-symbol /pathto/origin_mach_o_file -o /pathto/mach_o_with_symbol

1. Copy the new mach-o file (with symbol) to app bundle, replace the origin mach-o file with new mach-o file. Resign app bundle.


codesign -f -s "iPhone Developer: XXXXXXX" --signing-time none --entitlement ./xxxx.app.xcent ./xxxx.app

1. Install the app bundle to iOS device, and use lldb to debug the app. Maybe you can use the ios-deploy, or other way you like. If you use ios-deploy , you can execute this command.


brew install ios-deploy
ios-deploy -d -b xxxx.app

1. Now you can use b -[class method] to set breakpoint.

Restore symbol of oc block

1. Search block symbol in IDA to get json symbol file, using script(search_oc_block/ida_search_block.py) .

1. Use command line tool(restore-symbol) to inject oc method symbols and block symbols into mach o file.


./restore-symbol /pathto/origin_mach_o_file -o /pathto/mach_o_with_symbol -j /pathto/block_symbol.json

1. Other steps(resign, install, debug) are samen as above.

Command Line Usage

Usage: restore-symbol -o <output-file> [-j <json-symbol-file>] <mach-o-file>

  where options are:
        -o <output-file>           New mach-o-file path
        --disable-oc-detect        Disable auto detect and add oc method into symbol table,
                                   only add symbol in json file
        --replace-restrict         New mach-o-file will replace the LC_SEGMENT(__RESTRICT,__restrict)
                                   with LC_SEGMENT(__restrict,__restrict) to close dylib inject protection
        -j <json-symbol-file>      Json file containing extra symbol info, the key is "name","address"
                                   like this:

                                        [
                                         {
                                          "name": "main",
                                          "address": "0xXXXXXX"
                                         },
                                         {
                                          "name": "-[XXXX XXXXX]",
                                          "address": "0xXXXXXX"
                                         },
                                         ....
                                        ]

restore-symbol's People

Contributors

Stargazers

Watchers

Forkers

yemingyu lpj0017 coolgo chenhaoheart hellokitty007 thomas-huang ta01st kasumar gengjf ethanghub kargoo liqiushui zhangx-cn hankbao melbshark androiddream sagexy wneo yongle-fu waynett robottang daojianmahun blockchainb kevin-richael etop zhhuak piaoyunsoft sixleaves goodcyg git-august changbiao firewolf-ljw crazypoo wanchouchou zziking longv2go fjh658 luzj cqiaoyu tutura 2446886848 liushaoxing321 suifeng rogerlin2013 wellcomez nightoftwelve zhouhesheng carabina tanzhuo dawn1389ims superzhang chenlinyuan passerbycrk sumbrilliance takeshineshiro xiaohao19910303 instagrim-dev maqinjun dokay mohistattack nufroftsuj bersl lengyi zjong wumingbo xushao1990 keepyounger fly8888 erlangzhang pb-tech i-o-s goforit007 csluqiang nexthacker deelmind zhencang jsj2008 pp17 liufeigit asuralove shuixi2013 yangshengchaoios codingsf big67 haoerloveyou zlxdike lgq2015 sunyuping troyzhao linfengwenyou xuehuaze showmethemoney2022 zhangkn prnda zztiswb116 yangchenghu yrocky simonliyu toothpick2012 seltfish

restore-symbol's Issues

Invalid parameter not satisfying: moduleName.length == length

=========== Start =============
Scan OC method in mach-o-file.
2021-01-23 11:30:50.577 restore-symbol[48655:1461929] *** Assertion failure in -[CDObjectiveC2Processor loadClassAtAddress:], CDObjectiveC2Processor.m:258
2021-01-23 11:30:50.578 restore-symbol[48655:1461929] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Invalid parameter not satisfying: moduleName.length == length'
*** First throw call stack:
(
0 CoreFoundation 0x00007fff204af6af __exceptionPreprocess + 242
1 libobjc.A.dylib 0x00007fff201e73c9 objc_exception_throw + 48
2 CoreFoundation 0x00007fff204d8512 +[NSException raise:format:arguments:] + 88
3 Foundation 0x00007fff212946c9 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 191
4 restore-symbol 0x0000000107a2934f -[CDObjectiveC2Processor loadClassAtAddress:] + 2709
5 restore-symbol 0x0000000107a270aa -[CDObjectiveC2Processor loadClasses] + 224
6 restore-symbol 0x0000000107a2454f -[CDObjectiveCProcessor process] + 381
7 restore-symbol 0x0000000107a12f79 -[CDClassDump processObjectiveCData] + 300
8 restore-symbol 0x0000000107a08ab7 restore_symbol + 823
9 restore-symbol 0x0000000107a1053a main + 514
10 libdyld.dylib 0x00007fff20358621 start + 1
)

导入符号后无法识别arch

我的可执行文件只有arm64一个arch，不是FAT。烧机器的时候Xcode报cpu无法识别的错误，我用MachOView看了一下，arch是(???)。

how to use xcode and lldb debug alipay

I want use Xcode and lldb debug ios apps like author, but don't know how to, thanks for help.

c++在ida上可以看到但是堆栈没有看到是不是没有恢复呢

大神需要更新下class-dump了

现在的class-dump不支持swift

restore-symbol 瘦架构的时候(参数错误)

1.我把WhatsApp瘦身以后，只剩armv7的架构，执行./restore-symbol，报错入下图，求教

2.我安装采用的是你写的命令行安装的
git clone --recursive https://github.com/tobefuturer/restore-symbol.git
cd restore-symbol && make
./restore-symbol

恢复失败！！！

./restore-symbol WeChat.app/WeChat -o WeChat_symbol
这样不对吗？

执行失败：
Restore-symbol supports armv7 and arm64 archtecture, but not support fat file. Please use lipo to thin the image file first.

您好，请教一下像c函数这种符号能恢复嘛，非系统函数。

swift 符号怎么恢复呢,请问?

有好多APP存在objc-swfit混编,restore-symbol 依赖的class-dump 现在不能 dump swift 的函数,请问前辈有什么办法吗?还望不吝赐教.....

恢复后在Xcode中调试不显示方法名

用您提供的工具成功导出后用MachOView打开能找到方法名，但是在Xcode中调试还是不显示。
我是重签名后安装在非越狱手机上跑的。

看不懂，哎！录一段视频来看看？？？

New Version class dump error

I have replaced the class dump by https://github.com/nygard/class-dump

and get an error

/restore-symbol/class-dump/Source/CDLCBuildVersion.m:18:14: error: use of undeclared identifier 'PLATFORM_IOSMAC'

maybe this issue could be fine nygard/class-dump#92

恢复swift混编失败

Scan OC method in mach-o-file.
2018-11-25 14:37:54.450 restore-symbol[8066:588336] *** Assertion failure in -[CDObjectiveC2Processor loadClassAtAddress:], /Users/yifang/restore-symbol/class-dump/Source/CDObjectiveC2Processor.m:258
2018-11-25 14:37:54.452 restore-symbol[8066:588336] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Invalid parameter not satisfying: moduleName.length == length'
*** First throw call stack:
(
0 CoreFoundation 0x00007fff4a479e65 __exceptionPreprocess + 256
1 libobjc.A.dylib 0x00007fff764d4720 objc_exception_throw + 48
2 CoreFoundation 0x00007fff4a494ab2 +[NSException raise:format:arguments:] + 98
3 Foundation 0x00007fff4c838d1d -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 194
4 restore-symbol 0x000000010f53a821 -[CDObjectiveC2Processor loadClassAtAddress:] + 2826
5 restore-symbol 0x000000010f53831c -[CDObjectiveC2Processor loadClasses] + 243
6 restore-symbol 0x000000010f53563c -[CDObjectiveCProcessor process] + 391
7 restore-symbol 0x000000010f522e9b -[CDClassDump processObjectiveCData] + 344
8 restore-symbol 0x000000010f51828f restore_symbol + 831
9 restore-symbol 0x000000010f520212 main + 482
10 libdyld.dylib 0x00007fff775a308d start + 1
11 ??? 0x0000000000000006 0x0 + 6
)
libc++abi.dylib: terminating with uncaught exception of type NSException
Abort trap: 6

maximum recursion depth exceeded while calling a Python object Traceback (most recent call last):

maximum recursion depth exceeded while calling a Python object
Traceback (most recent call last):

出错在这一行

 superBlockName = findBlockName(superBlockFuncAddr)

'CDExtensions.h' file not found

restore-symbol.pch:15:9: fatal error:
'CDExtensions.h' file not found
#import "CDExtensions.h"
^~~~~~~~~~~~~~~~
1 error generated.

从json 文件恢复，报错，提示 not found in the image

=========== Start =============
Scan OC method in mach-o-file.
Scan OC method finish.
Parse symbols in json file.
Parse finish.
2017-12-27 21:07:14.885 restore-symbol[62865:724524] Address(1c5001) not found in the image

architecture: x86_64恢复后无法symbolic断点

恢复的是macOS端的可执行文件，最后debug的时候无法symbolic断点

UIKIt二进制文件恢复出错

Error: Cannot find offset for address 0x201a5a5d188 in dataOffsetForAddress:
请问怎么回事

sub_开头的函数好像不能恢复

你好，我使用了你的restore-symbol，发现sub_开头的函数名还是没有恢复，两个dylib的大小是一样的，请指教一下！

搞什么？？？？

使用这个工具，执行的时候提示“Error: Couldn't get local architecture!” 然后本地的同名文件夹被强制删除了！那里面有我很重要的资料！！！

restore-symbol 任一瘦架构的时候命中断言(参数错误)

*** Assertion failure in -[CDObjectiveC2Processor loadClassAtAddress:], ~/restore-symbol/class-dump/Source/CDObjectiveC2Processor.m:258
2018-12-05 16:03:43.945 restore-symbol[887:6136039] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Invalid parameter not satisfying: moduleName.length == length'
*** First throw call stack:
(
0 CoreFoundation 0x00007fff485f3e65 __exceptionPreprocess + 256
1 libobjc.A.dylib 0x00007fff7464f720 objc_exception_throw + 48
2 CoreFoundation 0x00007fff4860eab2 +[NSException raise:format:arguments:] + 98
3 Foundation 0x00007fff4a9b2d1d -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 194
4 restore-symbol 0x000000010f0f634b -[CDObjectiveC2Processor loadClassAtAddress:] + 2821
5 restore-symbol 0x000000010f0f3e4e -[CDObjectiveC2Processor loadClasses] + 243
6 restore-symbol 0x000000010f0f1158 -[CDObjectiveCProcessor process] + 391
7 restore-symbol 0x000000010f0de9aa -[CDClassDump processObjectiveCData] + 344
8 restore-symbol 0x000000010f0d3dff restore_symbol + 831
9 restore-symbol 0x000000010f0dbd36 main + 482
10 libdyld.dylib 0x00007fff7571e08d start + 1
11 ??? 0x0000000000000004 0x0 + 4
)
libc++abi.dylib: terminating with uncaught exception of type NSException
[1] 887 abort ./restore-symbol Douban_arm64 -o Douban_64

如果是fat file，是分开还原再合并起来么?

还原部落冲突

第一次用Clutch dump 出来binary，然后restore-symbol 显示是fat file，然后lipo -thin armv7。就可以restore了。

第二次用Clutch dump ipa 文件，然后把mach-o文件拷贝出来，显示无法识别architecture, 再次lipo，然后restore，重签名。

然后安装，安装以后，游戏就卡在同意条款的地方，一直谈条款。所以如果是fat file 还要在用lipo 把armv7 和 arm64 打包回去。

请问如何用xcode调试其他app的

作者你好，请问如何用xcode调试其他app的，多谢！

提示 Invalid parameter not satisfying: moduleName.length == length

➜  restore-symbol git:(master) ./restore-symbol /Applications/WeChat.app/Contents/MacOS/WeChat -o /Applications/WeChat.app/Contents/MacOS/WeChat_
=========== Start =============
Scan OC method in mach-o-file.
2021-03-19 22:07:48.900 restore-symbol[18374:183787] *** Assertion failure in -[CDObjectiveC2Processor loadClassAtAddress:], CDObjectiveC2Processor.m:258
2021-03-19 22:07:48.901 restore-symbol[18374:183787] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Invalid parameter not satisfying: moduleName.length == length'
*** First throw call stack:
(
	0   CoreFoundation                      0x00007fff204f06af __exceptionPreprocess + 242
	1   libobjc.A.dylib                     0x00007fff202283c9 objc_exception_throw + 48
	2   CoreFoundation                      0x00007fff20519512 +[NSException raise:format:arguments:] + 88
	3   Foundation                          0x00007fff212d56c9 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 191
	4   restore-symbol                      0x00000001098cc33f -[CDObjectiveC2Processor loadClassAtAddress:] + 2709
	5   restore-symbol                      0x00000001098ca09a -[CDObjectiveC2Processor loadClasses] + 224
	6   restore-symbol                      0x00000001098c753f -[CDObjectiveCProcessor process] + 381
	7   restore-symbol                      0x00000001098b5f69 -[CDClassDump processObjectiveCData] + 300
	8   restore-symbol                      0x00000001098abaa7 restore_symbol + 823
	9   restore-symbol                      0x00000001098b352a main + 514
	10  libdyld.dylib                       0x00007fff20399621 start + 1
)
libc++abi.dylib: terminating with uncaught exception of type NSException
[1]    18374 abort      ./restore-symbol /Applications/WeChat.app/Contents/MacOS/WeChat -o


make 
** BUILD FAILED **


The following build commands failed:
    CompileC build/restore-symbol.build/Release/restore-symbol.build/Objects-normal/x86_64/CDStructureTable.o class-dump/Source/CDStructureTable.m normal x86_64 objective-c com.apple.compilers.llvm.clang.1_0.compiler
(1 failure)
make: *** [restore-symbol] Error 65

如何在 Xcode 中调试第三方应用

不好意思，因为我之前都是直接在控制台直接使用 lldb 远程动态调试的。看了博主的文章，直接在 Xcode 里面进行 lldb 调试还能直接看到调用栈，感觉很方便。

想请教下博主如何直接在 Xcode 里面对第三方应用进行调试呢？