最近发现MSHookFunction无论我怎么写都失效,我的手机是iPhone X Max ,非常苦恼。
void hooksvc8() {
long long gifIMFrameworkHeader = 0x0000000000000000;
long long sub854c98 = 0x0000000000000000;
long long sub33d4fc0 = 0x0000000000000000;
for (int i = 0; i < _dyld_image_count (); i++) {
char *pathCString = _dyld_get_image_name (i);
NSString *path = [[NSString alloc] initWithCString:pathCString encoding:NSUTF8StringEncoding];
// NSLog (@"path :%@", path);
if ([path containsString:@"gifBaseFramework"]) {
gifIMFrameworkHeader = _dyld_get_image_vmaddr_slide (i);
NSLog(@"gifIMFrameworkHeader :%#016llx",(long long)gifIMFrameworkHeader);
sub854c98 = gifIMFrameworkHeader + 0x854c98;
sub33d4fc0 = gifIMFrameworkHeader + 0x00000000033d4fc0;
}
}
MSHookFunction((void *)sub33d4fc0, (void *)sub_33d4fc0, (void *)&or_sub_33d4fc0);
NSLog(@"or_sub_33d4fc0 :%#016llx",or_sub_33d4fc0);
NSLog(@"sub33d4fc0 :%#016llx",(long long)sub33d4fc0);
NSLog(@"sub_33d4fc0 :%#016llx",(long long)sub_33d4fc0);
NSLog(@"打印结束");
MSHookFunction ((void *)sub854c98, (void *)sub_854c98, (void **)&or_sub_854c98);
}
每次调试都可以看到or_sub_33d4fc0和or_sub_854c98在执行hook之后都是0x000000.
于是我试了下我手机越狱之后系统自带,居然可以hook到,无语。。。
到此解决了手机CydiaSubstrate失效的问题,当然这个库也可在非IPhone X max 手机上使用,但是系统要满足这个俩库要求的最低系统,iOS11.0。
文件名字做了一些更改,这里要多导入一个libsubstitute.dylib,别的到没多什么。
这个俩动态库要求iOS11系统以上。
更改文件名字后,目录结构如下:
WX20200418-033650@2x.png
以下题外话:
我把我手机里的CydiaSubstrate提取出来,对比了下以下,以前的CydiaSubstrate。
WX20200418-032418@2x.png
这个sharedLibrary(???)居然 是Arm64e,MachOView由于很久没更新没识别出来。就连Appstore所有的App都没这Arm64e。唯一有的只有系统的文件包含这个Arm64e。
官方的解释:
https://developer.apple.com/documentation/security/preparing_your_app_to_work_with_pointer_authentication?language=objc
我们的动态库和App也可以测试这个这个Arm64e。如官方所说:
WX20200418-033001@2x.png
就这样就可以编译出这个arm64e.但是苹果不允许提交到appstore.
了解这么多,我就把手机导出的CydiaSubstrate.framework导到编译用的文件但是必须编写脚本更改动态库问题,代码如下:
cp -rf "${SRCROOT}/InjectionFrameworks/CydiaSubstrate.framework" "$TARGET_APP_FRAMEWORKS_PATH"
/usr/bin/codesign --force --sign "$EXPANDED_CODE_SIGN_IDENTITY" "$TARGET_APP_FRAMEWORKS_PATH/CydiaSubstrate.framework/libsubstitute.dylib"
install_name_tool -change "/Library/Frameworks/CydiaSubstrate.framework/CydiaSubstrate" "@rpath/CydiaSubstrate.framework/CydiaSubstrate" "$TARGET_APP_FRAMEWORKS_PATH/InjectionFrameworks.framework/InjectionFrameworks"
install_name_tool -change "/usr/lib/libsubstrate.dylib" "@rpath/CydiaSubstrate.framework/CydiaSubstrate" "$TARGET_APP_FRAMEWORKS_PATH/InjectionFrameworks.framework/InjectionFrameworks"
install_name_tool -change "/usr/lib/libsubstitute.0.dylib" "@rpath/libsubstitute.dylib" "$TARGET_APP_FRAMEWORKS_PATH/CydiaSubstrate.framework/CydiaSubstrate"
install_name_tool -add_rpath "@executable_path" "$TARGET_APP_FRAMEWORKS_PATH/CydiaSubstrate.framework/CydiaSubstrate"
install_name_tool -add_rpath "@rpath" "$TARGET_APP_FRAMEWORKS_PATH/CydiaSubstrate.framework/CydiaSubstrate"
install_name_tool -add_rpath "@loader_path" "$TARGET_APP_FRAMEWORKS_PATH/CydiaSubstrate.framework/CydiaSubstrate"
install_name_tool -add_rpath "@executable_path/../Frameworks" "$TARGET_APP_FRAMEWORKS_PATH/CydiaSubstrate.framework/CydiaSubstrate"
可能是CydiaSubstrate更新了??,也可能跟A12芯片有关系
网友评论