您的位置:首页 > 教育 > 培训 > 云游戏网站在线玩_应用商店官方免费下载_搜索引擎优化结果_如何免费做网站推广的

云游戏网站在线玩_应用商店官方免费下载_搜索引擎优化结果_如何免费做网站推广的

2025/3/16 19:51:13 来源:https://blog.csdn.net/uiop_uiop_uiop/article/details/146210472  浏览:    关键词:云游戏网站在线玩_应用商店官方免费下载_搜索引擎优化结果_如何免费做网站推广的
云游戏网站在线玩_应用商店官方免费下载_搜索引擎优化结果_如何免费做网站推广的

断SVC的时候看调用栈,发现里面一个特别大的ollvm函数。vx版本8054

* thread #36, queue = 'com.apple.root.default-qos', stop reason = breakpoint 4.1
    frame #0: 0x0000000111ad6124 WeChat`___lldb_unnamed_symbol1315083 + 20
WeChat`___lldb_unnamed_symbol1315083:
->  0x111ad6124 <+20>: svc    #0x80
    0x111ad6128 <+24>: b.lo   0x111ad6140               ; <+48>
    0x111ad612c <+28>: stp    x29, x30, [sp, #-0x10]!
    0x111ad6130 <+32>: mov    x29, sp
Target 0: (WeChat) stopped.

X0  0000000000000154 | T....... |
X1  0000000281B1EAE0 | ........ | => "/Library/MobileSubstrate"
X2  000000017094B6B0 | ...p.... | => "0"
X3  000000017094C020 |  ..p.... | => 0x17094ED10 => 0x17094ED90 => 0x17094EE30 => 0x17094EE70 => 0x17094EE90 => 0x17>
X4  0000000111C037E8 | .7...... | => `___lldb_unnamed_symbol1315105 + 0x1A88`
X5  0000009200A0FDF8 | ........ |
X6  00000001A68172A4 | .r...... | => `nanov2_calloc$VARIANT$armv81 + 0x94`
X7  0000000000000030 | 0....... |
X8  00000000FFFFFF80 | ........ |
X9  000000008EAD5E99 | .^...... |
X10 00000000F6CE104E | N....... |

(lldb) bt
* thread #36, queue = 'com.apple.root.default-qos', stop reason = breakpoint 4.1
  * frame #0: 0x0000000111ad6124 WeChat`___lldb_unnamed_symbol1315083 + 20
    frame #1: 0x0000000111ce8440 WeChat`___lldb_unnamed_symbol1315153 + 24
    frame #2: 0x0000000111c037e8 WeChat`___lldb_unnamed_symbol1315105 + 6792
    frame #3: 0x0000000111cf6d3c WeChat`___lldb_unnamed_symbol1315167 + 52292
    frame #4: 0x0000000111ce8880 WeChat`___lldb_unnamed_symbol1315161 + 100
    frame #5: 0x000000010155b8c0 WeChat`___lldb_unnamed_symbol35227 + 80
(lldb) ab
Adjusted Backtrace Addresses:
  frame #0:  0x111ad6124  0x110c86124 - WeChat -
  frame #1:  0x111ce8440  0x110e98440 - WeChat -
  frame #2:  0x111c037e8  0x110db37e8 - WeChat -
  frame #3:  0x111cf6d3c  0x110ea6d3c - WeChat -
  frame #4:  0x111ce8880  0x110e98880 - WeChat -
  frame #5:  0x10155b8c0  0x10070b8c0 - WeChat -
(lldb)

第二个svc

* thread #36, queue = 'com.apple.root.default-qos', stop reason = breakpoint 4.1
    frame #0: 0x0000000111ad6124 WeChat`___lldb_unnamed_symbol1315083 + 20
WeChat`___lldb_unnamed_symbol1315083:
->  0x111ad6124 <+20>: svc    #0x80
    0x111ad6128 <+24>: b.lo   0x111ad6140               ; <+48>
    0x111ad612c <+28>: stp    x29, x30, [sp, #-0x10]!
    0x111ad6130 <+32>: mov    x29, sp
Target 0: (WeChat) stopped.
(lldb) ad
{"errcode": 0, "msg": "ok", "data": "goto_address|||0x110c86124"}
IDA Offset: 0x110c86124
(lldb) bt
* thread #36, queue = 'com.apple.root.default-qos', stop reason = breakpoint 4.1
  * frame #0: 0x0000000111ad6124 WeChat`___lldb_unnamed_symbol1315083 + 20
    frame #1: 0x0000000111ce841c WeChat`___lldb_unnamed_symbol1315152 + 24
    frame #2: 0x0000000111cf70bc WeChat`___lldb_unnamed_symbol1315167 + 53188
    frame #3: 0x0000000111ce8880 WeChat`___lldb_unnamed_symbol1315161 + 100
    frame #4: 0x000000010155b8c0 WeChat`___lldb_unnamed_symbol35227 + 80
(lldb) ab
Adjusted Backtrace Addresses:
  frame #0:  0x111ad6124  0x110c86124 - WeChat -
  frame #1:  0x111ce841c  0x110e9841c - WeChat -
  frame #2:  0x111cf70bc  0x110ea70bc - WeChat -
  frame #3:  0x111ce8880  0x110e98880 - WeChat -
  frame #4:  0x10155b8c0  0x10070b8c0 - WeChat -
(lldb)

X0  0000000000000152 | R....... |
X1  0000000281B85980 | .Y...... | => "/Applications/Cydia.app"
X2  000000017094E150 | P..p.... | => ""
X3  000000017094ED10 | ...p.... | => 0x17094ED90 => 0x17094EE30 => 0x17094EE70 => 0x17094EE90 => 0x17094EEB0 => 0x17>
X4  0000000111CF70BC | .p...... | => `___lldb_unnamed_symbol1315167 + 0xCFC4`
X5  00000002829580A8 | ........ |
X6  000000017094BB30 | 0..p.... |
X7  0000000282958030 | 0....... | => 0x281B85980 => "/Applications/Cydia.app"
X8  000000017094E150 | P..p.... | => ""
X9  00000000BB85CDAE | ........ |
X10 00000000BB85CDAE | ........ |
X11 00000000635FDECA | .._c.... |
X12 00000000FFFFFFFD | ........ |
X13 0000010000000000 | ........ |
X14 00000000FA753DB5 | .=u..... |
X15 00000000C12A8D41 | A.*..... |
X16 0000000000000000 | ........ |
X17 0000000000000001 | ........ |
X18 0000000000000000 | ........ |
X19 000000017094C030 | 0..p.... |
X20 00000000F3A96282 | .b...... |
X21 000000017094BC90 | ...p.... | => 0x281B85900 => "smc_core.cc:ReportIDKeyWithUin"
X22 000000017094D820 |  ..p.... | => 0x17094E150 => ""
X23 00000000000000A8 | ........ |
X24 000000017094C030 | 0..p.... |
X25 000000017094CA60 | `..p.... |
X26 00000000E115B598 | ........ |
X27 000000004D06AE2D | -..M.... |

x1字符串一直在变,在做越狱检测

ni执行系统调用后:

X0  0000000000000000 | ........ |
X1  0000000000000000 | ........ |
X2  000000017094E150 | P..p.... | => ""
X3  000000017094ED10 | ...p.... | => 0x17094ED90 => 0x17094EE30 => 0x17094EE70 => 0x17094EE90 => 0x17094EEB0 => 0x17>
X4  0000000111CF70BC | .p...... | => `___lldb_unnamed_symbol1315167 + 0xCFC4`
X5  00000002829580A8 | ........ |
X6  000000017094BB30 | 0..p.... |
X7  0000000282958030 | 0....... | => 0x281B85980 => "/Applications/Cydia.app"
X8  000000017094E150 | P..p.... | => ""
X9  00000000BB85CDAE | ........ |
X10 00000000BB85CDAE | ........ |
X11 00000000635FDECA | .._c.... |
X12 00000000FFFFFFFD | ........ |
X13 0000010000000000 | ........ |
X14 00000000FA753DB5 | .=u..... |
X15 00000000C12A8D41 | A.*..... |
X16 0000000000000000 | ........ |
X17 0000000000000001 | ........ |
X18 0000000000000000 | ........ |
X19 000000017094C030 | 0..p.... |
X20 00000000F3A96282 | .b...... |
X21 000000017094BC90 | ...p.... | => 0x281B85900 => "smc_core.cc:ReportIDKeyWithUin"
X22 000000017094D820 |  ..p.... | => 0x17094E150 => ""
X23 00000000000000A8 | ........ |
X24 000000017094C030 | 0..p.... |
X25 000000017094CA60 | `..p.... |
X26 00000000E115B598 | ........ |
X27 000000004D06AE2D | -..M.... |

后面又来一个/bin/bash,ni执行,X0  0000000000000001 | ........ |
X1  0000000000000000 | ........ |

/private/jailbreak.txt 执行完x0 = 1

还有一个 frida-server的字符串出现过

X0  0000000000000152 | R....... |
X1  000000017094BD90 | ...p.... | => "/System/Library/Caches/com.apple.dyld/dyld_shared_cache_arm64"
X2  000000017094BC60 | `..p.... |
X3  000000017094ED10 | ...p.... | => 0x17094ED90 => 0x17094EE30 => 0x17094EE70 => 0x17094EE90 => 0x17094EEB0 => 0x17>
X4  0000000111D6C90C | ........ | => `___lldb_unnamed_symbol1315167 + 0x82814`
X5  0000000000000000 | ........ |
X6  00000000000000A0 | ........ |
X7  000000017094BCA0 | ...p.... |
X8  000000017094BCF8 | ...p.... | => 0x17094BD90 => "/System/Library/Caches/com.apple.dyld/dyld_shared_cache_arm64"
X9  0000000000000001 | ........ |
X10 00000000ECA4B8A8 | ........ |
X11 0000000000000000 | ........ |
X12 000000017094E868 | h..p.... |
X13 000000000000000E | ........ |
X14 000000001A3E1F71 | q.>..... |
X15 00000000CFBDBA29 | )....... |
X16 0000000000000000 | ........ |
X17 00000000D2FB9DC9 | ........ |
X18 0000000000000000 | ........ |
X19 000000017094C030 | 0..p.... |
X20 00000000200DF33F | ?.. .... |
X21 000000017094E828 | (..p.... | => 0x17094BFE0 => "127.0.0.1"
X22 00000000AADA2D19 | .-...... |
X23 000000006EE6462D | -F.n.... |
X24 000000005E5626A5 | .&V^.... |
X25 000000017094D824 | $..p.... | => ""
X26 000000017094E828 | (..p.... | => 0x17094BFE0 => "127.0.0.1"
X27 000000012B82A808 | ...+.... | => 0x11A98B920

ni

X0  0000000000000000 | ........ |
X1  0000000000000000 | ........ |

X0  0000000000000152 | R....... |
X1  000000017094BF50 | P..p.... | => "/System/Library/CoreServices/SystemVersion.plist"
X2  000000017094E150 | P..p.... |
X3  000000017094ED10 | ...p.... | => 0x17094ED90 => 0x17094EE30 => 0x17094EE70 => 0x17094EE90 => 0x17094EEB0 => 0x17>
X4  0000000111D6C6AC | ........ | => `___lldb_unnamed_symbol1315167 + 0x825B4`
X5  0000000000000000 | ........ |
X6  00000000000000A0 | ........ |
X7  000000017094BCA0 | ...p.... |
X8  000000017094E150 | P..p.... |
X9  00000000D1A786CB | ........ |
X10 00000000D1A786CB | ........ |
X11 000000000000005E | ^....... |
X12 000000017094D028 | (..p.... |
X13 000000000000005B | [....... |

ni

0

* thread #36, queue = 'com.apple.root.default-qos', stop reason = breakpoint 2.1
    frame #0: 0x0000000111ad60f8 WeChat`___lldb_unnamed_symbol1315081 + 4
WeChat`___lldb_unnamed_symbol1315081:
->  0x111ad60f8 <+4>: svc    #0x80
    0x111ad60fc <+8>: ret

WeChat`___lldb_unnamed_symbol1315082:
    0x111ad6100 <+0>: mov    x16, #-0x2f
    0x111ad6104 <+4>: svc    #0x80
Target 0: (WeChat) stopped.

(lldb) ab
Adjusted Backtrace Addresses:
  frame #0:  0x111ad60f8  0x110c860f8 - WeChat -
  frame #1:  0x111d87e28  0x110f37e28 - WeChat -
  frame #2:  0x111ce8880  0x110e98880 - WeChat -
  frame #3:  0x10155b8c0  0x10070b8c0 - WeChat -
(lldb) bt
* thread #36, queue = 'com.apple.root.default-qos', stop reason = breakpoint 2.1
  * frame #0: 0x0000000111ad60f8 WeChat`___lldb_unnamed_symbol1315081 + 4
    frame #1: 0x0000000111d87e28 WeChat`___lldb_unnamed_symbol1315167 + 646448
    frame #2: 0x0000000111ce8880 WeChat`___lldb_unnamed_symbol1315161 + 100
    frame #3: 0x000000010155b8c0 WeChat`___lldb_unnamed_symbol35227 + 80
(lldb)

版权声明:

本网仅为发布的内容提供存储空间,不对发表、转载的内容提供任何形式的保证。凡本网注明“来源:XXX网络”的作品,均转载自其它媒体,著作权归作者所有,商业转载请联系作者获得授权,非商业转载请注明出处。

我们尊重并感谢每一位作者,均已注明文章来源和作者。如因作品内容、版权或其它问题,请及时与我们联系,联系邮箱:809451989@qq.com,投稿邮箱:809451989@qq.com