sledgeh4w / chomper Goto Github PK

View Code? Open in Web Editor NEW

205.0 205.0 58.0 144.46 MB

A lightweight emulation framework for emulating iOS executables and libraries.

License: MIT License

Python 100.00%

android elf emulator ios macho objc reverse-engineering unicorn

chomper's People

Contributors

Stargazers

Watchers

Forkers

crackercat wschxida shuaibibobo crewcutbro trouble-bao guiqi0101 yuzhouheike imzpy xbl2022 9540611855 longloo randlily headware onegithuber npc2000 mdr668 shuixi2013 smile1024me anla2z zhuke945 yiiff daerduotutu922 hhzkzt soul-cat lvshuaijun 123456789zws xiaoyintou lanbaicode justanhnt ta01st woozoo86 sailor-fly ac928 you3k dalianmengwei piowind lgq2015 lslfly houweifeng bigcatgit formerly 3234641 seconddog lee-yyds 0xcybershinigami vipsubing xuxu777xu kinglyu lukewangpy cev-code eeyhan sheation a-sk233 lokixue perrymud tututu-patch yfw123 huhu131112

chomper's Issues

[Solution] error about capstone

log

OSError: dlopen(/Users/abc/Documents/repos/chomper/venv/lib/python3.9/site-packages/capstone/lib/libcapstone.dylib, 0x0006): tried: '/Users/abc/Documents/repos/chomper/venv/lib/python3.9/site-packages/capstone/lib/libcapstone.dylib' (mach-o file, but is an incompatible architecture (have 'x86_64', need 'arm64')), '/System/Volumes/Preboot/Cryptexes/OS/Users/abc/Documents/repos/chomper/venv/lib/python3.9/site-packages/capstone/lib/libcapstone.dylib' (no such file), '/Users/abc/Documents/repos/chomper/venv/lib/python3.9/site-packages/capstone/lib/libcapstone.dylib' (mach-o file, but is an incompatible architecture (have 'x86_64', need 'arm64'))

solution:

1. git clone https://github.com/capstone-engine/capstone.git
2. cd capstone
3. ./make.sh mac-universal
4. replace file on venv/lib/python3.9/site-packages/capstone/lib

Can't create NSURLRequest object.

Crash with creating NSURLRequest object.

The reference code is:

NSMutableURLRequest *reqM = [NSMutableURLRequest requestWithURL:[NSURL URLWithString:@"https://www.google.com"]];

Code1:

def create_ns_url(emu, s):
    cls = objc_get_class(emu, "NSURL")
    alloc_sel = objc_sel_register_name(emu, "alloc")
    init_sel = objc_sel_register_name(emu, "initWithString:")
    space = emu.call_symbol("_objc_msgSend", cls, alloc_sel)
    return emu.call_symbol("_objc_msgSend", space, init_sel, create_ns_string(emu, s))


def create_ns_mutable_url_request(emu, s):
    ns_url_obj = create_ns_url(emu, s)
    cls = objc_get_class(emu, class_name="NSMutableURLRequest")
    sel = objc_sel_register_name(emu, "requestWithURL:")
    req_obj = emu.call_symbol("_objc_msgSend", cls, sel, ns_url_obj)
    return req_obj

Code2:

def create_ns_url(emu, s):
    cls = objc_get_class(emu, "NSURL")
    alloc_sel = objc_sel_register_name(emu, "alloc")
    init_sel = objc_sel_register_name(emu, "initWithString:")
    space = emu.call_symbol("_objc_msgSend", cls, alloc_sel)
    return emu.call_symbol("_objc_msgSend", space, init_sel, create_ns_string(emu, s))


def create_ns_mutable_url_request(emu, s):
    ns_url_obj = create_ns_url(emu, s)
    cls = objc_get_class(emu, class_name="NSMutableURLRequest")
    alloc_sel = objc_sel_register_name(emu, "alloc")
    init_sel = objc_sel_register_name(emu, "initWithString:")
    space = emu.call_symbol("_objc_msgSend", cls, alloc_sel)
    req_obj = emu.call_symbol("_objc_msgSend", space, init_sel, ns_url_obj)
    return req_obj

The crash happens on this line:

req_obj = emu.call_symbol("_objc_msgSend", cls, sel, ns_url_obj)
req_obj = emu.call_symbol("_objc_msgSend", space, init_sel, ns_url_obj)

Error Log:

2024-04-23 15:11:31,447 - __main__ - INFO: Start emulate at libobjc.A.dylib!0x1947ec460
2024-04-23 15:11:45,130 - __main__ - INFO: Registers: x0: 0x0000000000000000, x1: 0x00000000000772b8, x2: 0x0000000000000000, x3: 0x0000000000000001, x4: 0x000000005d3799ff [libsystem_c.dylib!0x18916e9ff], x5: 0x0000000000000000, x6: 0x0000000000000000, x7: 0x0000000000000036, x8: 0x000000000803c080, x9: 0x00000000000774f8, x10: 0x0000000000000000, x11: 0x000000024ed2f829 [libdyld.dylib!0x1800f3829], x12: 0x000000024ed12568 [libdyld.dylib!0x1800d6568], x13: 0x0000000000000000, x14: 0x000000000801000d, x15: 0x0000000000000000, x16: 0xfffffffffffffff6, x17: 0x0000000000000033, x18: 0x0000000000000000, x19: 0x0000000000000000, x20: 0x00000000000772b8, x21: 0x0000000000000000, x22: 0x000000005d3720a8 [libsystem_c.dylib!0x1891670a8], x23: 0x0000000000000001, x24: 0x0000000000000000, x25: 0x00000002e6d730f1 [libobjc.A.dylib!0x1cb75d0f1], x26: 0x00000009f1c28f90 [binary!0x10c128f90], x27: 0x00000002f500d000 [libobjc.A.dylib!0x1d99f7000], x28: 0x00000002f5f2b000 [libobjc.A.dylib!0x1da915000], x29: 0x00000000000772a0, x30: 0x000000002850e3f0 [libsystem_kernel.dylib!0x1ac3153f0]
2024-04-23 15:11:45,131 - __main__ - INFO: Trace stack: libsystem_kernel.dylib!0x1ac30b56c, libsystem_kernel.dylib!0x1ac3153ec, libsystem_kernel.dylib!0x1ac315598, libsystem_platform.dylib!0x1c8be956c, libdyld.dylib!0x1800f158c, libdyld.dylib!0x1800f1620, libdyld.dylib!0x1800f1994, libdyld.dylib!0x1800d1eb8, libdyld.dylib!0x1800d6570, libdyld.dylib!0x1800c9754, libsystem_c.dylib!0x1891670a4, libsystem_darwin.dylib!0x1c8ba9c68, libsystem_darwin.dylib!0x1c8ba4788, CFNetwork!0x180b174ac, libdispatch.dylib!0x1800a627c, libdispatch.dylib!0x180077cd4, CFNetwork!0x180b17688, libdispatch.dylib!0x1800a627c, libdispatch.dylib!0x180077cd4, CFNetwork!0x180c11360, libobjc.A.dylib!0x1947efb94, libobjc.A.dylib!0x19480f0b4, CFNetwork!0x180a4b75c, CFNetwork!0x180a4b658
Traceback (most recent call last):
  File "/Users/xxx/Documents/repos/chomper/venv/lib/python3.9/site-packages/chomper/core.py", line 200, in _start_emulate
    self.uc.emu_start(address, stop_addr)
  File "/Users/xxx/Documents/repos/chomper/venv/lib/python3.9/site-packages/unicorn/unicorn.py", line 550, in emu_start
    raise self._hook_exception
  File "/Users/xxx/Documents/repos/chomper/venv/lib/python3.9/site-packages/unicorn/unicorn.py", line 392, in wrapper
    return func(self, *args, **kwargs)
  File "/Users/xxx/Documents/repos/chomper/venv/lib/python3.9/site-packages/unicorn/unicorn.py", line 681, in _hook_intr_cb
    cb(self, intno, data)
  File "/Users/xxx/Documents/repos/chomper/venv/lib/python3.9/site-packages/chomper/core.py", line 417, in _interrupt_callback
    self._dispatch_syscall()
  File "/Users/xxx/Documents/repos/chomper/venv/lib/python3.9/site-packages/chomper/core.py", line 441, in _dispatch_syscall
    self.crash("Unhandled system call")
  File "/Users/xxx/Documents/repos/chomper/venv/lib/python3.9/site-packages/chomper/core.py", line 371, in crash
    raise EmulatorCrashedException(message)
chomper.exceptions.EmulatorCrashedException: Unhandled system call at libsystem_kernel.dylib!0x1ac30b56c
python-BaseException

2024-06-29 10:35:35,039 - main - INFO: Call symbol "__ZL9protocolsv"
2024-06-29 10:35:35,039 - main - INFO: Start emulate at libobjc.A.dylib!0x1947fb630
2024-06-29 10:35:35,051 - main - INFO: Call symbol "__objc_init"
2024-06-29 10:35:35,052 - main - INFO: Start emulate at libobjc.A.dylib!0x19480ae0c
Traceback (most recent call last):
File "/Users/kingking/Working/PycharmWorkPlace/reverse/IOS/chomper/examples/example_ios_bangbang.py", line 48, in
main()
File "/Users/kingking/Working/PycharmWorkPlace/reverse/IOS/chomper/examples/example_ios_bangbang.py", line 21, in main
emu = Chomper(
File "/Users/kingking/opt/anaconda3/envs/reverse/lib/python3.8/site-packages/chomper/core.py", line 98, in init
self.os.initialize()
File "/Users/kingking/opt/anaconda3/envs/reverse/lib/python3.8/site-packages/chomper/os/ios/os.py", line 293, in initialize
self._enable_objc()
File "/Users/kingking/opt/anaconda3/envs/reverse/lib/python3.8/site-packages/chomper/os/ios/os.py", line 259, in _enable_objc
self.resolve_modules(dependencies)
File "/Users/kingking/opt/anaconda3/envs/reverse/lib/python3.8/site-packages/chomper/os/ios/os.py", line 230, in resolve_modules
self.init_objc(module)
File "/Users/kingking/opt/anaconda3/envs/reverse/lib/python3.8/site-packages/chomper/os/ios/os.py", line 156, in init_objc
self._init_objc_vars()
File "/Users/kingking/opt/anaconda3/envs/reverse/lib/python3.8/site-packages/chomper/os/ios/os.py", line 140, in _init_objc_vars
self.emu.call_symbol("__objc_init")
File "/Users/kingking/opt/anaconda3/envs/reverse/lib/python3.8/site-packages/chomper/core.py", line 745, in call_symbol
return self._start_emulate(address, *args)
File "/Users/kingking/opt/anaconda3/envs/reverse/lib/python3.8/site-packages/chomper/core.py", line 210, in _start_emulate
self.uc.emu_start(address, stop_addr)
File "/Users/kingking/opt/anaconda3/envs/reverse/lib/python3.8/site-packages/unicorn/unicorn.py", line 550, in emu_start
raise self._hook_exception
File "/Users/kingking/opt/anaconda3/envs/reverse/lib/python3.8/site-packages/unicorn/unicorn.py", line 392, in wrapper
return func(self, *args, **kwargs)
File "/Users/kingking/opt/anaconda3/envs/reverse/lib/python3.8/site-packages/unicorn/unicorn.py", line 681, in _hook_intr_cb
cb(self, intno, data)
File "/Users/kingking/opt/anaconda3/envs/reverse/lib/python3.8/site-packages/chomper/core.py", line 439, in _interrupt_callback
AutomicInstruction(self, code).execute()
File "/Users/kingking/opt/anaconda3/envs/reverse/lib/python3.8/site-packages/chomper/instruction.py", line 19, in init
self._inst = next(self.emu.cs.disasm_lite(code, 0))
File "/Users/kingking/opt/anaconda3/envs/reverse/lib/python3.8/site-packages/capstone/init.py", line 1077, in disasm_lite
res = _cs.cs_disasm(self.csh, code, len(code), offset, count, ctypes.byref(all_insn))
ctypes.ArgumentError: argument 2: <class 'TypeError'>: wrong type

函数调用后的长度异常的问题

chomper主动调用的函数生成结果的长度与原始函数生成的结果长度有差别，chomper能否调试？

sledgeh4w / chomper Goto Github PK

chomper's People

Contributors

Stargazers

Watchers

Forkers

chomper's Issues

支持 mac os上面的可执行文件吗？

[Solution] error about capstone

Can't create NSURLRequest object.

macos 运行demo报错

函数调用后的长度异常的问题

Recommend Projects

React

Vue.js

Typescript

TensorFlow

Django

Laravel

D3

Recommend Topics

javascript

web

server

Machine learning

Visualization

Game

Recommend Org

Facebook

Microsoft

Google

Alibaba

D3

Tencent