tree-flys-iPhone-7:~/bfinject root# bash bfinject -P AVPlayer.app -L test [+] Electra detected. bfinject: md5: command not found bfinject: md5: command not found [+] Injecting into '/var/containers/Bundle/Application/B36F534E-DF04-4BBF-987B-EED3E4B3A6AC/AVPlayer.app/AVPlayer' [+] Getting Team ID from target application... [+] Thinning dylib into non-fat arm64 image [+] Signing injectable .dylib with Team ID DR9UPY28XM and platform entitlements... jtool /bootstrap/usr/local/bin/ signing error. barfing.
分析 md5: command not found原因
报错的代码行:
# Use random filenames to avoid cached binaries causing "Killed: 9" messages. RAND=`ddif=/dev/random bs=1 count=16 2>/dev/null | md5` RANDOM_NAME="${INJECTOR%/*}/`dd if=/dev/random bs=1 count=16 2>/dev/null | md5`"
看上去md5文件缺失,这个比较好解决
tree-flys-iPhone-7:~/bfinject root# md5 bash: md5: command not found
tree-flys-iPhone-7:~/bfinject root# bash bfinject -P AVPlayer.app -L test [+] Electra detected. *** RAND = 1c9cf2572f0064d69005b0e4bd2ae5a2 *** RANDOM_NAME = /bootstrap/usr/local/bin/91432177bcba40fb1d026bcf83203e13 [+] Injecting into '/var/containers/Bundle/Application/B36F534E-DF04-4BBF-987B-EED3E4B3A6AC/AVPlayer.app/AVPlayer' [+] Getting Team ID from target application... [+] Thinning dylib into non-fat arm64 image [+] Signing injectable .dylib with Team ID DR9UPY28XM and platform entitlements... [bfinject4realz] Calling task_for_pid() for PID 2627. [bfinject4realz] Calling thread_create() on PID 2627 [bfinject4realz] Looking for ROP gadget... found at 0x1849b7118 [bfinject4realz] Fake stack frame at 0x108998000 [bfinject4realz] Calling _pthread_set_self() at 0x184c8471c... [bfinject4realz] Returned from '_pthread_set_self' [bfinject4realz] Calling dlopen() at 0x1849b6e7c... [bfinject4realz] Returned from 'dlopen' [bfinject4realz] Success! Library was loaded at 0x1c0167bc0 [+] So long and thanks for all the fish.
