iOS修改deubgserver调试所有APP

debugserver

1. 导出手机中任意一款APP签名

1
ldid -e ./bash > bash.entitlements

2. bash.entitlements文件内容

1
2
3
4
5
6
7
8
9
10
11
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>platform-application</key>
	<true/>
        <key>com.apple.private.security.no-container</key>
        <true/>
	<key>com.apple.private.skip-library-validation</key>
	<true/>
</dict>
</plist>

3. 导出debugserver中证书

debugserver可执行文件在/Developer/usr/bin/debugserver

1
ldid -e ./debugserver > debug.entitlements

4. 修改后的debug.entitlements文件

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
	<key>task_for_pid-allow</key>
	<true/>
	<key>com.apple.frontboard.debugapplications</key>
	<true/>
	<key>com.apple.springboard.debugapplications</key>
	<true/>
	<key>com.apple.backboardd.debugapplications</key>
	<true/>
	<key>com.apple.private.memorystatus</key>
	<true/>
	<key>get-task-allow</key>
	<true/>
	<key>run-unsigned-code</key>
	<true/>
	<key>com.apple.frontboard.launchapplications</key>
	<true/>
	<key>com.apple.private.cs.debugger</key>
	<true/>
	<key>com.apple.private.logging.diagnostic</key>
	<true/>
	<key>com.apple.backboardd.launchapplications</key>
	<true/>
  
  <key>com.apple.private.security.no-container</key>
	<true/>
  <key>com.apple.private.skip-library-validation</key>
	<true/>
  <key>platform-application</key>
	<true/>
</dict>
</plist>

5. 使用debug.entitlements文件对debugserver进行重新签名

1
ldid -Sdebug.entitlements debugserver

6. 上传到手机中

其他

文件瘦身

可以对debugserver进行瘦身减少文件大小(可选)

1
2
3
lipo   info debugserver												//查看文件架构
lipo -thin arm64 debugserver -o _debugserver   //瘦身
lipo。create  文件A  文件B  -output  文件C				 //架构合并

苹果codesign签名方式

1
2
codesign -d -vv debugserver    // 详细的签名信息
codesign -s - --entitlements ent.plist -f debugserver

常见问题

  • Failed to get connection from a remote gdb process

    1
    2
    3
    4
    5
    6
    7
    iPhone-7:~ root# debugserver 127.0.0.1:1111 -a UCWEB
    debugserver-@(#)PROGRAM:LLDB  PROJECT:lldb-900.3.85
     for arm64.
    Attaching to process UCWEB...
    Listening to port 1111 for a connection from localhost...
    Failed to get connection from a remote gdb process.
    Exiting.

    解决方案:

    1. USB连接可能不稳定,重新插拔一下。

    2. 设备上可能已经有一个进程占用了端口1111,导致无法连接,ps -e看下是否有debugserver已经在运行,是的话就使用killall -9 debugserver,或者直接尝试换一个调试端口。

    3. 可能是你签名debugserver的权限文件中包含以下权限导致

      1
      2
      3
      4
      5
      6
      7
      8
      <key>com.apple.security.network.server</key>
      <true/>
      <key>com.apple.security.network.client</key>
      <true/>
      <key>seatbelt-profiles</key>
      <array>
          <string>debugserver</string>
      </array>

  • failed to attach to process named

1
2
3
4
5
6
Phone-7:~ root# debugserver localhost:1111 -a UCWEB
debugserver-@(#)PROGRAM:LLDB  PROJECT:lldb-900.3.85
 for arm64.
Attaching to process UCWEB...
error: failed to attach to process named: ""
Exiting.

解决方案:找不到名字叫UCWEB的进程。尝试启动UCWEB后再执行命令即可。

  • rejecting incoming connection from ::ffff:127.0.0.1

    1
    2
    3
    4
    5
    6
    iPhone-7:~ root# debugserver *:1111 -a WeChat
    debugserver-@(#)PROGRAM:LLDB  PROJECT:lldb-900.3.57..2
     for arm64.
    Attaching to process WeChat...
    Listening to port 1111 for a connection from *...
    error: rejecting incoming connection from ::ffff:127.0.0.1 (expecting ::1)

    解决方案:
    解决办法是指定使用ipv4地址
    手机端:

    1
    iPhone-7:~ root# debugserver 127.0.0.1:1111 -a WeChat

    电脑端使用iproxy 2222 1111

    1
    (lldb) process connect connect://127.0.0.1:2222

参考文章

1
http://iosre.com/t/ios12-debugserver-lldb/14429