常见问题Failed to get connection from a remote gdb process现象用debugserver去调试抖音debugserver -x auto 0.0.0.0:20221 /private/var/containers/Bundle/Application/9AB25481-0AD3-435C-A02E-68F9623535BB/Aweme.app/Aweme报错iPhone7P-1341:~/forDebug root# debugserver -x auto 0.0.0.0:20221 /private/var/containers/Bundle/Application/9AB25481-0AD3-435C-A02E-68F9623535BB/Aweme.app/Aweme debugserver-(#)PROGRAM:LLDB PROJECT:lldb-900.3.104 for arm64. Listening to port 20221 for a connection from 0.0.0.0... Failed to get connection from a remote gdb process. Exiting.原因iPhone7P中的debugserver多了额外的权限com.apple.security.network.servercom.apple.security.network.clientseatbelt-profiles导致不允许连接进程去调试解决办法去掉权限具体步骤用去掉了上述权限keyseatbelt-profiles/key array stringdebugserver/string /array ... keycom.apple.security.network.server/key true/ keycom.apple.security.network.client/key true/的entitlements文件debugserver_noSecurity.entitlements?xml version1.0 encodingUTF-8? !DOCTYPE plist PUBLIC -//Apple//DTD PLIST 1.0//EN http://www.apple.com/DTDs/PropertyList-1.0.dtd plist version1.0 dict keycom.apple.springboard.debugapplications/key true/ keycom.apple.backboardd.launchapplications/key true/ keycom.apple.backboardd.debugapplications/key true/ keycom.apple.frontboard.launchapplications/key true/ keycom.apple.frontboard.debugapplications/key true/ keycom.apple.private.logging.diagnostic/key true/ keycom.apple.private.memorystatus/key true/ keycom.apple.private.cs.debugger/key true/ keyget-task-allow/key true/ keytask_for_pid-allow/key true/ keyrun-unsigned-code/key true/ /dict /plist加到debugserver中 重新给debugserver签名推荐用codesigncodesign -f -s - --entitlements debugserver_noSecurity.entitlements debugserver或iOS 15也可以用ldidldid -Sdebugserver_noSecurity.entitlements debugserver再放到iPhone中拷贝到iPhone中scp debugserver root192.168.0.58:/usr/bin即可。Failed to open log file for writing: errno 1 (Operation not permitted)现象用debugserver调试程序带日志参数debugserver -l debugservr_20220107_1050.log 0.0.0.0:20221 -a 8829报错iPhone7P-1341:~ root# debugserver -l debugservr_20220107_1050.log 0.0.0.0:20221 -a 8829 Failed to open log file debugservr_20220107_1050.log for writing: errno 1 (Operation not permitted)debugserver-(#)PROGRAM:LLDB PROJECT:lldb-900.3.104 for arm64. ...原因表面原因debugserver没有写入日志文件的权限深层次原因当前debugserver的权限entitlements中有keyseatbelt-profiles/key array stringdebugserver/string /array意思是给debugserver开启了Sandbox导致没有各种的包括文件写入的权限解决办法把debugserver的entitlements权限中去掉keyseatbelt-profiles/key array stringdebugserver/string /array注再重签名debugserver写回iPhone即可。Segmentation fault: 11现象debugserver调试抖音报错iPhone7P-1341:~ root# debugserver 0.0.0.0:20221 -a 8829 debugserver-(#)PROGRAM:LLDB PROJECT:lldb-900.3.104 for arm64. Attaching to process 8829... Segmentation fault: 11原因此处的iOS的app抖音内部做了反调试使得此处调试中断无法继续调试解决办法深入逆向对应app找到反调试的逻辑进行反反调试概述此处抖音的反调试手段是二进制AwemeCore中用svc 0x80的内联汇编实现的syscall的ptrace的PT_DENY_ATTACH此处反反调试破解反调试的手段是把AwemeCore中的svc 0x80指令替换成空指令NOP指令对于更全面的iOS应用安全保护可以使用混淆工具如IpaGuard。IpaGuard是一款强大的iOS IPA文件混淆工具无需源码即可对代码和资源进行混淆加密支持多种开发平台有效增加反编译和反调试难度。