sskaje's blog, study & research on technology
using GraphicsMagick
Convert full page to %d.png
|
1 |
gm convert -verbose -density 200 aaa.pdf -quality 100 -sharpen 0x1.0 +adjoin aaa-%d.png 2>&1"; |
Convert first page
|
1 |
gm convert -verbose -density 200 aaa.pdf[0] -quality 100 -sharpen 0x1.0 +adjoin aaa-%d.png 2>&1"; |
调试某软件,需要取到断点时候的内存数据。
之前是每次到断点,一个地址一个地址地 p 或者 memory read,后来看到 breakpoint command 命令,于是有了:
添加断点
|
1 2 |
(lldb) breakpoint set -a 0x100110000 Breakpoint 1: where = someapp`___lldb_unnamed_symbol10122$$global, address = 0x0000000100110000 |
添加命令
|
1 2 |
(lldb) breakpoint command add 1.1 Enter your debugger command(s). Type 'DONE' to end. |
输入命令
|
1 2 3 |
> memory read -f Y -c 0x100 $x1 > memory read -f Y -c 0x100 $x2 > DONE |
这样,每次运行到断点的时候,就会执行这两条命令。
iPhone 5s, iOS 11.1
Jailbroken by Electra
Cydia Impactor and a new Apple ID required (You can use your own Apple ID at your risk).
If any error occurs on Cydia Impactor, try to login in Xcode and remove useless app/cert.
Trust your developer certificate in iOS Settings => General => Profiles & Device Management => DEVELOPER APP.
helloworld.c
|
1 2 3 4 5 6 |
#include <stdio.h> int main() { printf("Hello, world!\n"); return 0; } |
build
|
1 |
clang -arch arm64 -mios-version-min=10.2 -isysroot /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/ -o helloworld helloworld.c |
sign with jtool
|
1 |
ARCH=arm64 jtool --sign --ent ent.xml helloworld |
ent.xml
|
1 2 3 4 5 6 7 8 |
<?xml version="1.0" encoding="UTF-8"?> <!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>platform-application</key> <true/> </dict> </plist> |
upload and run helloworld
|
1 2 3 4 5 |
iPhone:~ root# /tmp/helloworld -sh: /tmp/helloworld: Operation not permitted iPhone:~ root# mv /tmp/helloworld /bin/ iPhone:~ root# helloworld Hello, world! |
If this binary is not signed with platform-application entitlement, it will get a ‘Killed’ if it’s under /bin/
I wrote a cli based memory editor, which requires more than a hello world.
1 entitlements
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd"> <plist version="1.0"> <dict> <key>com.apple.springboard.debugapplications</key> <true/> <key>get-task-allow</key> <true/> <key>proc_info-allow</key> <true/> <key>task_for_pid-allow</key> <true/> <key>run-unsigned-code</key> <true/> <key>platform-application</key> <true/> </dict> </plist> |
2 patch_setuid() from coolstar’s example. But I’m using code from electra’s cydia fork, also mentioned after his example.
3 Special thanks to ThisTakenIsUsername.
我的阿里云服务器网络处于混合过度模式,逐步从经典网络往专有网络迁移。
之前每台经典网络主机都申请了公网IP和带宽,实际上对于大多数主机的业务而言,并不需要对外提供网络服务,只需要能访问外网即可。
所以这次新加的主机部分都没有去加弹性公网IP。
于是带来了问题:内网主机如何访问外网?
阿里云的dnat方案太贵了。不考虑。
尝试过本地配置网关,但是实验证明,阿里云的VPC交换机不是一个纯粹的二层交换,也许是设计有问题,也许是刻意阻止用户自己拿一台能访问公网的主机当内网网关。
所以这次使用WireGuard实现网络架构调整。
阿里云的经典网络主机里加了几条默认的路由:
|
1 2 3 |
10.0.0.0/8 172.16.0.0/12 100.64.0.0/10 |
前两个都好说,第三个是运营商级的NAT网络地址,之前在 OpenVPN Site-to-Site VPN between Asus Merlin And Ubnt EdgeRouter 里提过贵州电信的光纤网络对外就是这个地址段。
WireGuard的配置过程参考之前的文章,此处不多解释,只贴配置。
Continue reading “使用WireGuard为阿里云专有网络主机提供外网访问” »
这里只说 AssetBundle,只有思路。
1 废话般前提:逻辑上 AssetBundle 文件加密后肯定是需要解密了,再进行加载。
2 Unity 加载AssetBundle文件可以使用 AssetBundle.LoadFromFile,加载内存流可以用AssetBundle.LoadFromMemory 和 AssetBundle.LoadFromStream。
这些方法对应还有代Async后缀的异步加载方法。
文档在:https://docs.unity3d.com/ScriptReference/AssetBundle.html
3 打断点,看backtrace。
4 慢慢调试。
在我这个场景里,il2cpp dump是没有需求的。
贴一个bt
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 |
* thread #1, queue = 'com.apple.main-thread', stop reason = breakpoint 1.1 * frame #0: 0x0000000101234a68 global`AssetBundle_LoadFromMemory_m412557059 frame #1: 0x000000010025a610 global`U3CLoadDynamicAssetBundleU3Ec__AnonStorey3_U3CU3Em__0_m1954562509 + 72 frame #2: 0x000000010013a09c global`MainThreadDispatcher_SendAndWait_m4140732116 + 192 frame #3: 0x0000000100259414 global`AssetBundleLoader_LoadDynamicAssetBundle_m153660618 + 540 frame #4: 0x0000000100259e70 global`AssetBundleLoader_Load_m859069093 + 732 frame #5: 0x000000010072930c global`SpriteLoader_Load_m3286678683 + 1784 frame #6: 0x00000001005327c0 global`ExtImage_Awake_m3150663317 + 456 frame #7: 0x00000001017d6ad0 global`RuntimeInvoker_Void_t1841601450(MethodInfo const*, void*, void**) + 28 frame #8: 0x00000001021a1e24 global`il2cpp::vm::Runtime::Invoke(MethodInfo const*, void*, void**, Il2CppException**) + 68 frame #9: 0x0000000101c035f4 global`ScriptingInvocation::Invoke(Il2CppException**, bool) + 60 frame #10: 0x0000000101c0352c global`ScriptingInvocation::InvokeChecked(Il2CppException**) + 68 frame #11: 0x0000000101ce10ac global`MonoBehaviour::CallMethodInactive(ScriptingMethodIl2Cpp) + 88 frame #12: 0x0000000101ce2e34 global`MonoBehaviour::CallAwake() + 76 frame #13: 0x0000000101ce3134 global`MonoBehaviour::AddToManager() + 132 frame #14: 0x0000000101ce2dcc global`MonoBehaviour::AwakeFromLoad(AwakeFromLoadMode) + 568 frame #15: 0x0000000101c0c548 global`AwakeFromLoadQueue::InvokePersistentManagerAwake(AwakeFromLoadQueue::Item*, unsigned int, AwakeFromLoadMode) + 96 frame #16: 0x0000000101c0c48c global`AwakeFromLoadQueue::PersistentManagerAwakeFromLoad(int, AwakeFromLoadMode) + 140 frame #17: 0x0000000101c0c3e8 global`AwakeFromLoadQueue::PersistentManagerAwakeFromLoad() + 36 frame #18: 0x0000000101bfc9b8 global`LoadSceneOperation::CompleteAwakeSequence() + 96 frame #19: 0x0000000101bfc3e0 global`LoadSceneOperation::PostLoadSceneAdditive() + 32 frame #20: 0x0000000101bfc304 global`LoadSceneOperation::IntegrateMainThread() + 80 frame #21: 0x0000000101bfd01c global`PreloadManager::UpdatePreloadingSingleStep(PreloadManager::UpdatePreloadingFlags, int) + 316 frame #22: 0x0000000101bfd59c global`PreloadManager::UpdatePreloading() + 252 frame #23: 0x0000000101b07c4c global`PlayerLoop() + 332 frame #24: 0x0000000101d4381c global`UnityPlayerLoopImpl(bool) + 32 frame #25: 0x0000000100047c80 global`UnityRepaint + 140 frame #26: 0x0000000100047b6c global`-[UnityAppController(Rendering) repaintDisplayLink] + 88 frame #27: 0x0000000184da2f24 QuartzCore`CA::Display::DisplayLinkItem::dispatch(unsigned long long) + 44 frame #28: 0x0000000184da2dd0 QuartzCore`CA::Display::DisplayLink::dispatch_items(unsigned long long, unsigned long long, unsigned long long) + 444 frame #29: 0x0000000181dba094 IOKit`IODispatchCalloutFromCFMessage + 372 frame #30: 0x0000000181ae2e50 CoreFoundation`__CFMachPortPerform + 180 frame #31: 0x0000000181afb218 CoreFoundation`__CFRUNLOOP_IS_CALLING_OUT_TO_A_SOURCE1_PERFORM_FUNCTION__ + 56 frame #32: 0x0000000181afa9cc CoreFoundation`__CFRunLoopDoSource1 + 436 frame #33: 0x0000000181af84b0 CoreFoundation`__CFRunLoopRun + 1840 frame #34: 0x0000000181a262b8 CoreFoundation`CFRunLoopRunSpecific + 444 frame #35: 0x00000001834da198 GraphicsServices`GSEventRunModal + 180 frame #36: 0x0000000187a6d7fc UIKit`-[UIApplication _run] + 684 frame #37: 0x0000000187a68534 UIKit`UIApplicationMain + 208 frame #38: 0x00000001000417dc global`main + 156 frame #39: 0x0000000180a095b8 libdyld.dylib`start + 4 |
工具:
https://github.com/Perfare/UnityStudio
https://github.com/HearthSim/UnityPack