逆向一个从Appstore下载的app时发现无法启动调试,点击启动后过一会儿会显示自动退出,退出码-1。接着又实用lldb -n "进程名"进行attach发现也无法附加上去,报错:
error: process exited with status -1 (attach failed (Not allowed to attach to process. Look in the console messages (****.app), near the debugserver entries when the attached failed. The subsystem that denied the attach permission will likely have logged an informative message about why it was denied.))
经过一段时间检索之后发现这个跟苹果的安全策略有关系。要实现这种调试,需要临时关闭SIP机制(System Integrity Protection),参考路径:https://developer.apple.com/documentation/security/disabling_and_enabling_system_integrity_protection
先进入恢复模式,然后启动终端,输入csrutil disable即可关闭。
要进入恢复模式,直接启动按住Command + R即可,如果你是M1,那么重启后一直按住电源按钮即可。