破解《Interface Inspector》

Interface Inspector简介

Interface Inspector是用于查看mac os app界面布局的利器，类似于iOS的Reveal。

破解过程

下载下来打开后，出现一个License窗口：

License

hopper的Strings表里面搜索 License ，发现有这么一个方法：

-[SMLicenseManager isLicensed]

Modify -> Assemble Instruction...(option+a)，修改返回值为YES：

                     -[SMLicenseManager isLicensed]:
000000010010fe70         mov        rax, 0x1
000000010010fe77         ret

File -> Produce New Executable...command+shift+e，选择Remove Signature，替换原可执行文件。
然后打开，弹出了：

Signature

它验证签名了，我们Strings表里面搜索 Sign ，发现 codeSignState字符串
x查看引用，在applicationWillFinishLaunching中调用了这个方法：

void -[SMAppDelegate applicationWillFinishLaunching:](void * self, void * _cmd, void * arg2) {
    rdx = arg2;
    rbx = self;
    var_30 = *___stack_chk_guard;
    rax = [NSBundle mainBundle];
    rax = [rax retain];
    var_128 = rax;
    if ([rax codeSignState] != 0x2) goto loc_100024851;
......
loc_100024851:
    r14 = [[NSAlert alloc] init];
    var_F8 = r14;
    r13 = [[NSBundle mainBundle] retain];
    rbx = [[r13 localizedStringForKey:@"Signature of the Interface Inspector is broken" value:@"" table:0x0] retain];

需要把codeSignState的值修改为0x2。
在SMFoundation.framework找到这个方法，直接修改：

                     -[NSBundle codeSignState]:
000000000003b298         mov        rax, 0x2
000000000003b29f         ret

替换SMFoundation后再次运行，成功了！

解决Could not attach to application

控制台查看日志

Error loading /Library/Frameworks/mach_inject_bundle.framework/Resources/mach_inject_bundle_stub.bundle/Contents/MacOS/mach_inject_bundle_stub:  dlopen(/Library/Frameworks/mach_inject_bundle.framework/Resources/mach_inject_bundle_stub.bundle/Contents/MacOS/mach_inject_bundle_stub, 262): Symbol not found: ___pthread_set_self
  Referenced from: /Library/Frameworks/mach_inject_bundle.framework/Resources/mach_inject_bundle_stub.bundle/Contents/MacOS/mach_inject_bundle_stub
  Expected in: /usr/lib/libSystem.B.dylib
 in /Library/Frameworks/mach_inject_bundle.framework/Resources/mach_inject_bundle_stub.bundle/Contents/MacOS/mach_inject_bundle_stub

查阅资料，mach_inject_bundle.framework过期导致：
Fix Bug for Interface Inspector on macOS Serria
去github下载最新源码：
https://github.com/rentzsch/mach_inject
编译出mach_inject_bundle.framework文件，放在：

/Library/Frameworks/mach_inject_bundle.framework