Debugserve
brew install libimobiledevice
iproxy 2222 22
ssh -p 2222 root@127.0.0.1
debugserver -x backboard 127.0.0.1:1234 /private/var/containers/Bundle/Application/01F9D55C-0BD1-41F0-BFAF-37661B615ECF/xueyi.app/xueyi
root# debugserver *:1234 -a “ProcessName”
process connect connect://20.20.49.195:1234
chmod +x /usr/bin/debugserver
LLDB
break set -F objc_exception_throw
For all c++ exceptions: break set -E C++
ios14 应用安装目录在: /private/var/containers/Bundle/Application/
1 | |
查看是否加密
otool -l WeChat.app/WeChat | grep -B 2 crypt
class-dump
class-dump –arch armv7 -H -A -S -o header WeChat.app/WeChat
砸壳
./dump.py Display name or Bundle identifier
生成原 entitlements
codesign -d –entitlements :app.entitlements weixin.app
其它
- 查看调用当前的模块:image lookup -a $lr
- 查看在hopper中的函数地址:image lookup -a 函数地址
- 下该类所有方法下断点:br set -r [CNAdPlayerView .*]
- 给某一个方法下断点:br set -n “[UIView initWithFrame:]”
- ASLR偏移量(LLDB): image list -o -f