從mac download拷貝到手機 usr/bin
[email protected]'s password:
clutch-debug 100% 1374kb 1.3mb/s 00:00
ssh 預設密碼: alpine
9.1越獄
[email protected]'s password:
liamde-iphone:/usr/bin root# ls
// clutch-debug 命令
liamde-iphone:/usr/bin root# clutch-debug
usage: clutch-debug [options]
-b --binary-dump only dump binary files from specified bundleid
-d --dump dump specified bundleid into .ipa file
--clean clean /var/tmp/clutch directory
--version display version and exit
-? --help display this help and exit
-n --no-color print with colors disabled
-v --verbose print verbose messages
liamde-iphone:/usr/bin root# clutch-debug -i
2: 征途-孫紅雷代言-跟大哥,打國戰!
3: 迅雷-找片看片神器,打發時間必備
4: qq
5: wechat
6: 萌寶派
8: 天天魔獸 - 聖騎士的狩獵現在開始!
liamde-iphone:/usr/bin root# clutch-debug -b 9
aslr slide: 0x1000b0000
dumping (arm64)
patched cryptid (64bit segment)
writing new checksum
finished dumping com.kede.yanjing to /var/tmp/clutch/f56911fd-c29e-4041-a5f0-5d5154e76162
finished dumping com.kede.yanjing in 3.1 seconds
liamde-iphone:/usr/bin root# clutch-debug -b 2
aslr slide: 0x100028000
dumping (arm64)
patched cryptid (64bit segment)
writing new checksum
finished dumping com.tencent.zhengtuiphone to /var/tmp/clutch/e0616f6b-2255-490f-ab3e-413bd5c0b780
finished dumping com.tencent.zhengtuiphone in 9.1 seconds
在mac上使用命令拷貝回來 只能拷貝檔案,不能拷貝資料夾
scp [email protected]:/var/tmp/clutch/f56911fd-c29e-4041-a5f0-5d5154e76162/com.kede.yanjing/eshop ~/desktop/liam
[email protected]'s password:
eshop 100% 11mb 2.3mb/s 00:05
liamde-iphone:/usr/bin root# clutch-debug -d 2 匯出ipa包
aslr slide: 0x100058000
dumping (arm64)
patched cryptid (64bit segment)
writing new checksum
done: /private/var/mobile/documents/dumped/com.tencent.zhengtuiphone-ios6.0-(clutch-2.0.2 debug).ipa
finished dumping com.tencent.zhengtuiphone in 107.9 seconds
liamde-iphone:/usr/bin root#
iOS逆向 dumpdecrypted砸殼
一 前提介紹 二 總結步驟 需要用到的命令 1,ssh root 10.10.245.208 ip位址為裝置的ip位址 2,ps e 檢視程序 3,cycript p 附加程序 4,nsfilemanager defaultmanager urlsfordirectory nsdocumentdir...
IOS逆向 砸殼筆記
本人ios10.3.1 iphone6越獄機。方案三個。方案一 dumpdecrypted.dylib 1.ssh到越獄機上,看wechat可執行檔案在哪。然後把簽名後的dumpdecrypted.dylib拷到iphone上。重複步驟4.6.怎麼證明砸出來的wechat.decrypted是成功解...
IOS逆向 砸殼筆記
本人ios10.3.1 iphone6越獄機。方案三個。方案一 dumpdecrypted.dylib 1.ssh到越獄機上,看wechat可執行檔案在哪。然後把簽名後的dumpdecrypted.dylib拷到iphone上。重複步驟4.6.怎麼證明砸出來的wechat.decrypted是成功解...