菜鸟入门逆向
环境: Mac 10.15, iPhone 5s iOS 12.4.5
操作步骤: 按照书中一步步操作下来, make && make package install 成功了, MobileNotes也killed了, 但是启动note后无反应,
检查原因:
1, theos下已配置动态库: ~/theos/lib/libsubstrate.dylib
2, Makefile配置
THEOS_DEVICE_IP = 127.0.0.1
THEOS_DEVICE_PORT = 1025
SDKVERSION = 12.1
ARCHS = armv7 armv7s arm64
TARGET = iphone:clang:latest:8.0
INSTALL_TARGET_PROCESSES = MobileNotes
include $(THEOS)/makefiles/common.mk
TWEAK_NAME = AlertMessageProj
AlertMessageProj_FILES = Tweak.x
AlertMessageProj_FRAMEWORKS = UIKit
include $(THEOS_MAKE_PATH)/tweak.mk
after-install::
install.exec "killall -9 SpringBoard"
3, 启动Notes无效后查看了可执行文件, 发现没有自己写的那个dylib
$ otool -L MobileNotes | grep ".dylib"
/usr/lib/libMobileGestalt.dylib (compatibility version 1.0.0, current version 1.0.0)
/usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0)
/usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 400.9.4)
/usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1252.250.1)
4, 查看日志, 觉得有嫌疑的两条
com.apple.xpc.launchd[1] (UIKitApplication:com.apple.mobilenotes[0x2e6a][63][2507]) <Notice>: Service exited due to SIGTERM | sent by killall[2528]
com.apple.xpc.launchd[1] (com.apple.mobilenotes.NotesImporter) <Error>: Disallowing environment variable: DYLD_FRAMEWORK_PATH
5, Tweak.x
#import <UIKit/UIKit.h>
%hook MobileNotes
- (_Bool)application:(id)arg1 openURL:(id)arg2 options:(id)arg3 {
_Bool isCan = %orig(arg1, arg2, arg3);
%log;
UIAlertController *alert = [UIAlertController alertControllerWithTitle:@"hhhah" message:@"gggggg" preferredStyle:UIAlertControllerStyleAlert];
[alert addAction:[UIAlertAction actionWithTitle:@"sure" style:UIAlertActionStyleDefault handler:^(UIAlertAction * _Nonnull action) { }]];
[[[[UIApplication sharedApplication] keyWindow] rootViewController] presentViewController:alert animated:YES completion:^{ }];
return isCan;
}
%end
__attribute__((constructor))
void testLogMethod() {
NSLog(@"test_log_alert_message_project");
}
有点怀疑是不是因为mac 系统是10.15的关系, 因为这个, 安装IDA等软件是遇到好多坑, 求助, 不胜感激~