我是ios逆向工程的爱好者同时也是小白一个,阅读了大神《iOS应用逆向工程》如获珍宝,甚是喜爱,但是在dumpdecrypted 砸壳的问题上,遇到难路虎,如下有几个问题麻烦大神解答一下?
1.我的xcode7.2.1,ios 9.2 我将dumpdecrypted 源码下载下来,makefile在如下情况下编译(也就是下载下来没有改动编译)
GCC_BIN=xcrun --sdk iphoneos --find gcc
GCC_UNIVERSAL=$(GCC_BASE) -arch armv7 -arch armv7s -arch arm64
SDK=xcrun --sdk iphoneos --show-sdk-path
CFLAGS =
GCC_BASE = $(GCC_BIN) -Os $(CFLAGS) -Wimplicit -isysroot $(SDK) -F$(SDK)/System/Library/Frameworks -F$(SDK)/System/Library/PrivateFrameworks
all: dumpdecrypted.dylib
dumpdecrypted.dylib: dumpdecrypted.o
$(GCC_UNIVERSAL) -dynamiclib -o $@ $^
%.o: %.c
$(GCC_UNIVERSAL) -c -o $@ $<
clean:
rm -f *.o dumpdecrypted.dylib
报错
xcrun: error: unable to find utility “gcc”, not a developer tool or in PATH
/bin/sh: -Os: command not found
make: *** [dumpdecrypted.o] Error 127
然后我修改Makefile文件中的 SDK=xcrun --sdk iphoneos --show-sdk-path
改为: SDK=/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS9.2.sdk
在编译又报错
xcrun: error: unable to find utility “clang”, not a developer tool or in PATH
make: *** [dumpdecrypted.o] Error 72
最后我改回去,用原来的又能正确编译出来dumpdecrypted.dylib,请问大神在ios9.2下正确的编译dumpdecrypted步骤?
2.假如我已经得到了一个weibo.app\weibo,把weibo exec拷贝到的路径是desktop/test/weibo,我的理解是把dumpdecrypted.dylib拷贝到desktop/test/dumpdecrypted.dylib,然后执行命令:
/Users/Jackson/Desktop/testweibo/dumpdecrypted.dylib /Users/Jackson/Desktop/testweibo/Weibo mach-o decryption dumper
-bash: /Users/Jackson/Desktop/testweibo/dumpdecrypted.dylib: Bad CPU type in executable
的到如上错误?我理解是:dumpdecrypted.dylib 可执行文件 mach-o decryption dumper 就能得到脱壳后的文件,但实际上不行?难道我理解有问题吗?我也百度了,但他们是这么用的?
FunMaker-5:~ root# cd /var/mobile/Containers/Data/Application/D41C4343-63AA-4BFF-904B-2146128611EE/Documents/
root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Containers/Bundle/Application/03B61840-2349-4559-B28E-0E2C6541F879/TargetApp.app/TargetApp
mach-o decryption dumper
1.首先进入~ root 对这个不理解,麻烦解释一下?
2.DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib 为啥需要DYLD_INSERT_LIBRARIES这个环境变量?这样的脱壳必须要到越狱的手机上吗?我在mac book pro里可以吗?