iOS 9.3.3中使用dumpdecrypted砸壳,killed:9

估计得靠大神来解决了,我cycript -p app也有问题


#Killed: 9
Pangu9 causes many command-line tools to not work, with the error “Killed: 9”

This can be solved by running "ldid -S which <command>"


This occurs due to the change in the 32-bit pagesize on 64-bit CPUs in iOS 9. The libraries noted above need to be rebuilt with “-Wl,-segalign,4000”.

ldid -S dylib就行了



我直接用 这样也能dump出头文件,是没壳的原因吗??

#查询到github上面的一个 方法对我有效,你可以试试。

1, copy dumpdecrypted.dylib into /usr/lib. Make sure it has appropriate permissions so that user mobile can read and execute it

-rwxr-xr-x 1 root wheel 197528 Aug 14 16:22 dumpdecrypted.dylib

2, change user to mobile:

su mobile

3, change directory into somewhere that mobile can write to:

cd /var/mobile/Documents

4, execute the command with absolute paths:

DYLD_INSERT_LIBRARIES=/usr/lib/dumpdecrypted.dylib /var/containers/Bundle/Application/59CEB222-4C4D-4A34-BC0F-8D38B9E3853D/

5, then, you’ll have the MyApp.decrypted file in the current directory

Tested on Pangu jailbroken iOS 9.3.3



I think it is something related to the Sandbox. The reason behind this potential problem has been already explained in the last paragraph on page 136 in the book “iOS App Reverse Engineering”.

“Copy dumpdecrypted.dylib into /usr/lib” is not necessary if you have already put it into the right “Document” directory.

The only thing to fix is to:

  1. make sure the permissions of “mobile” are at least read (even only read is enough, tested in iOS 9.3.2) and execute.

  2. “su mobile” and execute it again.




Good… Thanks…

success ~~~yeah

直接su mobile 就可以了。

成功 赞一个。不过这是为什么啊

get used thanks

Class MarsReachability is implemented in both /private/var/containers/Bundle/Application/337A24BD-757F-400E-BFAF-716E2C0D7E1A/ (0x1071917d0) and /private/var/containers/Bundle/Application/337A24BD-757F-400E-BFAF-716E2C0D7E1A/ (0x1052049d8). One of the two will be used. Which one is undefined.


这个是个 warning,不用管