使用 Xcode 调试第三方应用

1、将目标应用砸壳后保存到本地

http://blog.linhere.com/archives/555.html

DYLD_INSERT_LIBRARIES=/path/to/dumpdecrypted.dylib /path/to/executable

2、抽出需要的架构

lipo -detailed_info WeChat 查看静态库的架构支持

lipo WeChat -thin armv7 -output WeChat_armv7

3、还原符号表

https://github.com/tobefuturer/restore-symbol

4、提取entitlement,添加get-task-allow 权限

ldid -e WeChat.app/WeChat >> Entitlements.plist

添加:

<key>get-task-allow</key>

<true/>

5、重签名应用

获取设备上所有的证书列表:security find-identity -v -p codesigning

签名:

codesign -f -s "iPhone Developer: XXXX" --signing-time none --entitlement ./Entitlements.plist ./WeChat.app

6、安装

brew install ideviceinstaller

ideviceinstaller -i WeChat.app

或:

brew install ios-deploy
ios-deploy -d -b xxxx.app


资料:

http://swiftyper.com/2017/07/02/attach-third-app-using-xcode/

https://mp.weixin.qq.com/s?__biz=MjM5NTIyNTUyMQ==&mid=2709545175&idx=1&sn=1c080685fabf2f24269c6e544e9213d7&scene=0&key=cf237d7ae24775e8a291c430bd754bd72b2faee6c9edbe6ff3d32afdfd41e008ef2567182b323d8febc85346baef67cb&ascene=0&uin=NDU1NzA2MTk1&devicetype=iMac+MacBookPro12%2C1+OSX+OSX+10.11.5+build(15F34)&version=11020201&pass_ticket=epsDy5NSjlDNy2GvOKYYr9q%2FLcd99r%2BiT33eJCGerkt4I0vhPQPPuJbOUec7diuD

https://testerhome.com/topics/4558

一些命令记录:

lipo -info Tribe.decrypted  查看cpu架构

lipo -thin armv7 Tribe.decrypted -output Tribe.decrypted.armv7  抽出架构

otool -l Tribe.decrypted | grep crypt  查看是否加密

发表评论