Clutch Debug 砸殼記錄

2021-07-16 14:51:57 字數 2512 閱讀 1103

從mac download拷貝到手機 usr/bin

[email protected]'s password: 

clutch-debug                                  100% 1374kb   1.3mb/s   00:00    

ssh 預設密碼: alpine

9.1越獄

[email protected]'s password: 

liamde-iphone:/usr/bin root# ls

//   clutch-debug  命令

liamde-iphone:/usr/bin root# clutch-debug

usage: clutch-debug [options]

-b --binary-dump only dump binary files from specified bundleid 

-d --dump dump specified bundleid into .ipa file 

--clean               clean /var/tmp/clutch directory 

--version             display version and exit 

-? --help                display this help and exit 

-n --no-color            print with colors disabled 

-v --verbose             print verbose messages 

liamde-iphone:/usr/bin root# clutch-debug -i

2:   征途-孫紅雷代言-跟大哥,打國戰!

3:   迅雷-找片看片神器,打發時間必備

4:   qq

5:   wechat

6:   萌寶派

8:   天天魔獸 - 聖騎士的狩獵現在開始!

liamde-iphone:/usr/bin root# clutch-debug -b 9

aslr slide: 0x1000b0000

dumping (arm64)

patched cryptid (64bit segment)

writing new checksum

finished dumping com.kede.yanjing to /var/tmp/clutch/f56911fd-c29e-4041-a5f0-5d5154e76162

finished dumping com.kede.yanjing in 3.1 seconds

liamde-iphone:/usr/bin root# clutch-debug -b 2

aslr slide: 0x100028000

dumping (arm64)

patched cryptid (64bit segment)

writing new checksum

finished dumping com.tencent.zhengtuiphone to /var/tmp/clutch/e0616f6b-2255-490f-ab3e-413bd5c0b780

finished dumping com.tencent.zhengtuiphone in 9.1 seconds

在mac上使用命令拷貝回來 只能拷貝檔案,不能拷貝資料夾

scp [email protected]:/var/tmp/clutch/f56911fd-c29e-4041-a5f0-5d5154e76162/com.kede.yanjing/eshop ~/desktop/liam

[email protected]'s password: 

eshop                                         100%   11mb   2.3mb/s   00:05 

liamde-iphone:/usr/bin root# clutch-debug -d 2   匯出ipa包

aslr slide: 0x100058000

dumping (arm64)

patched cryptid (64bit segment)

writing new checksum

done: /private/var/mobile/documents/dumped/com.tencent.zhengtuiphone-ios6.0-(clutch-2.0.2 debug).ipa

finished dumping com.tencent.zhengtuiphone in 107.9 seconds

liamde-iphone:/usr/bin root# 

iOS逆向 dumpdecrypted砸殼

一 前提介紹 二 總結步驟 需要用到的命令 1,ssh root 10.10.245.208 ip位址為裝置的ip位址 2,ps e 檢視程序 3,cycript p 附加程序 4,nsfilemanager defaultmanager urlsfordirectory nsdocumentdir...

IOS逆向 砸殼筆記

本人ios10.3.1 iphone6越獄機。方案三個。方案一 dumpdecrypted.dylib 1.ssh到越獄機上,看wechat可執行檔案在哪。然後把簽名後的dumpdecrypted.dylib拷到iphone上。重複步驟4.6.怎麼證明砸出來的wechat.decrypted是成功解...

IOS逆向 砸殼筆記

本人ios10.3.1 iphone6越獄機。方案三個。方案一 dumpdecrypted.dylib 1.ssh到越獄機上,看wechat可執行檔案在哪。然後把簽名後的dumpdecrypted.dylib拷到iphone上。重複步驟4.6.怎麼證明砸出來的wechat.decrypted是成功解...