How to get the class with obfuscated name by cycript
If i want to get this class. Should I must know the origin class name?
View ArticleHOWTO: Update to latest Theos 2016
The parameter '--recursive' here is very important, as in official tutorial from iPhoneDevWiKi, it has no this parameter and cause some errors. It took me almost several hours to figure it out.
View ArticleNSBundle load framework ,ip6 ipad mini2可以,iphone5不行,报错!hellp!
bundle编译似乎哪里有问题,具体没有细节我也猜不出来。dyld_stub_binder的问题似乎
View Article非越狱环境下自动抢红包的实现原理
你好,在非越狱下,hook苹果原生的app,可以做到,能否大概讲一下呢。“objc方法,直接用runtime就行其他的需要运行时对macho打补丁”这两个步骤都应该是需要越狱后才能做到的吧?
View ArticleClik here to view.
lldb中寄存器访问c++对象以及stl对象
Pasted image944x128 14.2 KB 这是目前frame中的寄存器情况。其中r0是HeResFileLocator对象,r2是std::_1::basicstring。 请问如何在lldb使用r0和r2调用其自己的方法呢。 我每次调用会报如下错误
View Article调试32bit不混合thumb和arm指令的Xcode版本是多少
多谢了,我试试Xcode7.2.是不是debugserver做了什么防护措施了,老是失败。或者说只能用最新的lldb去连接老的5.0.2里的debugserver吗?我总是报错。设备是7.1.2的iOS。 iPhone-5:~ root# debugserver *:1234 -a AppStore dyld: Library not loaded:...
View ArticleClik here to view.
How to get the class with obfuscated name by cycript
Thx Is there any way to get this class in cycript.Now I can only get this class by lldb and debugserver. But this will be detected by this app.
View ArticleIs there any way to detect debug except ptrace or sysctl
Recently I'm using debugserver+lldb to dive into an app. Its behaviour changes when I connect into it. Firstly, I've tried to set a breakpoint on ptrace and find that it doesn't use ptrace and also...
View ArticleiOS砸壳的时候提示killed: 9
我的系统是iOS9.0.2 我需要反编译armv7 CPU的binary 我把目标app的binary拿出来之后砸壳结果killed: 9 重新签名之后 一样报错,应该是thin mach-o文件运行不起来 求大神帮忙
View ArticleiOS砸壳的时候提示killed: 9
运行不起来的话没法砸壳啊!dumpdecrypted的原理是从内存里把解密的部分dump出来,不适用于你说的这种情况。为啥不分析ARM64的binary呢?
View ArticleiOS砸壳的时候提示killed: 9
就是在纠结这个问题,因为Hopper可以直接把armv7的汇编 转换成objc的伪代码,但是不支持arm64的转换 有的app是可以运行起来的,有的不行
View Article