iosre Blog

iOS 逆向开发,熟悉iphone/tweak、iphone/tool、cydia的repo 制作 、cocoapods的Specs repo制作(using-pod-lib-create、private-cocoapods)

dumpdecrypted

Dumps decrypted mach-o files from encrypted applications、framework or app extensions.

前言 本文重点推荐使用frida-ios-dump-master,而非dumpdecrypted.dylib。 I 、frida-ios-dump-master 使用frida-ios-dump-master 只需先用frida-ps查看applications Name ,之后执行dump.py 即可在dump.py 目录下生成砸壳之后的ipa包。 Frida环境的搭建可以看下这篇...

Posted by kunnan on July 1, 2018

class-dump

Generate Objective-C headers from Mach-O files

入口文件:class-dump/class-dump.m usage 可以dump混编的 class-dump --arch arm64 AppStore -H -o -A ./header 加上-A可以显示方法在文件中的实现地址 ...

Posted by kunnan on July 1, 2018

MobileLoader

将第三方动态库加载到运行的目标应用中

MobileLoader MobileLoader加载dylib的过程 首先通过环境变量DYLD_INSERT_LIBRARIES把它自己加载到目标应用里面,然后查找特定目录(具体的目录依赖于越狱工具的加载机制,通常在/Library/MobileSubstrate/DynamicLibraries/ ;coolstar的Electra越狱的iOS 11 /bootstrap/Libr...

Posted by kunnan on July 1, 2018

MobileHooker

替换系统和应用的方法

MobileHooker IMP MSHookMessage(Class class, SEL selector, IMP replacement, const char* prefix); // prefix should be NULL. void MSHookMessageEx(Class class, SEL selector, IMP replacement, IMP *resu...

Posted by kunnan on July 1, 2018

scp_mac

iphone scp 到Mac

iPhone SSH Mac 的前提是mac setremotelogin on devzkndeMacBook-Pro:.ssh devzkn$ sudo systemsetup -setremotelogin off devzkndeMacBook-Pro:.ssh devzkn$ sudo systemsetup -setremotelogin on dev...

Posted by kunnan on July 1, 2018

cy_p

cycript -p /var/root/utils.cy > /dev/null; cycript -p $1;

前言 cy 高级用法:加载自己的脚本 加载自己的脚本 以下这种方法可能会导致脚本多次加载(多次注入) cycript.sh source cycript.sh;cyc appname cyc () { cycript -p $1 /var/root/utils.cy > /dev/null; cycript...

Posted by kunnan on July 1, 2018

CYListenServer

开发集成cycript

集成步骤 Constructor 中处理集成cy,特定条件执行CYListenServer ()来设置Cycript默认端口是6666 #define CHConstructor static __attribute__((constructor)) void CHConcat(CHConstructor, __LINE__)() CHConst...

Posted by kunnan on July 1, 2018

uname

The uname utility writes symbols representing one or more system characteristics to the standard output

 uname – Print operating system name usage: uname [-amnprsv] -a Behave as though all of the options -mnrsv were specified. -m print the machin...

Posted by kunnan on June 30, 2018

deviceconsole

An iOS system log tailer that doesn't suck. Improved

前言 自从iOS8之后,我就习惯使用Mac系统自带的console ,后来发现有些同事的Mac中console 版本低,没有device 选项;于是乎,就想起了推荐他们使用deviceconsole 原版的deviceconsole deviceconsole –help ➜ bin git:(master) ✗ devicecon...

Posted by kunnan on June 30, 2018

typora

Markdown编辑器:Typora will give you a seamless experience as both a reader and a writer

Typora 简洁轻便免费, 独有的所见即所得, 可在预览状态下编辑, 快捷键丰富, 脚本高亮功能出彩, 导出为pdf后, 排版同样正常, 这点非常难得, 笔者使用的就是该款 Only free during beta. Available for mac OS X 10.9 and later. Change Log + History Builds * Se...

Posted by kunnan on June 29, 2018

FEATURED TAGS
iOS Debug Open_Source_Framework RunLoop Swift Xcode ReactiveCocoa Runtime Mac Efficiency Terminal Git objc CocoaPods ruby shell iosre Cycript OutlineOfChineseHistory Workplace GoogleMethodology Search CocoaTouchStaticLibrary ReadaBookEveryDay miniprogram es6 internet py Xiang_Shuai_Beida_Finance_Course frida WebScoket note MobileSubstrate security dyld MGCopy Logical_thinking Knowledge_is_power jb How_to_be_a_master_of_network_management hook DeviceInfo Video
ABOUT ME

https://zhangkn.github.io/

✉️ zhang_kn@icloud.com

FRIENDS