引言
上一篇介绍了,cycript安装、配置环境,那么安装完成过以后,说能够调试App,怎么调试、修改App的内存呐?
此文只是用于学习,有哪些不便的、或者侵犯权益的问题,请告知删除!
准备工具、资料
- 砸壳后的ipa包
- MonkeyDev
- Cycript环境
- 真机(俺是iPhoneX)
安装MonkeyDev集成非越狱调试
MonkeyDev是基于iOSOpenDev,最初的版本支持Xcode 9和最新theos创建CaptainHook Tweak和Logos Tweak,后面又增加了一个Command-line Tool工具的支持;
具体相关的内容可以进入到AloneMonkey的博客查看,感谢AloneMonkey贡献这么好用的工具。
下载MonkeyDev
github地址:MonkeyDev
下载安装
使用请阅读Wiki文档: Wiki
安装成功Xcode是酱紫滴 !
Command + N
MonkeyDev
注意
有的哥么喜欢装多个Xcode,所以安装的时候一定要看清是不是当前你需要安装的xcode。
xcode-select -p //查看默认xocde
sudo xcode-select -s /Applications/xxx(需要安装的Xcode名称).app
创建 MonkeyDev项目酱紫的:
- 项目名称是
ZacharyDev,所以下面所有的内容对应的ZacharyDev,项目名称可以根据自己进行自定义。 -
ZacharyDevBylib这个是将被注入目标App的动态库,你自己要hook的代码可以在ZacharyDevBylib.m文件里面写,里面写了一些Demo代码,支持OC runtime的HOOK,C函数的fishhook。 -
antiAntiDebug这个里面是反反调试的代码。 -
fishhook这个是自动积尘的fishhook模块。 -
Frameworks已经自动集成了Reveal.framework和Cycript.framework。
拖入编译
- 准备好砸过壳的ipa包,这里我准备的是某信的砸壳版(越狱版),没有的下载pp助手下载一个ok?
- 将1中ipa包拖入自建项目目录
ZacharyDev/ZacharyDev/TargetApp - Run到真机上面
来付出行动,come on!
相信哥么们已经安装好某信了,当然哥么你得分清那个是你自己的,还是你现在要调试的,不要弄混了!
打开Reveal,就可以看到熟悉的界面了。
Reveal是啥? ->Reveal
当然回归正题,咱们主要是Cycript调试。
Cycript修改(只是内存的简单修改)、调试App
- 首先将上述的AppRun到真机,也就是你的测试机上面
- 打开终端输入
cycript进入Cycript环境,链接你的手机服务,这样才能调试App- 链接成功将直接进入到
cycript环境
- 链接成功将直接进入到
cy#
-
注意:链接不上的问题
- 请重启调试的App
*** _syscall(connect(socket_, info->ai_addr, info->ai_addrlen)):../Console.cpp(306):CYSocketRemote [errno=61]
问题
- 链接后面的端口必须是6666吗?
- 答:不是,在
xxxx(你的项目名)Dylib.m有这句话,你可以设置成任何数哥么
- 答:不是,在
CHConstructor{
NSLog(INSERT_SUCCESS_WELCOME);
[[NSNotificationCenter defaultCenter] addObserverForName:UIApplicationDidFinishLaunchingNotification object:nil queue:[NSOperationQueue mainQueue] usingBlock:^(NSNotification * _Nonnull note) {
#ifndef __OPTIMIZE__
CYListenServer(6666);
#endif
}];
}
调试、修改程序(一)
下面重点来了
cy# [UIApplication sharedApplication].statusBarHidden = YES
你会神奇的发现某信的状态条消失了。
- 再来一个
cy# choose(UILabel)
[#"<MMUILabel: 0x12630b420; baseClass = UILabel; frame = (0 0; 0 0); userInteractionEnabled = NO; tag = 10032; layer = <_UILabelLayer: 0x126251620>>",#"<MMUILabel: 0x126333ec0; baseClass = UILabel; frame = (12 4; 60 32); text = '\xe4\xbd\xa0\xe5\x8f\xaf\xe8\x83\xbd\xe8\xa6\x81\xe5\x8f\x91\xe9\x80\x81\xe7\x9a\x84\xe7\x85\xa7\xe7\x89\x87:'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12642c770>>",#"<MMCPLabel: 0x12636dad0; baseClass = UILabel; frame = (70 10.6667; 70 25); text = '\xe5\xbe\xae\xe4\xbf\xa1\xe5\x9b\xa2\xe9\x98\x9f'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1262b23b0>>",#"<UIButtonLabel: 0x126371660; frame = (92.3333 14.3333; 69.3333 19.3333); text = '\xe6\x8c\x89\xe4\xbd\x8f \xe8\xaf\xb4\xe8\xaf\x9d'; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126414b60>>",#"<MMUILabel: 0x126385000; baseClass = UILabel; frame = (0 91; 120 24); hidden = YES; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126450070>>",#"<MMUILabel: 0x1263a3610; baseClass = UILabel; frame = (0 91; 120 24); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126450500>>",#"<UILabel: 0x1263a7470; frame = (5 5; 74 30); text = '\xe5\x8f\xaf\xe8\x83\xbd\xe8\xa6\x81\xe5\x8f\x91\xe9\x80\x81\xe7\x9a\x84\xef\xbf\xbc\xe5\xb0\x8f\xe7\xa8\x8b\xe5\xba\x8f\xef\xbc\x9a'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1262eca30>>",#"<UIButtonLabel: 0x1263c5e40; frame = (3.33333 4; 128.667 17); text = '\xe6\x89\x8b\xe6\x8c\x87\xe4\xb8\x8a\xe6\xbb\x91\xef\xbc\x8c\xe5\x8f\x96\xe6\xb6\x88\xe5\x8f\x91\xe9\x80\x81'; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1264525a0>>",#"<NoLineBreakLabel: 0x1263d0140; baseClass = UILabel; frame = (70 33.3333; 285 25); text = '\xe5\xae\x89\xe5\x85\xa8\xe7\x99\xbb\xe5\xbd\x95\xe6\x8f\x90\xe9\x86\x92'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1262ba420>>",#"<UILabel: 0x1263d8470; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126219b50>>",#"<MMUILabel: 0x1263f5890; baseClass = UILabel; frame = (10 4; 41 12); text = '\xe5\xbe\xae\xe4\xbf\xa1\xe8\xbd\xac\xe8\xb4\xa6'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1263c7760>>",#"<UIButtonLabel: 0x126018ba0; frame = (15 13; 51.3333 19.3333); text = '\xe5\xbe\xae\xe4\xbf\xa1(1)'; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126017170>>",#"<MMUILabel: 0x126022ed0; baseClass = UILabel; frame = (38 0; 0 25); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126022b70>>",#"<MMUILabel: 0x126023590; baseClass = UILabel; frame = (0 0; 38 25); text = '\xe5\x88\x9a\xe5\xad\x90'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126023320>>",#"<UISearchBarTextFieldLabel: 0x12361d9e0; frame = (171.667 7; 35.6667 20.3333); text = '\xe6\x90\x9c\xe7\xb4\xa2'; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12361fac0>>",#"<MMUILabel: 0x123698410; baseClass = UILabel; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1236986f0>>",#"<_UIStatusBarStringView: 0x126505880; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1235e4070>>",#"<_UIStatusBarStringView: 0x126505fd0; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126505ba0>>",#"<_UIStatusBarStringView: 0x1265097b0; frame = (14.3333 3.66667; 38.3333 18); text = '11:20'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1235e9cf0>>",#"<_UIStatusBarStringView: 0x12650b120; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12650b800>>",#"<_UIStatusBarStringView: 0x12650ba10; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12650bd30>>",#"<_UIStatusBarStringView: 0x12650bf90; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1235fa340>>",#"<_UIStatusBarStringView: 0x12650c700; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1235f90b0>>",#"<_UIStatusBarStringView: 0x12650ccc0; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12650cfe0>>",#"<_UIStatusBarStringView: 0x126512860; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1265118a0>>",#"<_UIStatusBarStringView: 0x126513a00; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126511400>>",#"<AttributeLabel: 0x1265410c0; baseClass = UILabel; frame = (20 45; 335 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1235ce0f0>>",#"<MMUILabel: 0x123392840; baseClass = UILabel; frame = (314 12.6667; 51 15); text = '\xe4\xb8\x8b\xe5\x8d\x888:43'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1262b7120>>",#"<MMUILabel: 0x123395b70; baseClass = UILabel; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1262ba270>>",#"<UITableViewLabel: 0x1233da0e0; frame = (15 0; 345 67.6667); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12627fc80>>",#"<MMUILabel: 0x1233e7020; baseClass = UILabel; frame = (72 50; 0 0); clipsToBounds = YES; hidden = YES; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126281020>>",#"<UILabel: 0x126226dd0; frame = (4.6875 60; 84.375 0); text = ''; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12626d100>>",#"<MMCPLabel: 0x1262530f0; baseClass = UILabel; frame = (70 10.6667; 35 25); text = '\xe5\x88\x9a\xe5\xad\x90'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12627c410>>",#"<UIButtonLabel: 0x1262b97d0; frame = (inf 0; 0 0); hidden = YES; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1233f0790>>",#"<NoLineBreakLabel: 0x1262e6100; baseClass = UILabel; frame = (109 33.3333; 246 25); text = '\xe8\xaf\xb7\xe4\xbd\xa0\xe7\xa1\xae\xe8\xae\xa4\xe6\x94\xb6\xe9\x92\xb1'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126280340>>",#"<UILabel: 0x1267095c0; frame = (0 25.3333; 0 0); text = ''; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1267098a0>>",#"<MMUILabel: 0x126728720; baseClass = UILabel; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126728a00>>",#"<UILabel: 0x126730be0; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1267212d0>>",#"<UILabel: 0x126730ec0; frame = (0 25.3333; 0 0); text = ''; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126727910>>",#"<MMUILabel: 0x126743030; baseClass = UILabel; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126743310>>",#"<MMUILabel: 0x12674bca0; baseClass = UILabel; frame = (70 33.3333; 39 25); text = '[\xe8\xbd\xac\xe8\xb4\xa6]'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126280b30>>",#"<UILabel: 0x12674c400; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12674aed0>>",#"<UILabel: 0x12674cbf0; frame = (0 25.3333; 0 0); text = ''; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12674ced0>>",#"<MMUILabel: 0x12675f230; baseClass = UILabel; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12675f510>>",#"<MMUILabel: 0x1267676b0; baseClass = UILabel; frame = (0 0; 0 0); userInteractionEnabled = NO; tag = 10032; layer = <_UILabelLayer: 0x1262a0800>>",#"<UILabel: 0x126767cf0; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1267668e0>>",#"<UILabel: 0x126768510; frame = (0 25.3333; 0 0); text = ''; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1267687f0>>",#"<MMUILabel: 0x12678f360; baseClass = UILabel; frame = (156.667 12; 62 20); text = '\xe4\xb8\x8b\xe5\x8d\x888:46'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1263b0520>>",#"<UITableViewLabel: 0x12678f660; frame = (15 0; 345 67.6667); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12675d380>>",#"<UITabBarButtonLabel: 0x1267b00c0; frame = (29.6667 35; 30.6667 12); text = '\xe9\x80\x9a\xe8\xae\xaf\xe5\xbd\x95'; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12678a7d0>>",#"<UITabBarButtonLabel: 0x1267b06e0; frame = (34 35; 20.6667 12); text = '\xe5\x8f\x91\xe7\x8e\xb0'; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126723360>>",#"<UITabBarButtonLabel: 0x1267b0d00; frame = (39.6667 35; 10.3333 12); text = '\xe6\x88\x91'; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x126790b80>>",#"<MMUILabel: 0x1281026b0; baseClass = UILabel; frame = (0 0; 0 0); userInteractionEnabled = NO; tag = 10032; layer = <_UILabelLayer: 0x128102990>>",#"<MMUILabel: 0x1281035d0; baseClass = UILabel; frame = (0 0; 0 0); hidden = YES; userInteractionEnabled = NO; tag = 10032; layer = <_UILabelLayer: 0x1281038b0>>",#"<MMUILabel: 0x1281044f0; baseClass = UILabel; frame = (0 0; 0 0); userInteractionEnabled = NO; tag = 10032; layer = <_UILabelLayer: 0x1281047d0>>",#"<UILabel: 0x1281057d0; frame = (6 1; 6 15.6667); text = '1'; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x128105ab0>>",#"<MMUILabel: 0x128127580; baseClass = UILabel; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x128129b10>>",#"<UITableViewLabel: 0x1281309a0; frame = (15 0; 345 67.6667); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x128130da0>>",#"<MMUILabel: 0x12813b6f0; baseClass = UILabel; frame = (12 7.5; 6 15); text = '1'; userInteractionEnabled = NO; tag = 10032; layer = <_UILabelLayer: 0x12813b9d0>>",#"<MMCPLabel: 0x12813bf60; baseClass = UILabel; frame = (70 10.6667; 70 25); text = '\xe8\x85\xbe\xe8\xae\xaf\xe6\x96\xb0\xe9\x97\xbb'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12813c470>>",#"<MMUILabel: 0x12813d520; baseClass = UILabel; frame = (310 12.6667; 55 15); text = '\xe4\xb8\x8b\xe5\x8d\x8811:00'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12813d800>>",#"<NoLineBreakLabel: 0x12813e040; baseClass = UILabel; frame = (70 33.3333; 285 25); text = '\xe3\x80\x8a\xe5\x94\x90\xe4\xba\xba\xe8\xa1\x97\xe6\x8e\xa2\xe6\xa1\x882\xe3\x80\x8b\xe7\xbb\x86\xe8\x8a\x82\xe5\x85\xa8\xe6\x8f\xad\xe7\xa7\x98\xef\xbc\x8c\xe7\xbb\x99\xe4\xbd\xa0\xe4\xb8\x80\xe4\xb8\xaa\xe4\xba\x8c\xe5\x88\xb7\xe7\x9a\x84\xe7\x90\x86\xe7\x94\xb1'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12813e590>>",#"<UIButtonLabel: 0x1281755f0; frame = (0 0; 0 0); text = '\xe8\xbf\x94\xe5\x9b\x9e'; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1281758e0>>",#"<MMUILabel: 0x1281d0bb0; baseClass = UILabel; frame = (60 36.3333; 160 15); text = '\xe8\xbd\xac\xe8\xb4\xa6\xe7\xbb\x99\xe4\xbd\xa0'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12668a350>>",#"<MMUILabel: 0x1264e5b70; baseClass = UILabel; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1264e6090>>",#"<MMUILabel: 0x1264f4330; baseClass = UILabel; frame = (0 0; 0 0); userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1264f4810>>",#"<MMUILabel: 0x1264fa220; baseClass = UILabel; frame = (313 12.6667; 52 15); text = '\xe4\xb8\x8b\xe5\x8d\x888:46'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x12627e350>>",#"<MMUILabel: 0x1266758c0; baseClass = UILabel; frame = (156.667 15; 62 18); text = '\xe5\x8a\xa0\xe8\xbd\xbd\xe6\x9b\xb4\xe5\xa4\x9a'; autoresize = W; userInteractionEnabled = NO; tag = 1680; layer = <_UILabelLayer: 0x126675ba0>>",#"<MMUILabel: 0x1266a65b0; baseClass = UILabel; frame = (-21 6.66667; 73 23); text = '\xe6\x94\xb6\xe5\x8f\x96\xe4\xb8\xad\xe2\x80\xa6'; hidden = YES; userInteractionEnabled = NO; tag = 102; layer = <_UILabelLayer: 0x1266a6890>>",#"<MMUILabel: 0x1266a71b0; baseClass = UILabel; frame = (0 -1; 1 20); text = '\xe5\xbe\xae\xe4\xbf\xa1(\xe6\x9c\xaa\xe8\xbf\x9e\xe6\x8e\xa5)'; hidden = YES; userInteractionEnabled = NO; tag = 103; layer = <_UILabelLayer: 0x1266a7490>>",#"<MMUILabel: 0x1266a7b00; baseClass = UILabel; frame = (-29.3333 6.66667; 60 23); text = '\xe5\xbe\xae\xe4\xbf\xa1(1)'; userInteractionEnabled = NO; tag = 104; layer = <_UILabelLayer: 0x1266a7610>>",#"<MMUILabel: 0x1266b7b00; baseClass = UILabel; frame = (60 10; 160 24); text = '11111'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1281b5ad0>>",#"<UILabel: 0x1266d0ea0; frame = (147.5 115; 80 15); text = '\xe8\xbf\x99\xe4\xb8\x8d\xe6\x98\xaf\xe5\x85\xa5\xe5\x8f\xa3 ^_^'; alpha = 0; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1266d1180>>",#"<UILabel: 0x1266efd50; frame = (120 78; 135 15); text = '\xe7\x94\xa8\xe8\xbf\x87\xe7\x9a\x84\xe5\xb0\x8f\xe7\xa8\x8b\xe5\xba\x8f\xe9\x83\xbd\xe4\xbc\x9a\xe5\x9c\xa8\xe8\xbf\x99\xe9\x87\x8c'; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1266f0030>>",#"<UIButtonLabel: 0x1266f1ac0; frame = (inf 0; 0 0); hidden = YES; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1265475a0>>",#"<UITabBarButtonLabel: 0x1266fb130; frame = (34.6667 35; 20.6667 12); text = '\xe5\xbe\xae\xe4\xbf\xa1'; opaque = NO; userInteractionEnabled = NO; layer = <_UILabelLayer: 0x1266fad80>>",#"<MMUILabel: 0x1266fb440; baseClass = UILabel; frame = (0 0; 0 0); userInteractionEnabled = NO; tag = 10032; layer = <_UILabelLayer: 0x1266f9ac0>>"]
cy# #0x1266b7b00.text = "¥一个亿" //从上面找到钱的UILabel地址
"\xc2\xa5\xe4\xb8\x80\xe4\xb8\xaa\xe4\xba\xbf"
一个亿小目标完成@王总
调试、修改程序(二)
从上面一堆乱码一样的东西中定位到你想要定位的内容会很恶心,那么有没有好点的方法?
- 有,来吧,跟着哥么走就是有肉吃,我吃肉少不了汤喝,啊啊哈哈哈哈哈哈
-
首先用Xcode Run当前调试程序,如下:
直接拿到了这个UILabel的地址,那么是不是快多了?有没有觉的有很多好玩的地方可以去挖掘,可以在尝试一下,
步步高点改器,哪里想改,点哪里 so easy
注意一点,仅供技术交流
网友评论