iOS9.3.3环境
- 下载dumpdecrypted &编译
编译:
git clone https://github.com/stefanesser/dumpdecrypted.git
cd dumpdecrypted & make
- 连接到设备
手机需越狱并且安装cycript
iOS9.3.3需要执行su mobile否则砸壳的时候会报错 kill-9
ssh root@xx.xx.xxx.xxx
- ps -e 找到需要砸壳的App
879 ?? 0:39.15 /var/containers/Bundle/Application/xxxx/target.app/target
4.找到该App的沙盒目录
cycript -p 879
cy# [[NSFileManager defaultManager] URLsForDirectory:NSDocumentDirectory inDomains:NSUserDomainMask][0]
"file:///var/mobile/Containers/Data/Application/D7430B82-59CE-4119-99E2-E4780CAF5D11/Documents/"
5.拷贝编译的dumpdecrypted.dylib到上步的沙盒目录
scp ~/Desktop/dumpdecrypted/dumpdecrypted.dylib root@xx.xx:/var/mobile/Containers/Data/Application/D7430B82-59CE-4119-99E2-E4780CAF5D11/Documents/
- cd 到 沙盒目录
cd /var/mobile/Containers/Data/Application/D7430B82-59CE-4119-99E2-E4780CAF5D11/Documents/
执行
DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib path/to/excutable
path 是 ps-ef 的程序运行所在文件
网友评论