美文网首页
Make dumpdecrypted work on iOS 9

Make dumpdecrypted work on iOS 9

作者: 颜子 | 来源:发表于2018-06-20 22:03 被阅读10次

Thanks: http://iosre.com/t/make-dumpdecrypted-work-on-ios-9-3-3/4876

If you come across Killed: 9 too:

FunMaker-SE:/User/Downloads root# DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/ChinaUnicom4.x.app/ChinaUnicom4.x
Killed: 9

Then running the script as mobile may do the trick:

FunMaker-SE:/User/Downloads root# su mobile
FunMaker-SE:/User/Downloads mobile$ DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/ChinaUnicom4.x.app/ChinaUnicom4.x
mach-o decryption dumper

DISCLAIMER: This tool is only meant for security research purposes, not for application crackers.

iOSRE: uid = 501, euid = 501, gid = 501, egid = 501.

[+] detected 64bit ARM binary in memory.
[+] offset to cryptid found: @0x10008cc58(from 0x10008c000) = c58
[+] Found encrypted data at address 00004000 of length 12828672 bytes - type 1.
[+] Opening /private/var/containers/Bundle/Application/6476E127-11B7-4861-B742-D781D0DBBD3A/ChinaUnicom4.x.app/ChinaUnicom4.x for reading.
[+] Reading header
[+] Detecting header type
[+] Executable is a plain MACH-O image
[+] Opening ChinaUnicom4.x.decrypted for writing.
[+] Copying the not encrypted start of the file
[+] Dumping the decrypted data into the file
[+] Copying the not encrypted remainder of the file
[+] Setting the LC_ENCRYPTION_INFO->cryptid to 0 at offset c58
[+] Closing original file
[+] Closing dump file
FunMaker-SE:/User/Downloads mobile$ ls
ChinaUnicom4.x.decrypted  dumpdecrypted.dylib

相关文章

网友评论

      本文标题:Make dumpdecrypted work on iOS 9

      本文链接:https://www.haomeiwen.com/subject/slkfyftx.html