ios逆向之frida-ios-dump一键砸壳详细版
## ios端配置:- 打开cydia 添加源: `https://build.frida.re`
- 打开刚刚添加的源 安装 (https://link.jianshu.com/?t=https%3A%2F%2Fwww.frida.re%2Fdocs%2Fios%2F)
- 安装完成!
- 检查是否工作可以可在手机终端运行 `frida-ps -U` 查看
- (备注:不检查也没事,我手机运行命令后显示 command not found 也不影响最终使用。)
## mac端配置:
前置条件,请参看我[第一篇ssh免密码登录配置](https://blog.csdn.net/feifeiwuxian/article/details/81632988)。
- 安装(https://link.jianshu.com/?t=https%3A%2F%2Fbrew.sh%2F)
- 安装wget: `brew install wget`
安装pip:
- `wget https://bootstrap.pypa.io/get-pip.py`
- `sudo python get-pip.py`
- 清理残留: `rm ~/get-pip.py`
## 配置frida-ios-dump环境:
从Github下载工程:https://github.com/AloneMonkey/frida-ios-dump
cd 到frida-ios-dump目录
安装依赖:
- sudo pip install -r requirements.txt --upgrade
(上步安装的过程中出现six的问题,
Found existing installation: six 1.4.1
Cannot uninstall 'six'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.
则执行sudo pip install six --upgrade --ignore-installed six
完成后再回上步重新安装依赖。
参考https://blog.csdn.net/jokey_wz/article/details/78819960)
下面是安装依赖成功的截图
- 修改dump.py参数:(改为自己机器的)
`vim dump.py`
- ```
User = 'root'Password = 'alpine'Host = 'localhost'Port = 2222
```
最后,打开要砸的app,这里微信举例,
即可一键砸壳
./dump.py 微信
如下图:
备注1:如果执行命令出现如下问题,则重新插usb到手机
```
wangfeideMacBook-Pro:frida-ios-dump-master wangfei$ ./dump.py 微信
No handlers could be found for logger "paramiko.transport"
*** Caught exception: <class 'paramiko.ssh_exception.SSHException'>: Error reading SSH protocol banner Connection reset by peer
Traceback (most recent call last):
File "./dump.py", line 309, in <module>
ssh.connect(Host, port=Port, username=User, password=Password)
File "/Library/Python/2.7/site-packages/paramiko/client.py", line 392, in connect
t.start_client(timeout=timeout)
File "/Library/Python/2.7/site-packages/paramiko/transport.py", line 545, in start_client
raise e
SSHException: Error reading SSH protocol banner Connection reset by peer
```
备注2:如果存在应用名称重复了怎么办呢?没关系首先使用如下命令查看安装的应用的名字和bundle id:
```
wangfeideMacBook-Pro:frida-ios-dump-master wangfei$ ./dump.py -l
PIDName Identifier
-------------------------------------------
3490App Store com.apple.AppStore
3218Cydia com.saurik.Cydia
3349Filza com.tigisoftware.Filza
3518QQ com.tencent.mqq
3263Safari com.apple.mobilesafari
3479微信 com.tencent.xin
3096邮件 com.apple.mobilemail
```
然后使用如下命令对指定的bundle id应用进行砸壳即可:
./dump.py -b com.tencent.xin
./dump.py com.tencent.xin
页:
[1]