iOS逆向之Clutch砸壳

https://github.com/KJCracks/Clutch/releases,去这个网站下载Clutch的Release包,然后通过Scp命令copy到iPhone上。

dev-aozhimindeMacBook-Pro:~ dev-aozhimin$ scp ~/Downloads/Clutch.2.0/Clutch [email protected]:/usr/bin
[email protected]'s password:
Clutch                                                            100% 1156KB   1.1MB/s   00:00  

clutch的参数
dev-aozhiminde-iPhone:/usr/bin root# Clutch                                                       
Usage: Clutch [OPTIONS]
-b --binary-dump Only dump binary files from specified bundleID
-d --dump         Dump specified bundleID into .ipa file
-i --print-installed     Print installed applications
   --clean               Clean /var/tmp/clutch directory
   --version             Display version and exit
-? --help                Display this help and exit

显示已经装了的app
dev-aozhiminde-iPhone:/usr/bin root# Clutch --print-installed
Installed apps:
 1:   微信
 2:   QQ
 3:   大众点评
 4:   支付宝
 5:   饿了么
 6:   美团
 7:   小咖秀
 8:   手机淘宝
 9:   格瓦拉@电影
 10:  


破壳序号为5的app, -b 表示只生产二进制文件 -d表示生产ipa文件
dev-aozhiminde-iPhone:/var/mobile root# Clutch -b 5
Now dumping me.ele.ios.eleme
Preparing to dump
Path: /private/var/mobile/Applications/02EF9A7A-E70F-4C34-B083-17B33D3437F3/eleme.app/eleme
DUMP | ARMDumper Patched cryptid (32bit segment)          | ETA: 0h00m00s
Dumping (armv7) |=================================================| ETA: 0h00m04s

DUMP | ARMDumper Writing new checksum
Finished 'stripping' binary
Note: This binary will be missing some undecryptable architectures

Finished dumping me.ele.ios.eleme to /var/tmp/clutch/AF8B6858-FFAD-45AD-9B3A-38310BEE3871
Finished dumping me.ele.ios.eleme in 6.5 seconds

/var/tmp/clutch/AF8B6858-FFAD-45AD-9B3A-38310BEE3871 就是破解后的文件

最后把Dump的文件cop回到mac上
dev-aozhimindeMacBook-Pro:~ dev-aozhimin$ scp [email protected]:/var/tmp/clutch/AF8B6858-FFAD-45AD-9B3A-38310BEE3871/me.ele.ios.eleme/eleme ~/Downloads/eleme
[email protected]'s password:
eleme                                                             100% 7231KB   1.4MB/s   00:05  

你可能感兴趣的:(iOS逆向工程)