2018-10-08 iOS Clutch砸壳商店包初级版

Clutch砸壳(菜鸡版)

GitHub下载最新版,https://github.com/KJCracks/Clutch/releases

2.0.4版本,百度云盘地址链接: https://pan.baidu.com/s/1OUvaiSKlV2YawG5UG9xxHw 密码: 2k1c。需要可以自取或者去github下载,上面也给出了下载地址。

把下载的Clutch放到越狱的手机的/usr/bin目录下,scp命令或者使用ifunbox传输。

admindeMBP-4:~ admin$ scp /Users/admin/Downloads/Clutch-2.0.4 [email protected]:/usr/bin

/Users/admin/Downloads/Clutch-2.0.4为电脑端Clutch-2.0.4绝对地址,[email protected]地址为手机ip地址。

安装成功后 可以remote到你的手机 默认的密码是 alpine

ssh连接手机(ssh root@iOS IP),切换到/usr/bin目录

cd /usr/bin

赋予权限 +x 可执行权限

chmod +x Clutch-2.0.4

任意目录下使用

Clutch-2.0.4 -I(查看安装的app)

Clutch-2.0.4

Clutch-2.0.4使用说明

iPersistence:~ root# Clutch-2.0.4

Usage: Clutch-2.0.4 [OPTIONS]

-b --binary-dump Only dump binary files from specified bundleID

-d --dump         Dump specified bundleID into .ipa file

-i --print-installed    Print installed applications

  --clean              Clean /var/tmp/clutch directory

  --version            Display version and exit

-? --help                Display this help and exit

-n --no-color            Print with colors disabled


-b 砸特定bundleID二进制文件,-d 生成解密ipa ,-i 打印安装的应用

查看app主进程及extension/widget进程,正确返回示例

iPersistence:~ root# ps -e |grep var

18565 ??        1:48.30 /private/var/containers/Bundle/Application/D88DAA97-33FA-4D27-A172-A320897050E3/SogouInput.app/PlugIns/com.sogou.sogouinput.BaseKeyboard.appex/com.sogou.sogouinput.BaseKeyboard

18568 ??        0:00.57 /var/containers/Bundle/Application/13327F8E-DF9D-4267-BA76-8145A94353E0/News.app/News

18874 ??        19:02.85 /var/containers/Bundle/Application/7995536A-8D35-493A-AFF5-AD4C9972F0EE/WeChat.app/WeChat

18959 ??        0:00.26 /private/var/containers/Bundle/Application/4E4A7584-F6CF-49F0-A0DB-EA989795F5BE/Youkui4Phone.app/PlugIns/UserNotifications.appex/UserNotifications

19091 ??        1:18.71 /var/containers/Bundle/Application/A1372D71-85FF-462A-A7CE-00FF74258C4B/AlipayWallet.app/AlipayWallet

19228 ??        0:00.10 /private/var/containers/Bundle/Application/85533DF6-6883-4B50-8A22-47DC346B18FC/mttlite.app/PlugIns/QQBrowserNotiService.appex/QQBrowserNotiService

19356 ??        0:03.83 /var/containers/Bundle/Application/E50FADAF-C87C-4595-8F4B-75385AB5AC9F/CTRIP_WIRELESS.app/CTRIP_WIRELESS

19427 ??        0:45.66 /var/containers/Bundle/Application/BAF45FB3-6DD1-4247-875E-4AE426BBDCEC/jiongji100.app/jiongji100

19432 ??        0:10.96 /var/containers/Bundle/Application/9C748C68-2C0C-4AF9-A316-27BB6D8A364A/PeanutApp.app/PeanutApp

19434 ??        0:02.10 /var/containers/Bundle/Application/3C59DC21-A4CC-4E5D-8DE7-4436713ABDC3/QQPim.app/QQPim

19438 ??        0:01.60 /var/containers/Bundle/Application/85533DF6-6883-4B50-8A22-47DC346B18FC/mttlite.app/mttlite

19464 ??        1:19.02 /var/containers/Bundle/Application/CAEC68C1-A2B0-420C-973D-13C3004BFC83/QQMusic.app/QQMusic

19505 ??        0:02.56 /private/var/containers/Bundle/Application/7BAF66E3-D357-4E11-967A-3B909BC1A01C/MQQSecure.app/PlugIns/MQQSecureToday.appex/MQQSecureToday

19507 ??        0:13.09 /private/var/containers/Bundle/Application/D5BAA334-38BD-4E19-80C9-7224626963E8/CPU DasherX.app/PlugIns/DasherWidget.appex/DasherWidget

19510 ??        0:02.55 /private/var/containers/Bundle/Application/1A871134-B134-4737-B1AD-A75F5911816B/Shadowrocket.app/PlugIns/Today.appex/Today

19543 ??        0:04.82 /var/containers/Bundle/Application/73C3C0C7-8996-48BD-BF36-5FF488487DB1/PPHub.app/PPHub

19861 ??        0:32.03 /var/containers/Bundle/Application/2B5F8696-10EE-4EFC-864D-D96E6C40C510/kiwi.app/kiwi

19890 ??        0:05.17 /var/containers/Bundle/Application/001E0DF0-1CB3-4A91-A772-4DE60C405675/SecurityCenter.app/SecurityCenter

19892 ??        0:05.50 /private/var/containers/Bundle/Application/BD65D960-30E9-4F5C-89E0-6351D13BDC9A/NetworkSpeed.app/PlugIns/state.appex/state

19922 ??        0:04.87 /var/containers/Bundle/Application/1A871134-B134-4737-B1AD-A75F5911816B/Shadowrocket.app/Shadowrocket

19933 ??        0:07.47 /var/containers/Bundle/Application/69E8FB2D-564E-4B0A-B417-815EFDDE32B0/IHexin.app/IHexin

20010 ??        0:01.22 /var/containers/Bundle/Application/BF6FF444-E39E-4A7F-87CE-CDACAE0A94A9/Wingy.app/Wingy

20018 ??        0:00.06 /private/var/containers/Bundle/Application/79FE9E1B-BAB4-4276-9900-27BC42757695/cmblife.app/PlugIns/CMBLifeNotificationService.appex/CMBLifeNotificationService

20027 ??        0:07.26 /var/containers/Bundle/Application/2352565F-7F91-4532-BABF-C350A6084A86/Weibo.app/Weibo

20029 ??        0:00.25 /private/var/containers/Bundle/Application/D5D3E3E5-58A0-411F-97D7-19FBA3263374/live4iphone.app/PlugIns/NotificationSeviceExtension.appex/NotificationSeviceExtension

20038 ??        0:00.03 /private/var/containers/Bundle/Application/855D5058-822A-4C8C-986E-561F80759DA0/CodoonSport.app/PlugIns/CodoonSport UserNotification Service Extension.appex/CodoonSport UserNotification Service Extension

20126 ??        0:41.84 /var/containers/Bundle/Application/3B4BE59D-A09A-4F7D-970F-8DD7BFFB5347/TIM.app/TIM

20154 ??        0:00.25 /private/var/containers/Bundle/Application/2352565F-7F91-4532-BABF-C350A6084A86/Weibo.app/PlugIns/NotificationServiceExtension.appex/NotificationServiceExtension

20167 ttys000    0:00.01 grep var

iPersistence:~ root#


Clutch-2.0.4 -i,正确返回示例

iPersistence:~ root# Clutch-2.0.4 -i

Installed apps:

1:  Product Hunt

2:  豆丁书房-4亿文档图书随意看

3:  百词斩-背单词、学英语必备

Clutch-2.0.4 -d,com.util.box为目标app的bundleID,执行命令前确保打开了app并且使用了extension、widget,正确返回示例

iPersistence:~ root# Clutch-2.0.4 -d com.util.box

Zipping BNTPoint.app

ASLR slide: 0x100060000

Dumping (arm64)

Patched cryptid (64bit segment)

ASLR slide: 0x10001c000

Dumping (arm64)

Patched cryptid (64bit segment)

Writing new checksum

Writing new checksum

Dumping arm64

Dumping arm64

Successfully dumped framework lwip!

Dumping arm64

Dumping arm64

Dumping arm64

Dumping arm64

Dumping arm64

Successfully dumped framework Resolver!

Successfully dumped framework MMDB!

Dumping arm64

Dumping arm64

Successfully dumped framework Sodium!

Successfully dumped framework CocoaLumberjackSwift!

Successfully dumped framework CocoaLumberjack!

Successfully dumped framework Yaml!

Successfully dumped framework tun2socks!

Child exited with status 0

Child exited with status 0

Successfully dumped framework CocoaAsyncSocket!

Child exited with status 0

Child exited with status 0

Child exited with status 0

Child exited with status 0

Child exited with status 0

Child exited with status 0

Child exited with status 0

Dumping arm64

Successfully dumped framework NEKit!

Zipping CocoaAsyncSocket.framework

Zipping CocoaLumberjack.framework

Zipping CocoaLumberjackSwift.framework

Zipping MMDB.framework

Child exited with status 0

Zipping NEKit.framework

Zipping Resolver.framework

Zipping Sodium.framework

Zipping Yaml.framework

Zipping lwip.framework

Zipping tun2socks.framework

Zipping PacketTunnelProvider.appex

DONE: /private/var/mobile/Documents/Dumped/com.util.box-iOS9.3-(Clutch-2.0.4)-2.ipa

Finished dumping com.util.box in 8.6 seconds

生成IPA成功后,命令:scp -r root@IOSIp:/var/mobile/Documents/Dumped ~/Desktop/

-r必须添加,因为复制的是目录

你可能感兴趣的:(2018-10-08 iOS Clutch砸壳商店包初级版)