Xcode9混淆iOS代码和class-dump反编译

本文链接：https://www.jianshu.com/p/3ce1343b89af

参考这文章

iOS Framework混淆/编译打包脚本(支持swift/oc/c++) -
https://www.jianshu.com/p/be751f780d94

1 测试原版Demo

$ sh confuseAndBuild.sh 
参数个数：0  参数值:
-e usage: ./confuseAndBuild.sh [-u|c|b|a]
-e   -u
-e       unconfuse: 清理工作，去混淆
-e   -c
-e       safeConfuse: 去混淆->备份->混淆
-e   -b
-e       buildAll: 编译生成通用framework
-e   -a
-e       safeConfuseAndBuild: 去混淆->备份->混淆->编译->去混淆
-e EXAMPLE:
-e   ./confuseAndBuild.sh -u

下面尝试混淆代码

$ sh confuseAndBuild.sh -c
参数个数：1  参数值:-c
-e [info] clean start...
Not confuse yet!
-e [info] clean done
-e [info] backup all swift files
backup ./Framework/ConfuseFW.framework/Headers/ConfuseFW-Swift.h to ./Framework/ConfuseFW.framework/Headers/.ConfuseFW-Swift.h.bak
backup ./Framework/ConfuseFW.framework/Headers/ConfuseFW.h to ./Framework/ConfuseFW.framework/Headers/.ConfuseFW.h.bak
backup ./Example/Example/ViewController.swift to ./Example/Example/.ViewController.swift.bak
backup ./Example/Example/AppDelegate.swift to ./Example/Example/.AppDelegate.swift.bak
backup ./ConfuseFW/ConfuseClass.swift to ./ConfuseFW/.ConfuseClass.swift.bak
backup ./ConfuseFW/ConfuseFW.h to ./ConfuseFW/.ConfuseFW.h.bak
-e [info] confuse start...
  private_var2 => WdxHoCRNEciQeqLA
  private_cls => nIXdIrjgoXeTovvN
  private_ConfuseClass2 => gPlqegDkjgNkkaLZ
  private_ConfuseClass2 => gPlqegDkjgNkkaLZ
  private_var2 => WdxHoCRNEciQeqLA
  private_cls => nIXdIrjgoXeTovvN
  private_ConfuseClass2 => gPlqegDkjgNkkaLZ
  private_func2 => htkpkIcjJJiaVsWE
  private_func2 => htkpkIcjJJiaVsWE
  private_var2 => WdxHoCRNEciQeqLA
  private_cls => nIXdIrjgoXeTovvN
  private_ConfuseClass2 => gPlqegDkjgNkkaLZ
-e [info] confuse done

混淆成功。

混淆成功

撤销混淆

$ sh confuseAndBuild.sh -u

2 反编译framework

怎么查看framework？用class-dump、IDA。

尝试反编译计算器APP

class-dump -H /Applications/Calculator.app -o ~/Desktop/calculate\ heads

反编译CoreLocation.framework

$ class-dump -H /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/CoreLocation.framework -o ~/Desktop/CoreLocation
class-dump: Input file (/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/CoreLocation.framework) doesn't contain an executable.

反编译AppKit.framework

class-dump /System/Library/Frameworks/AppKit.framework

尝试反编译demo的framework，用class-dump报错

$ class-dump -H code/xcode/iOSConfuse/Framework/ConfuseFW.framework -o ~/Desktop/confuse
2018-11-13 19:41:20.210 class-dump[20871:1234755] *** Assertion failure in -[CDObjectiveC2Processor loadIvarsAtAddress:], /Volumes/Lion/Users/nygard/Source/git/me/Tools/class-dump/Source/CDObjectiveC2Processor.m:411
2018-11-13 19:41:20.211 class-dump[20871:1234755] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Invalid parameter not satisfying: [cursor offset] != 0'
*** First throw call stack:
(
    0   CoreFoundation                      0x00007fff2dcf400b __exceptionPreprocess + 171
    1   libobjc.A.dylib                     0x00007fff548e8c76 objc_exception_throw + 48
    2   CoreFoundation                      0x00007fff2dcf9da2 +[NSException raise:format:arguments:] + 98
    3   Foundation                          0x00007fff2fe06260 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 193
    4   class-dump                          0x000000010a0d0f96 class-dump + 159638
    5   class-dump                          0x000000010a0cfdd0 class-dump + 155088
    6   class-dump                          0x000000010a0ce4fc class-dump + 148732
    7   class-dump                          0x000000010a0cbabf class-dump + 137919
    8   class-dump                          0x000000010a0abc19 class-dump + 7193
    9   class-dump                          0x000000010a0bb80b class-dump + 71691
    10  libdyld.dylib                       0x00007fff554d8115 start + 1
)
libc++abi.dylib: terminating with uncaught exception of type NSException
Abort trap: 6

改用IDA反编译framework，显示func2被混淆了。

func2混淆后

反编译func2混淆前

反编译fun2混淆后

3 TODO

• 下面学打framework包。
• 有空要学一下Scheme。
• 怎么在Xcode运行脚本？

END

参考

class-dump的安装和使用 -
https://www.jianshu.com/p/1e3fe0a8c048