iOS逆向常用命令记录

ssh

cd ~/.ssh/
ssh-keygen
scp Path root@IP:Path
vim ~/.ssh/config
Host ipad
    Hostname IP
    User root
    Port 22
    PreferredAuthentications publickey
    IdentityFile Path
cat **.pub >> /var/root/.ssh/authorized_keys

scp

scp Path root@IP:Path

ps grep

ps aux | grep APP
ps -e | grep APP
grep -r Find Path

class-dump

class-dump -H App -o Path
class-dump --arch armv7 -S -s -H APP -o Path

socat

socat - UNIX-CONNECT:/var/run/lockdown/syslog.sock
*** Facility com.apple.xxxxx**
*** PID 490**
watch

lldb+debugserver

lipo -thin arm64 ~/debugserver -output ~/debugserver
ldid -Sent.xml debugserver
scp ~/debugserver root@iOSIP:/usr/bin/debugserver
chmod +x /usr/bin/debugserver
debugserver *:1234 -a "SpringBoard"
process connect connect:IP:Port
image list -o -f
breakpoint
b function
br s -a address
br s -a 'ASLROffset+address'
br dis
br en
br del
ni
si
c

cycript

cycript -p SpringBoard 
[[UIApp keyWindow] recursiveDescription].toString()
[[[UIApp keyWindow] rootViewController] _printHierarchy].toString()
choose
[choose(****) _ivarDescription].toString()
[choose(****) _methodDescription].toString()
[SKUIOfferView _shortMethodDescription]
function currentVC() {
    var app = [UIApplication sharedApplication]  
    var keyWindow = app.keyWindow  
    var rootController = keyWindow.rootViewController  
    var visibleController = rootController.visibleViewController  
    if (!visibleController){
       return rootController
    }
    return visibleController.childViewControllers[0]
}

insert_dylib

/path/to/insert_dylib ***.dylib App
mv ****_patched App