IOS Reverse Engineering (simple use of "dumpdecrypted" to IPA shell)

IOS Reverse Engineering (simple use of "dumpdecrypted" to IPA shell)

First, the premise of the introduction

1, some from the APPStore store to download and install the APP default is apple with a shell, and the shell after we cannot use dump derived header files and other operations, thanks to the God gives us tools Dumpdecrypted so that we can hit this shell.

The compiled Dumpdecrypted tool download address:
https://github.com/DaSens/Crack-file

Two, summary steps

1, the device needs to open the shell APP.
2, SSH connected to the phone, find the location of the IPA package and record.
3, Cycript attached to the process, locate the Documents folder in App and record it.
4, copy dumpdecrypted.dylib to App directory of Documents.
5, after the implementation of the shell, and copy the file after smashing the shell, and then complete.
above is the step, in fact, is very simple, the following demo hit Tencent video shell:

The first step: find the two address:
need to use the command:

1, SSH [email protected] (iP address is the iP address of the device (2), PS -e 3, cycript -p view process) (additional process) 4, [[NSFileManager defaultManager] URLsForDirectory:NSDocumentDirectory inDomains:NSUserDomainMask][0]

Demo:

IOS Reverse Engineering (simple use of "dumpdecrypted" to IPA shell)

.

The second step: copy dumpdecrypted.dylib to App Documents Directory:
need to use the command:

SCP ~/dumpdecrypted.dylib [email protected]:/var/mobile/Containers/Data/Application/2B4C6281-C015-4FF3-A8EC-5E5C7554D447/Documents copy using Scp command
IOS Reverse Engineering (simple use of "dumpdecrypted" to IPA shell)

The third step: execute shell:
into the Documents directory, and then shell:
need to use the command:

DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Containers/Bundle/ Application/BFED82A3-3238-4F41-B797-C1CB584CBE05/qqlive.app/qqlive

Demo:

IOS Reverse Engineering (simple use of "dumpdecrypted" to IPA shell)

will then generate the.Decrypted file, this is the shell after the file. We can do next to him, such as export header file.

The fourth step: Test Dump file
Demo:

IOS Reverse Engineering (simple use of "dumpdecrypted" to IPA shell)

Reference book: iOS
: application of reverse engineering in the second edition of the
website: http://bbs.iosre.com/
of this article, the Internet may have a lot of, so this article is further consolidation and practice. By the way, for everyone to share, thank you. In addition, some users have encountered the case hit the shell is not successful, not the path permissions, nor is the device architecture mismatch problem, I did not carefully explore. If you encounter these two kinds of errors. Not resolved. You can try to hit the shell Clutch