原文地址 http://www.alonemonkey.com/2018/01/30/frida-ios-dump/

https://aberlt.github.io/2017/12/14/记砸壳工具-frida-ios-dump-的使用/#使用-frida-ios-dump

背景

最早的砸壳工具是stefanesser写的dumpdecrypted,通过手动注入然后启动应用程序在内存进行dump解密后的内存实现砸壳,这种砸壳只能砸主App可执行文件。

对于应用程序里面存在framework的情况可以使用conradev的dumpdecrypted,通过_dyld_register_func_for_add_image注册回调对每个模块进行dump解密。

但是这种还是需要拷贝dumpdecrypted.dylib,然后找路径什么的,还是挺麻烦的。所以笔者干脆放到MonkeyDev模板变成一个tweak的形式dumpdecrypted,这样填写目标bundle id然后看日志把文件拷贝出来就可以了。

但是还是很麻烦,需要拷贝文件自己还原ipa,然后有了KJCracks的Clutch通过posix_spawnp创建进程然后dump直接生成ipa包在设备,可以说是很方便了。这个是工具在使用的时候大部分应用会出报错,此外生成的包还需要自己拷贝。

一键dump

人都是想偷懒的,于是便有了本文将要介绍的frida-ios-dump,该工具基于frida提供的强大功能通过注入js实现内存dump然后通过python自动拷贝到电脑生成ipa文件,通过以下方式配置完成之后真的就是一条命令砸壳。

环境配置

首先上面也说了该工具基于frida,所以首先要在手机和mac电脑上面安装frida,安装方式参数官网的文档:https://www.frida.re/docs/home/

待续

➜  ~ sudo pip install frida --ignore-installed six

The directory '/Users/tyrad/Library/Caches/pip/http' or its parent directory is not owned by the current user and the cache has been disabled. Please check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
The directory '/Users/tyrad/Library/Caches/pip' or its parent directory is not owned by the current user and caching wheels has been disabled. check the permissions and owner of that directory. If executing pip with sudo, you may want sudo's -H flag.
Collecting frida
  Downloading frida-10.6.54.tar.gz
Collecting six
  Downloading six-1.11.0-py2.py3-none-any.whl
Collecting colorama>=0.2.7 (from frida)
  Downloading colorama-0.3.9-py2.py3-none-any.whl
Collecting prompt-toolkit>=0.57 (from frida)
  Downloading prompt_toolkit-1.0.15-py2-none-any.whl (247kB)
    100% |████████████████████████████████| 256kB 29kB/s
Collecting pygments>=2.0.2 (from frida)
  Downloading Pygments-2.2.0-py2.py3-none-any.whl (841kB)
    100% |████████████████████████████████| 849kB 21kB/s
Collecting wcwidth (from prompt-toolkit>=0.57->frida)
  Downloading wcwidth-0.1.7-py2.py3-none-any.whl
Installing collected packages: colorama, wcwidth, six, prompt-toolkit, pygments, frida
  Running setup.py install for frida ... done
Successfully installed colorama-0.3.9 frida-10.6.54 prompt-toolkit-1.0.15 pygments-2.2.0 six-1.11.0 wcwidth-0.1.7