iOS12+最佳的砸壳插件
推荐使用 静态砸壳工具4 最方便
1. 静态砸壳工具flexdecrypt
- mac 远程登录到iphone
(base) jujiadeiMac:~ jujia$ sh login.sh
- 切换到/tmp 目录下面
wangdande-iPhone:/tmp root#
- 使用wget https://github.com/JohnCoates/flexdecrypt/releases/download/1.1/flexdecrypt.deb 下载flexdecrypt.deb
wangdande-iPhone:/tmp root# wget https://github.com/JohnCoates/flexdecrypt/releases/download/1.1/flexdecrypt.deb
- 安装flexdecrypt插件 dpkg -i flexdecrypt.deb
wangdande-iPhone:/tmp root# dpkg -i flexdecrypt.deb
- 通过ps -A | grep "进程名(大概就差不多)" 这里我以网易云音乐为案例
wangdande-iPhone:/tmp root# ps -A | grep neteasemusic
- 找到你要砸壳的应用程序的mach-o 文件并切换到该目录下
wangdande-iPhone:~ root# cd /var/containers/Bundle/Application/3698A8BC-5256-4C34-9427-8BDFFAE67B61/neteasemusic.app/
- 通弄flexdecrypt砸壳 flexdecrypt neteasemusic(mach-o 文件)
wangdande-iPhone:/var/containers/Bundle/Application/3698A8BC-5256-4C34-9427-8BDFFAE67B61/neteasemusic.app root# flexdecrypt neteasemusic
- 如愿成功的写入到 /tmp/neteasemusic 下面了
Wrote decrypted image to /tmp/neteasemusic
- 在mac端通过 otool(Xcode自带的工具不用额外装) 这个工具查看是否砸壳成功
(base) jujiadeiMac:neteasemusic jujia$ otool -l neteasemusic | grep crypt
cryptoff 16384
cryptsize 87080960
cryptid 0
name @rpath/NEEncryptLog.framework/NEEncryptLog (offset 24)
- 下面你可以通过iFunBox /scp 等工具弄到 mac 电脑上面 通过 Hopper Disassembler 工具愉快的玩耍了.
