1. 将越狱开发工具包theos放到某个目录, 如: /opt/theos

2.配置环境变量: 家目录下创建.bash_profile, 将 export THEOS=/opt/theos 添加到最后一行.

3.  ldid是用于签名iOS可执行文件的工具, brew install ldid

4.dpkg-deb, deb是越狱开发包的标准格式, dpkg-deb

5. 新建工程命令:  /opt/theos/bin/nic.pl , 然后输入序号选择模板, 如: 11.iphone/tweak

6. homebrew 安装: /usr/bin/ruby -e "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install)"

7. make package失败, 执行以下命令

    sudo cpan Compress::Raw::Lzma

    cpan Compress::Raw::Lzma

    sudo cpan IO::Compress::Lzma

    cpan IO::Compress::Lzma

8.选择xcode: sudo xcode-select -s /Applications/Xcode.app/Contents/Developer

9. make package, make install (修改makefile ip)安装到手机

10. 默认登录手机密码: alpine

11.deviceconsole 是查看log的工具(放到: /usr/local/bin, chmod +x /usr/local/bin/deviceconsole)

-u, -p 打印日志

12. copy: class-dump, dsc_extractor, iSign 3个工具拷贝到 /usr/local/bin, 执行:chmod +x /usr/local/bin/class-dump

13. scp命令

scp: 远程拷贝到本地:  scp -r root@192.168.*.*:/opt/Decrypt ./   (手机拷贝到本地)

scp:本地拷贝到远程:  scp /Users/chris/Desktop/AppInfo root@192.168.76.253:/usr/bin) (本地到手机)

14. 登录手机: ssh root@192..手机ip  (修改文件权限: chmod +x /usr/bin/AppInfo)

clutch -i.  查看装了哪些

uname -a  

15.脱壳工具:dumpdecrypted.dylib ,  DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /private/var/mobile/Containers/Bundle/Application/09943105-FE1F-4720-974A-674D9F21D7F8/WeChat.app/WeChat

16. 是否是加密: otool -l WeChat.decrypted | grep crypt   cryptid 0加密,  1没有加密

17. 查看使用的库: otool -L wechat.decrypted 

18.  砸壳获取类信息: class-dump Wechate.decrypted >> WeChat2.h

19. 脱壳流程, 登录到手机, 然后执行:  DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /private/var/mobile/Containers/Bundle/Application/XXXXXX/WeChat.app/WeChat,  到 cd /var/root/Documents/Decrypt/ , 切换到电脑,scp -r root@192.168.*.*:/var/root/Documents/Decrypt /opt/work  然后将远程文件拷贝到本地, 

20. 生成xm:   /opt/theos/bin/logify.pl /opt/work/Decrypt/CMessageMgr.h >> ../xm/CMessageMgr.xm

21. 安装deb包:  dpkg -i lldb.6.0.0.deb  (路径必须在var/root下)

22. 挂载微信: lldb -n WeChat

23. 首地址(需要挂载):  image list -o -f  (WeChat.app/WeChat) 

24. Hopper中对应偏移

25. ld连机器

26. system header search path

27. Xcode build. 

28. si: step in 

29. 进入lldb, 输入help. 了解某个命令: help **

30. br s -a 0x10676128 -> 设置断点,  c -> continue , ni逐条执行

31. po 0x10676128 查看实例, po (char *)$x1 地址   memory read -c 100 $x1

32. 动态调试主要关注: 内存<到>寄存器

33. 查看是否加密: otool -l WeChat.decrypted | grep crypt

34.