【IOS逆向】frida-ios-dump砸壳

移动开发 2023-10-01 07:08:32 阅读次数: 0

【IOS逆向】frida-ios-dump砸壳

前面尝试了dumpdecrypted和Clutch砸壳,均未能砸壳成功,这些工具的更新时间都是2016年以前了,技术上没有迭代,所以我们在尝试新的砸壳思路
https://github.com/AloneMonkey/frida-ios-dump

frida-ios-dump

这里除了frida还有一些额外的环境

usbmuxd

brew install usbmuxd

pip依赖

sudo python3 -m pip  install -r requirements.txt --upgrade
 ✘  ~/Downloads/VulnTools/SecurityForIOS/frida-ios-dump   master  python3 -m pip install paramiko
Looking in indexes: http://mirrors.aliyun.com/pypi/simple/
Collecting paramiko
  Downloading http://mirrors.aliyun.com/pypi/packages/ae/fe/3ab1540ee3f956fed7c738ac60b17586b3e57629a6b8f8dcbb790fca00c2/paramiko-3.0.0-py3-none-any.whl (210 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 210.8/210.8 kB 88.9 kB/s eta 0:00:00
Requirement already satisfied: cryptography>=3.3 in /Users/huangweihong/.pyenv/versions/3.8.13/lib/python3.8/site-packages (from paramiko) (37.0.2)
Collecting pynacl>=1.5
  Downloading http://mirrors.aliyun.com/pypi/packages/ce/75/0b8ede18506041c0bf23ac4d8e2971b4161cd6ce630b177d0a08eb0d8857/PyNaCl-1.5.0-cp36-abi3-macosx_10_10_universal2.whl (349 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 349.9/349.9 kB 90.5 kB/s eta 0:00:00
Collecting bcrypt>=3.2
  Downloading http://mirrors.aliyun.com/pypi/packages/78/d4/3b2657bd58ef02b23a07729b0df26f21af97169dbd0b5797afa9e97ebb49/bcrypt-4.0.1-cp36-abi3-macosx_10_10_universal2.whl (473 kB)
     ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 473.4/473.4 kB 85.7 kB/s eta 0:00:00
Requirement already satisfied: cffi>=1.12 in /Users/huangweihong/.pyenv/versions/3.8.13/lib/python3.8/site-packages (from cryptography>=3.3->paramiko) (1.15.0)
Requirement already satisfied: pycparser in /Users/huangweihong/.pyenv/versions/3.8.13/lib/python3.8/site-packages (from cffi>=1.12->cryptography>=3.3->paramiko) (2.21)
Installing collected packages: bcrypt, pynacl, paramiko
Successfully installed bcrypt-4.0.1 paramiko-3.0.0 pynacl-1.5.0
 ~/Downloads/VulnTools/SecurityForIOS/frida-ios-dump   master  ./dump.py
Traceback (most recent call last):
  File "./dump.py", line 22, in <module>
    from scp import SCPClient
ModuleNotFoundError: No module named 'scp'
 ✘  ~/Downloads/VulnTools/SecurityForIOS/frida-ios-dump   master  python3 -m pip install scp
Looking in indexes: http://mirrors.aliyun.com/pypi/simple/
Collecting scp
  Downloading http://mirrors.aliyun.com/pypi/packages/7f/04/4bcc504e6c2fdcfee7d74a6d14a49db0f129baf2cfa19f61148f333e96b9/scp-0.14.5-py2.py3-none-any.whl (8.7 kB)
Requirement already satisfied: paramiko in /Users/huangweihong/.pyenv/versions/3.8.13/lib/python3.8/site-packages (from scp) (3.0.0)
Requirement already satisfied: pynacl>=1.5 in /Users/huangweihong/.pyenv/versions/3.8.13/lib/python3.8/site-packages (from paramiko->scp) (1.5.0)
Requirement already satisfied: cryptography>=3.3 in /Users/huangweihong/.pyenv/versions/3.8.13/lib/python3.8/site-packages (from paramiko->scp) (37.0.2)
Requirement already satisfied: bcrypt>=3.2 in /Users/huangweihong/.pyenv/versions/3.8.13/lib/python3.8/site-packages (from paramiko->scp) (4.0.1)
Requirement already satisfied: cffi>=1.12 in /Users/huangweihong/.pyenv/versions/3.8.13/lib/python3.8/site-packages (from cryptography>=3.3->paramiko->scp) (1.15.0)
Requirement already satisfied: pycparser in /Users/huangweihong/.pyenv/versions/3.8.13/lib/python3.8/site-packages (from cffi>=1.12->cryptography>=3.3->paramiko->scp) (2.21)
Installing collected packages: scp
Successfully installed scp-0.14.5

砸壳

终端1

iproxy 2222 22

终端2

ssh root@127.0.0.1 -p 2222
The authenticity of host '[127.0.0.1]:2222 ([127.0.0.1]:2222)' can't be established.
RSA key fingerprint is SHA256:S1zJ0P1vjW2JU7KPVtdi11dF0YNd1CNUEoK9jdPzBs8.
This host key is known by the following other names/addresses:
    ~/.ssh/known_hosts:23: 192.168.0.103
Are you sure you want to continue connecting (yes/no/[fingerprint])? yes
Warning: Permanently added '[127.0.0.1]:2222' (RSA) to the list of known hosts.
root@127.0.0.1's password:
iPhone:~ root#
iPhone:~ root#

终端3

 ~  fridadump xxxx
Start the target app xxxxx

在这里插入图片描述
在这里插入图片描述

解压

unzip xx.ipa

在当前目录下会出现一个payload文件夹,里面有砸壳完成的app

加密查询

 ✘  ~/wenku/Payload/WKMainProject.app  otool -l WKMainProject | grep crypt
     cryptoff 26890240
    cryptsize 4096
      cryptid 0

在这里插入图片描述

二进制逆向查看

直接将上述得到的IPA丢给hopper即可查看逆向代码
在这里插入图片描述

问题

如果出现

 ~  frida-ps -U
Failed to enumerate processes: timeout was reached

则可以更新下cydia的frida版本和mac本地的frida版本

如果出现

 ~  fridadump xxx
Start the target app xxxx
timeout was reached

则需要包吃屏幕常亮和app打开,因为是动态注入的

猜你喜欢

转载自blog.csdn.net/xiru9972/article/details/129100902
今日推荐
《美国对全球网络空间安全与发展的威胁和破坏》报告发布
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
国产云输入法——仅华为无云端数据上传安全问题
周排行
Python环境安装与基础语法(1)——计算机基础知识
IMU预积分
ADAS中的LDW、FCW、BSD、LCA、ACC、AEB、APA、DMS代表的含义
B站笔试两道题
skyeye arm 硬件虚拟机环境的搭建
Web前端静态页面示例
数组-合并排序数组 II-简单
springcloud之版本问题启动报错
面向对象-------------匿名对象(六)
输入URL到页面呈现中间发生了什么?
每日归档
更多
2024-04-30(1)
2024-04-29(40)
2024-04-28(0)
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)
2024-04-21(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022