1. Copy jailbreak the phone / Developer / usr / debugserver bin directory to Mac computers
2. debugserver be thin (iOS11 can not thin, because only supports 64-bit architecture program), in debugserver directory input lipo -info debugserver enter in a terminal:. Lipo -thinarmv7 debugserver -output debugserver
3. Create a plist file in xcode
com.apple.springboard.debugapplications
<true/>
<key>get-task-allow</key>
<true/>
<key>task_for_pid-allow</key>
<true/>
<key>run-unsigned-code</key>
<true/>
Plist and then copy the file to the same directory debugserver computer, input terminal
codesign -s - --entitlements en.plist -f debugserver
You can give us debugserver conferred on the task_for_pid rights.
4. Then in a terminal input: codesign -d --entitlements - ./debugserver
View authorization file description, plist file write stuff
The terminal, enter: scp -P 2222 ./debugserver root @ localhost: / usr / bin / debugserver
The debugserver copy to the phone
6.ps the AUX view the phone process
After switching to the phone 7.Mac cd / usr / bin /, input chmod + x debugserver, permission to
10.debugserver *:1234 -a WhatsApp
11. open a new terminal, port forwarding do first: iproxy 1234 1234, so a faster connection, open a new terminal: lldb enter, do port forwarding input: process connectconnect: // localhost: 1234, did not do port forwarding input
process connectconnect://IP
12. After a successful connection, the input c to continue, then the image list -o -f, obtain the base address
13. A copy of the base address, and then run after you're done smashing shell executable file, and then find the name of the function you want to debug in the Hopper, the record function name offset address,
Then enter br s -a 'offset base address + 0x' terminal, start breakpoint debugging.