1. Phone jailbreak
ps: escape before xcode debugging with breakpoints phone once. This phone will be generated after debugServer file.
Mobile version ios12.4
https://www.abcydia.com/read-16031.html
Jailbreak official
gitHub
https://github.com/pwn20wndstuff/Undecimus/
I used here 3.5.6.ipa
Has been pro-test iphone5s, iphone6s, iphone6splus available.
iphone5s time is longer, I waited 10 minutes before a successful escape.
2. Computer installation ifunbox
http://www.i-funbox.com/zh-cn/page-download.html
3. Phone Installation AFC2 convenient computer via file transfer ifunbox
Lei Feng software source http://apt.abcydia.com
After adding the source afc2 to search.
4. If you can not open cydia network problems.
First with the installation Ace Assistant, and then install the music network
Open the Global vpn to the Internet.
After exploring install "even a hammer," it is the source of the boss. That can not resolve access problems.
5. Installation reveal2Loader
Computer terminal: installation Reveal 21.dmg version.
Phone: install reveal2Loader, search after installation, you'll find a version 1.0-1.
But this version is problematic. You need to install version 1.0-3.
It has the following steps. Uninstall reveal2Loader1.0-1 (Note that you must install before, then uninstall, because it can be installed depend on the package)
6. The need to install a Filza,
Then ifunbox, 1.0-3 version of the copy to the phone deb package var / mobile / Documents /
After opening install deb package by Filza, pay attention to Bahrain logout, to restart spingBoard can (if you forget, back then loaded plug-in can also make it reboot).
7. There may be no phone OpenSSH
cydia to install OpenSSH search
After that it is possible through ssh [email protected] computer connected to the phone. The password is alpine
If you find that operating a mobile phone input command too card, is because the wifi connection,
With the following article method, usb connection can be quickly adopted.
ios reverse (a) set up ssh password-free login via usb +
8. Frida phone installation, drop shells,
Refer to the detailed version ios reverse (ii) frida-ios-dump hit a key housing
Phone Source Address: https://build.frida.re
9.debugserver comes after the jailbreak. For more details, refer to my article.
ios Reverse (D) debugserver + lldb Commissioning - 2019 the latest version
10.cycript alternative Artifact
Cydia installed with the ios12 cycript can not be used.
Therefore, instead of directly cyrun
installation method:
cyrun need a "New Curses," "readline" and "adv-cmds" support. These are in cydia.
Under the previous two checks, in fact, already it comes.
1. Install cycript, installed dependent adv-cmds.
2. Then install cyrun
Details of the steps recommended to directly download the installation package with Filza installation:
Via SSH/terminal: wget http://apt.saurik.com/debs/cycript_0.9.594_iphoneos-arm.deb 15
wget http://www.tateu.net/repo/files/net.tateu.cycriptlistenertweak_1.0.0_iphoneos-arm.deb 18
wget http://www.tateu.net/repo/files/net.tateu.cyrun_1.0.5_iphoneos-arm.deb 17
dpkg -i cycript_0.9.594_iphoneos-arm.deb
dpkg -i net.tateu.cycriptlistenertweak_1.0.0_iphoneos-arm.deb net.tateu.cyrun_1.0.5_iphoneos-arm.deb
Tip: Add Source http://apt.saurik.com/cydia/ can be installed cycript, add the source http://www.tateu.net/repo/ installation cyrun.
Instructions:
注入进程
cyrun -n WeChat -e
取消注入:
cyrun -n WeChat -d
之后就可以用cycript的常用命令
UIApp
NSHomeDirectory()
[[NSBundle mainBundle] bundleIdentifier]
UIApp.delegate
UIApp.keyWindow
UIApp.keyWindow.rootViewController
#address :获取该对象
*#address:打印该对象成员变量
?exit
更多命令见
链接:https://www.jianshu.com/p/de0beb21fb52If you have any questions you can contact me.
