打开cydia 添加源: https://build.frida.re
打开刚刚添加的源 安装 frida
安装完成!
检查是否工作可以可在手机终端运行 frida-ps -U 查看
(备注:不检查也没事,我手机运行命令后显示 command not found 也不影响最终使用。)
前置条件,请参看我第一篇ssh免密码登录配置。
安装Homebrew
安装wget: brew install wget
安装pip:
wget https://bootstrap.pypa.io/get-pip.py
sudo python get-pip.py
清理残留: rm ~/get-pip.py
从Github下载工程:https://github.com/AloneMonkey/frida-ios-dump
cd 到frida-ios-dump目录
安装依赖:
sudo pip install -r requirements.txt --upgrade
(上步安装的过程中出现six的问题,
Found existing installation: six 1.4.1
Cannot uninstall 'six'. It is a distutils installed project and thus we cannot accurately determine which files belong to it which would lead to only a partial uninstall.
则执行sudo pip install six --upgrade --ignore-installed six
完成后再回上步重新安装依赖。
参考https://blog.csdn.net/jokey_wz/article/details/78819960)
下面是安装依赖成功的截图
修改dump.py参数:(改为自己机器的)
vim dump.py
User = 'root'
Password = 'alpine'
Host = 'localhost'
Port = 2222
最后,打开要砸的app,这里微信举例,
即可一键砸壳
./dump.py 微信
如下图:
备注1:如果执行命令出现如下问题,则重新插usb到手机
wangfeideMacBook-Pro:frida-ios-dump-master wangfei$ ./dump.py 微信
No handlers could be found for logger "paramiko.transport"
*** Caught exception: <class 'paramiko.ssh_exception.SSHException'>: Error reading SSH protocol banner[Errno 54] Connection reset by peer
Traceback (most recent call last):
File "./dump.py", line 309, in <module>
ssh.connect(Host, port=Port, username=User, password=Password)
File "/Library/Python/2.7/site-packages/paramiko/client.py", line 392, in connect
t.start_client(timeout=timeout)
File "/Library/Python/2.7/site-packages/paramiko/transport.py", line 545, in start_client
raise e
SSHException: Error reading SSH protocol banner[Errno 54] Connection reset by peer备注2:如果存在应用名称重复了怎么办呢?没关系首先使用如下命令查看安装的应用的名字和bundle id:
wangfeideMacBook-Pro:frida-ios-dump-master wangfei$ ./dump.py -l
PID Name Identifier
---- ------------ ---------------------------
3490 App Store com.apple.AppStore
3218 Cydia com.saurik.Cydia
3349 Filza com.tigisoftware.Filza
3518 QQ com.tencent.mqq
3263 Safari com.apple.mobilesafari
3479 微信 com.tencent.xin
3096 邮件 com.apple.mobilemail 然后使用如下命令对指定的bundle id应用进行砸壳即可:
./dump.py -b com.tencent.xin
./dump.py com.tencent.xin