代码拉取完成,页面将自动刷新
一键Dump iOS加密MachO至A64Dbg与之对应的缓存目录,源码解读在这里。
adcpp-ios-dump.py : A64Dbg插件主程序,用于人机交互;
adcpp-ios-dump.adc : A64Dbg插件附加程序,用于Dump加密的MachO,它是由主程序发送至目标iOS进程中的Payload程序;
adcpp-ios-dump.mm : A64Dbg插件附加程序源代码,用于macOS平台开发者模式修改adcpp-ios-dump.mm的实现逻辑;
将adcpp-ios-dump.py、adcpp-ios-dump.adc拷贝至A64Dbg插件目录,然后重启A64Dbg即可。
macOS/Linux目录为:
~/A64Dbg/plugin
Windows目录为:
SysDrive:\Users\~\A64Dbg\plugin
1.将A64Dbg调试模式设置为Remote UraniumVM iOS;
2.Attach要砸壳的目标进程;
3.执行主菜单Plugins/adcpp-ios-dump,然后就可以在A64Dbg缓存目录得到对应解密后的MachO文件;
adcpp_ios_dump : Start dumping process 1162 (Build Oct 9 2021 14:58:25).
adcpp_ios_dump : Suspending task thread 00000303 with kernel result 0.
adcpp_ios_dump : Suspending task thread 0000300b with kernel result 0.
adcpp_ios_dump : Suspending task thread 00003203 with kernel result 0.
adcpp_ios_dump : Suspending task thread 0000a03b with kernel result 0.
adcpp_ios_dump : Suspending task thread 00005903 with kernel result 0.
adcpp_ios_dump : Ignored adcpp thread 00010107.
adcpp_ios_dump : Dumping /var/containers/Bundle/Application/6155B008-47B9-4660-857D-D0CC77A52838/iOSApp.app/iOSApp.
adcpp_ios_dump : Readed file iOSApp, size 62505088.
adcpp_ios_dump : Min version a0000, encrypt info 0x4000,50118656.
adcpp_ios_dump : Sending iOSApp, 10.0.0, 62505088.
Received iOSApp, 10.0.0, 62505088.
Saved to ~/A64Dbg/decache/iOS/arm64-apple-ios/iOSApp.
Linked to ~/A64Dbg/decache/iOS/arm64-apple-ios10.0.0/iOSApp.
adcpp_ios_dump : Dumping /private/var/containers/Bundle/Application/6155B008-47B9-4660-857D-D0CC77A52838/iOSApp.app/Frameworks/webview_flutter.framework/webview_flutter.
adcpp_ios_dump : Readed file webview_flutter, size 123376.
adcpp_ios_dump : Min version 90000, encrypt info 0x4000,32768.
adcpp_ios_dump : Sending webview_flutter, 9.0.0, 123376.
Received webview_flutter, 9.0.0, 123376.
Saved to ~/A64Dbg/decache/iOS/arm64-apple-ios/webview_flutter.
Linked to ~/A64Dbg/decache/iOS/arm64-apple-ios9.0.0/webview_flutter.
adcpp_ios_dump : Dumping /private/var/containers/Bundle/Application/6155B008-47B9-4660-857D-D0CC77A52838/iOSApp.app/Frameworks/yoga.framework/yoga.
adcpp_ios_dump : Readed file yoga, size 197248.
adcpp_ios_dump : Min version 80000, encrypt info 0x4000,65536.
adcpp_ios_dump : Sending yoga, 8.0.0, 197248.
Received yoga, 8.0.0, 197248.
Saved to ~/A64Dbg/decache/iOS/arm64-apple-ios/yoga.
Linked to ~/A64Dbg/decache/iOS/arm64-apple-ios8.0.0/yoga.
adcpp_ios_dump : Dumping /private/var/containers/Bundle/Application/6155B008-47B9-4660-857D-D0CC77A52838/iOSApp.app/Frameworks/QMUIKit.framework/QMUIKit.
adcpp_ios_dump : Readed file QMUIKit, size 1812032.
adcpp_ios_dump : Min version 80000, encrypt info 0x4000,983040.
adcpp_ios_dump : Sending QMUIKit, 8.0.0, 1812032.
Received QMUIKit, 8.0.0, 1812032.
Saved to ~/A64Dbg/decache/iOS/arm64-apple-ios/QMUIKit.
Linked to ~/A64Dbg/decache/iOS/arm64-apple-ios8.0.0/QMUIKit.
adcpp_ios_dump : Resuming task thread 00011807 with kernel result 0.
adcpp_ios_dump : Resuming task thread 00011317 with kernel result 0.
adcpp_ios_dump : Resuming task thread 0001264b with kernel result 0.
adcpp_ios_dump : Resuming task thread 00004677 with kernel result 0.
adcpp_ios_dump : Resuming task thread 0000ad13 with kernel result 0.
adcpp_ios_dump : Ignored adcpp thread 00010107.
adcpp_ios_dump : Finished dumping.
2022/2/21:
2021/10/29:
2021/10/9:
2021/9/16:
此处可能存在不合适展示的内容,页面不予展示。您可通过相关编辑功能自查并修改。
如您确认内容无涉及 不当用语 / 纯广告导流 / 暴力 / 低俗色情 / 侵权 / 盗版 / 虚假 / 无价值内容或违法国家有关法律法规的内容,可点击提交进行申诉,我们将尽快为您处理。
马建仓 AI 助手