安装Clutch
$ git clone https://github.com/KJCracks/Clutch
$ cd Clutch
直接使用Xcode进行构建
$ xcodebuild -project Clutch.xcodeproj -configuration Release ARCHS="armv7 armv7s arm64" build
生成出来的可执行文件就在Clutch目录下,将其拷贝到手机上:
scp Clutch/clutch root@<your.device.ip>:/usr/bin/
也可以直接只用Xcode编译,将Xocde中Products文件夹下的执行文件拷贝出来
开始砸壳
先ssh到越狱手机上,然后列出当前安装的应用
ssh root@<your.device.ip>
clutch -i
Installed apps:
1: Flashlight <com.bigblueclip.led>
2: 微信 <com.tencent.xin>
3: QQ同步助手 <com.tencent.QQPim>
根据列表中显示的包名进行砸壳
$ clutch -d com.tencent.xin
# com.tencent.xin contains watchOS 2 compatible application. It's not possible to dump watchOS 2 apps with Clutch 2.0.4 at this moment.
# Zipping WeChat.app
# Swapping architectures..
# ASLR slide: 0xb3000
# ...
# writing new checksum
# DONE: /private/var/mobile/Documents/Dumped/com.tencent.xin-iOS7.0-(Clutch-2.0.4).ipa
# Finished dumping com.tencent.xin in 76.9 seconds
可以看到clutch砸壳后的ipa文件放到了/private/var/mobile/Documents/Dumped/目录下。
修改成一个简单的名字,然后拷贝回电脑:
$ mv /private/var/mobile/Documents/Dumped/com.tencent.xin-iOS7.0-\(Clutch-2.0.4\).ipa /private/var/mobile/Documents/Dumped/wechat.ipa
$ scp root@<your.device.ip>:/private/var/mobile/Documents/Dumped/wechat.ipa ~/Desktop
砸壳完毕...
