AppStore 上的app都是经过加密的,如果想要砸壳,或者干别的事情。首先要解密,最近在github上发现了一个比较牛掰的项目Clutch,可以给app解密,所以在这里写一个使用心得。
- git clone 最新版 clutch
localhost:~ wany$ git clone https://github.com/KJCracks/Clutch.git clutch
- 编译clutch项目
localhost:~ wany$ cd clutch
localhost:clutch wany$ xcodebuild -project Clutch.xcodeproj -configuration Release ARCHS="armv7 armv7s arm64" build
编译之后会在~/clutch/clutch 下生成一个可执行clutch文件
- clutch 可执行文件拷贝到iPhone 内(我的iPhone的ip地址为:192.168.00.00)
localhost:clutch wany$cd clutch
localhost:clutch wany$ scp clutch root@192.168.00.00:/usr/bin
root@192.168.00.00's password:
localhost:clutch wany$ cd ~
- ssh 连接到iPhone
localhost:~ wany$ ssh root@192.168.00.00
root@192.168.00.00's password:
wany-iPhone:~ root# chmod 7777 /usr/bin/clutch
wany-iPhone:~ root# clutch -i (查看ipone中应用列表)
1. app1<com.xx.app1>
2. app2<com.xxx.app2>
..... 省略部分......
wany-iPhone:~ root# clutch -d 2
Zipping Detection of color blindness.app
ASLR slide: 0xe7000
Dumping <Detection of color blindness> (armv7)
Patched cryptid (32bit segment)
Writing new checksum
DONE: /private/var/mobile/Documents/Dumped/com.xxx.app2-iOS7.0-(Clutch-2.0.4)-2.ipa
Finished dumping com.pinping.Seruodetection in 8.0 seconds
wany-iPhone:~ root# logout
Connection to 192.168.00.00 closed.
localhost:~ wany$
- 解密的ipa包,保存在/private/var/mobile/Documents/Dumped/ 目录下。可使用ssh , 或者iTool Pro 导出
ssh 导出
localhost:~ wany$ scp root@192.168.00.00 ~/Desktop
password:
localhost:~ wany$ cd ~/Desktop
localhost:Desktop$ ls
com.xxx.app2-iOS7.0-(Clutch-2.0.4)-2.ipa
.....省略其他.....
localhost:~ wany$
