首先可以拿自己的ipa包进行尝试。
选择你的ipa包,然后把后缀名改为zip,解压缩得到Payload文件夹,里面就是你的APP。
打开终端,直接cd到你的xxxx.app目录下。具体做法,输入cd,然后把xxxx.app直接拖到终端里打个回车。
然后输入otool,会显示如下内容:
Usage: /Applications/Xcode9.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/otool [-arch arch_type] [-fahlLDtdorSTMRIHGvVcXmqQjCP] [-mcpu=arg] [--version] <object file> ...
-f print the fat headers
-a print the archive header
-h print the mach header
-l print the load commands
-L print shared libraries used
-D print shared library id name
-t print the text section (disassemble with -v)
-p <routine name> start dissassemble from routine name
-s <segname> <sectname> print contents of section
-d print the data section
-o print the Objective-C segment
-r print the relocation entries
-S print the table of contents of a library (obsolete)
-T print the table of contents of a dynamic shared library (obsolete)
-M print the module table of a dynamic shared library (obsolete)
-R print the reference table of a dynamic shared library (obsolete)
-I print the indirect symbol table
-H print the two-level hints table (obsolete)
-G print the data in code table
-v print verbosely (symbolically) when possible
-V print disassembled operands symbolically
-c print argument strings of a core file
-X print no leading addresses or headers
-m don't use archive(member) syntax
-B force Thumb disassembly (ARM objects only)
-q use llvm's disassembler (the default)
-Q use otool(1)'s disassembler
-mcpu=arg use `arg' as the cpu for disassembly
-j print opcode bytes
-P print the info plist section as strings
-C print linker optimization hints
--version print the version of
/Applications/Xcode9.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/bin/otool
有兴趣的同学可以仔细研究一下每个命令是干吗用的,这里介绍几个常用命令:
可执行文件的名称可以右键xxxx.app文件,选择显示包内容,然后找到里面的exec文件,把名字打进去。一般来说这个文件的名字跟xxxx是一样的
然后奇迹就出现了。。。
/System/Library/Frameworks/CoreBluetooth.framework/CoreBluetooth (compatibility version 1.0.0, current version 1.0.0)
/System/Library/Frameworks/CoreData.framework/CoreData (compatibility version 1.0.0, current version 851.0.0)
/System/Library/Frameworks/CoreGraphics.framework/CoreGraphics (compatibility version 64.0.0, current version 1161.21.0)
/System/Library/Frameworks/MediaPlayer.framework/MediaPlayer (compatibility version 1.0.0, current version 1.0.0)
/System/Library/Frameworks/QuartzCore.framework/QuartzCore (compatibility version 1.2.0, current version 1.11.0)
/System/Library/Frameworks/UserNotifications.framework/UserNotifications (compatibility version 1.0.0, current version 1.0.0)
@rpath/libswiftAVFoundation.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftAssetsLibrary.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftCore.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftCoreAudio.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftCoreData.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftCoreFoundation.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftCoreGraphics.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftCoreImage.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftCoreLocation.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftCoreMedia.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftDarwin.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftDispatch.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftFoundation.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftMetal.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftObjectiveC.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftQuartzCore.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftUIKit.dylib (compatibility version 1.0.0, current version 902.0.54)
@rpath/libswiftsimd.dylib (compatibility version 1.0.0, current version 902.0.54)
.............
是不是很熟悉?这个命令列出了你使用的所有库的名字。
查看ipa包是否加壳:
otool -l 可执行文件 | grep crypt
cryptoff 16384
cryptsize 6651904
cryptid 0
cryptoff 16384
cryptsize 6553600
cryptid 0
其中cryptid代表是否加壳,1代表加壳,0代表已脱壳。我们发现打印了两遍,其实代表着该可执行文件支持两种架构armv7和arm64.
这里给大家推荐一个自动化检测的神器:
MobSF
根据Document的提示自行研究一下吧。
