iPhone 5s 12.4.4越狱 砸壳 记录
iPhone 5s 12.4.4越狱 砸壳 记录
用0.9.7 ,0.9.8的我试了几次都失败了
下载
打开软件点击start,时候会提示我们需要进入DFU模式,我们继续点击Next进入到恢复模式
按照提示按键
操作成功正在写入
越狱成功后手机桌面会多一个checkra1n,点进去安装cydia
然后用Cydia安装openssh
这样电脑就能连入手机的ssh了,默认密码是alpine
然后安装 firda
Setting up your iOS device
Start Cydia and add Frida’s repository by going to Manage -> Sources -> Edit -> Add and enter https://build.frida.re. You should now be able to find and install the Frida package which lets Frida inject JavaScript into apps running on your iOS device. This happens over USB, so you will need to have your USB cable handy, though there’s no need to plug it in just yet.
A quick smoke-test
Now, back on your Windows or macOS system it’s time to make sure the basics are working. Run:
$ frida-ps -U
然后电脑安装frida
下载脚本
git clone https://github.com/AloneMonkey/frida-ios-dump.git
安装依赖
sudo pip3 install -r requirements.txt --upgrade
安装端口转发工具
brew install libimobiledevice
brew install usbmuxd
关闭其他usb设备(这是个坑)
运行
iproxy 2223 22
python3 dump.py appname
失败,没砸开
换dumpdecrypted
Dumped文件下载到Mac中下载dumpdecrypted:
下载后进入文件执行make获得dumpdecrypted.dylib文件(动态库)
1、上传文件到越狱手机
scp dumpdecrypted.dylib root@192.168.1.168:/var/root/
2、在越狱手机上找到应用路径
ps -A
/var/containers/Bundle/Application/EB29BBE6-2F89-467F-A1B1-E0FFFCF3AF75/WeChat.app/WeChat
3、执行命令砸壳
DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/containers/Bundle/Application/EB29BBE6-2F89-467F-A1B1-E0FFFCF3AF75/WeChat.app/WeChat
失败
换
Clutch
下载https://github.com/KJCracks/Clutch/releases
cp Clutch root@192.168.0.124:/usr/bin/
Clutch -I查看
Clutch -d 脱壳
失败
npm install -g bagbak
成功
发表回复