Kate Li (Taiwan)的部落格

首頁

ios應用逆向工程資料

作者 zindani 時間 2020-04-17
all

又是很久不逆向App了,近期有點需求需要看看其他App怎麼實現的,想來複習一下。以及這兩年也有若干常用工具發生了變化,產生了一些新的工具。這篇文章總結下基礎的App逆向的方法、工具和一些書籍。以後有新的發現也會儘量更新到這篇文章。

硬體

越獄

手機是否可以越獄可通過這個網站來確定:https://canijailbreak.com/越獄用的軟件也有連結可下載。

工具

frida

官網https://www.frida.re/

Dynamic instrumentation toolkit for developers,reverse-engineers,and security researchers. Inject your own scripts into black box processes. Hook any function,spy on crypto APIs or trace private application code,no source code needed. Edit,hit save,and instantly see the results. All without compilation steps or program restarts.

cycript

http://www.cycript.org/


Cycript allows developers to explore and modify running applications on either iOS or Mac OS X using a hybrid of Objective-C++ and JavaScript syntax through an interactive console that features syntax highlighting and tab completion.

chisel(lldb script)

https://github.com/facebook/chisel

Chisel is a collection of LLDB commands to assist debugging iOS apps.

最常用的就是pview和pvc兩個命令了。所有支持的命令可以參考Wiki:https://github.com/facebook/chisel/wiki。

pview pvc

MonkeyDev

https://github.com/AloneMonkey/MonkeyDev

原有iOSOpenDev的陞級,非越獄挿件開發集成神器!

新生力量,誕生於2017年。已經是分析閉源應用的必備工具。

passionfruit

https://github.com/chaitin/passionfruit

基於frida開發,逆向必備,可以很容易看到協力廠商應用的各類資訊。

objection

https://github.com/sensepost/objection

基於frida的工具集。

objection is a runtime mobile exploration toolkit,powered by Frida. It was built with the aim of helping assess mobile applications and their security posture without the need for a jailbroken or rooted mobile device.

theos

https://github.com/theos/theos

提供了各類逆向開發的範本及工具。

A cross-platform suite of tools for building and deploying software for iOS and other platforms.

HookZz

https://github.com/jmpews/HookZz

a hook framework for arm/arm64/ios/android

AppleTrace

https://github.com/everettjf/AppleTrace

Objective C message tracing tool for iOS/macOS based on HookZz

dump

frida-ios-dump

https://github.com/AloneMonkey/frida-ios-dump

可以很方便的dump應用。可替代Clutch。

pull decrypted ipa from jailbreak device

Clutch

https://github.com/KJCracks/Clutch

Fast iOS executable dumper

dumpdecrypted

https://github.com/AloneMonkey/dumpdecrypted

在原版的基礎上新增了dump動態庫的功能。

Dumps decrypted mach-o files from encrypted applications、framework or app extensions.

dump class

Generate Objective-C headers from Mach-O files.

class-dump/class-dump-z/classdump-dyld

swift class dump

Hikari

https://github.com/HikariObfuscator/Hikari

Reveal

https://revealapp.com/

IDA

神器

Hopper

羽量級反編譯

Flex

https://github.com/Flipboard/FLEX

其他

strings、nm、weak_classdump

http://iphonedevwiki.net/index.php/Reverse_Engineering_Tools

iOS應用逆向工程

中文:http://item.jd.com/11670145.html英文:https://github.com/iosre/iOSAppReverseEngineering

Hacking iOS Applications

http://iosre.com/t/hacking-ios-applications/8014

security.ios-wiki.com

https://wizardforcel.gitbooks.io/ios-sec-wiki/

Advanced Apple Debugging & Reverse Engineering

https://store.raywenderlich.com/products/advanced-apple-debugging-and-reverse-engineering

Reverse Engineering for Beginners

https://beginners.re/中文https://item.jd.com/12166962.html

Beginner’s Guide to Exploitation on ARM

http://zygosec.com/Products/

*OSInternals

據說Volume II今年(2018年)秋天出來。

http://newosxbook.com/

反調試資料、Hook檢測

AttackingBYODEnterpriseMobileSecuritySolutions

OWASP Mobile Security Testing Guide

https://www.gitbook.com/book/b-mueller/the-owasp-mobile-security-testing-guide

iOS安全Wiki

https://legacy.gitbook.com/book/wizardforcel/ios-sec-wiki/detailshttp://security.ios-wiki.com

其他

http://iphonedevwiki.net/http://www.cydiasubstrate.com/https://www.theiphonewiki.com/

https://github.com/michalmalik/osx-re-101https://github.com/kpwn/iOSREhttps://github.com/pandazheng/IosHackStudy

http://www.droidsec.cn/category/ios%e5%ae%89%e5%85%a8%e6%94%bb%e9%98%b2/

https://github.com/nygardhttps://github.com/saurik

安全類入門文章

https://www.fuzzysecurity.com/tutorials.html

入門pwn

http://pwnable.kr/

Iot安全AzeriaLabs

https://azeria-labs.com/writing-arm-shellcode/

ARM彙編iOS調試進階

https://zhuanlan.zhihu.com/c_142064221

http://iosre.com