This series is a compilation of my early listening to MJ’s class. Some of the references are quoted, and some may have forgotten to add. If there are some references, please contact me.
IOS Reverse (1) Environment setup iOS Reverse (2) Cycript iOS Reverse (3) Reverse tool iOS Reverse (4) Unshell audit iOS Reverse (5) Theos tool iOS Reverse (6) Dynamic debugging iOS reverse (7) re-signature
A, prison break
IOS Jailbreak allows users to use the iOS Jailbreak to gain access to the iOS Jailbreak.
- jailbreak
Jailbroken iphones can be shut down and restarted normally
- Imperfect prison break
Once the iPhone is turned off and turned on again, the screen will remain in the boot screen, that is, the “white Apple” state, or the iPhone can be started normally, but the installed crack software can not be used normally, you need to connect the device to the PC, and use the software to boot.
Two, software and hardware preparation
2.1 Devices and Systems
| equipment | system | |
|---|---|---|
| After the iPhone5s, 64-bit support | 8.0-8.4 | |
| 9.0-9.1 | jailbreak |
To check whether the phone can be jailbroken: jailbreak.25pp.com/ios
2.2 Jailbreaking Software
2.2.1 mobiles
- PP assistant: Jailbreak
- Ace’s assistant: Prison break
- Cydia: App Store after Jailbreak
2.2.2 Mac software
- PP Assistant: Download APP resources
- IFunBox: Installs the IPA and views system files
2.3 the Cydia
After jailbreaking, to set up the development environment, do the following in sequence.
2.3.1 Adding Software Sources
PP Assistant software source: apt.25pp.com
- After installing the software in Cydia, SpringBoard restarts automatically, that is, the iOS desktop.
2.3.2 Installing software
!!!!!!!!! You are advised to follow the installation sequence; otherwise, the environment configuration may be incorrect.
| The order | software | role | Software sources |
|---|---|---|---|
| 1 | Apple File Conduit “2” | You can access the entire iOS device file system |
If installing deb from Cydia source fails, you can install it as follows:
- First download deb format installation package from the Internet, iFile installation package;
- Place the DEB installation package in
/var/root/Media/Cydia/AutoInstall; - Restart the phone, and Cydia automatically installs deb. | Bigboss
Apt.thebigboss.org/repofiles/c…| | | 4 OpenSSH | remote login, Mac login iPhone, need to install OpenSSH in the iPhone
3. SSH login
SSH, short for Secure Shell, is a protocol that provides security for remote login. With SSH, all transmitted data can be encrypted, while man-in-the-middle attacks cannot be implemented, preventing DNS spoofing and IP spoofing.
In order for a Mac to remotely log in to an iPhone over SSH, the following conditions must be met:
-
The iPhone must first support SSH, which is to install OpenSSH as shown above.
- OpenSSH is a free open source implementation of THE SSH protocol.
-
SSH communicates over TCP, so make sure your Mac and iPhone are on the same LOCAL area network, such as WiFi.
SSH communication can be divided into three main stages:
- Establishing a Secure Connection
- Client Authentication
- The data transfer
3.1 Wifi Connection Login
3.1.1 Password Login
Use the account and password to authenticate
Enter on the Mac terminal
SSH account name @server host address (the server is a mobile phone)
Such as SSH [email protected]
Initial password alpine.
The login command is exit
3.1.2 Mobile phone Account
There are two common iOS accounts: root and Mobile
- Root: the account with the highest permission.$HOMEis
/var/root - Mobile: an account with common permissions. It can only operate some common files but cannot operate OS files.$HOMEis
/var/mobile
To log in to a mobile user, use:
SSH Mobile-@Host ADDRESS of the server
The initial login password for both root and mobile users is Alpine
$SSH [email protected] The Authenticity of host'192.168.1.11 (192.168.1.11)' can't be established. RSA key fingerprint is SHA256:/VKCM1drq2VtMPyWihuo40ZHNuGnR7XeASapaaGHEg4. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '192.168.1.11'(RSA) to the list of known hosts. [email protected]'s password:
ho:~ root# exit
logoutConnection to 192.168.1.11 closed.......Copy the code3.1.3 Changing a Password
Change the passwords of user root and mobile. After logging in to user root, run passwd and passwd mobile respectively.
ho:~ root# passwd
Changing password for root.
New password:
Retype new password:
Copy the code3.1.4 Login by Key
Password – free authentication is the most secure authentication method
By default, sSH-2 attempts key authentication first. If the authentication fails, sSH-2 attempts password authentication.
//-f force update, generate key pair, private key exists in Mac, $ssh-keygen -f ~/. SSH /id_ho_rsa // Copy the public key to the mobile phone $ssh-copy-id -i ~/. SSH /id_ho_rsa.pub [email protected]Copy the codeor
SSH /id_ho_rsa.pub root@ Server host ADDRESS: path $SCP ~/. SSH /id_ho_rsa.pub [email protected]:~ $mkdir. SSH $cat ~/id_ho_rsa.pub >> ~/.ssh/authorized_keys $ rm ~/id_ho_rsa.pubCopy the codeIf you still cannot access the file, modify the file permissions:
// Log in to iPhone ho:~ root# chmod go-w ~
ho:~ root# chmod 700 ~/.ssh
ho:~ root# chmod 600 ~/.ssh/authorized_keys
Copy the codeIf the iPhone serves as a server, the SSH configuration path is /etc/ssh/sshd_config. This parameter is not changed by default.
# Enable PermitRootLogin yes # Enable SSHD to check the permissions of the user's home directory or related files. # Enable SSHD to check the permissions of some important files. # Whether to allow users to log in using a pair of key systems, version 2 only. SSH /authorized_keys RSAAuthentication yes PubkeyAuthentication yes AuthorizedKeysFile .ssh/authorized_keys PasswordAuthentication noCopy the code3.2 Login through a USB Connection
Through WiFi transmission, one is unstable, the other is slow transmission speed, so we can connect through USB.
The PHONE’s USB port number is 22, so we need to connect the Mac to the phone and transfer data through port 22.
$brew install usbmuxd // map localhost port 10010 to port 22 $iProxy 10010 22Copy the codeOr by:
Download / / https://cgit.sukimashita.com/usbmuxd.git/snapshot/usbmuxd-1.0.8.tar.gz / / find the corresponding tcprelay. Py $python tcprelay. Py - t No 010Copy the codeNote the new window:
// Log in to iPhone, -p specifies Mac port $SSH root@localhost -p 10010Copy the codeNote when connecting via USB, SCP specifies the port to be specified with -p:
$ scp -P 10010 ~/.ssh/id_rsa.pub root@localhost:~/.ssh/
Copy the code3.3 Script Login
The script is here.
3.3.1 Listening port Script
bfios-usb.sh
echo 'Begin to connecting to iPhone USB port 22'
echo 'After conneted, login in 10010 port by ssh'
iproxy 10010 22
Copy the code3.3.2 Login script
bfios-login.sh
echo 'Login iPhone by ssh'
ssh root@localhost -p 10010
Copy the code3.3.3 Environment Variables
Change the above script permissions to executable files and refer them to the environment variable Path.
$ chmod +x ios-usb.sh
$ chmod +x ios-login.sh
Copy the code3.3.4 Logging In using a Script
Smoother operation
Connection:
Open a new window, login:
Fourth, the Vim
Vim is a ubiquitous text editor for Unix-like systems, including the iPhone. But you need to do some extra configuration.
4.1 installation
Install via Cydia.
4.2 Arrow Keys Are Incorrect
Arrow keys error. Press arrow keys to display ABCD
// Arrow keys are invalid $echo "set nocp">> ~/. Vimrc // If delete key is invalid $echo "set backspace=2" >> ~/.vimrc
$ source ~/.vimrc
Copy the code4.3 the code
Chinese garbled characters on iOS terminals are abnormal
Solution: Create a ~/.inputrc file with the following contents:
Set convert-meta off Allows Chinese characters to be output to the terminal set output-meta on Allows Chinese characters to be input to the terminal set meta-flag on set input-meta onCopy the codeFive, the screen
5.1 a VNC connection
- Veency plug-in
- Finder supports the VNC protocol. Open Finder and connect to the server. Enter VNC :// phone IP
- You can also use other VNC clients to connect,
Tips:
Remotix is recommended for the VNC client
Airserver 5.2
- Download Mac terminal, iPhone terminal;
- Open Mac terminal, open iPhone terminal, scan the TWO-DIMENSIONAL code of the computer;
- On the iPhone, open the control center, select AirPlay, select computer.
Reflector 3 software is similar.
Six, jailbreak problem
6.1 White Apple problem
When Cydia installs plug-ins or the system fails, the phone stays on Apple’s page after being restarted. Try the following:
6.1.1 scheme a
- In the case of a white Apple, press and hold the switch +home button to release the black screen, and then the machine will be shut down. Note: iPhone succeeded once, iPad Air please try several more times.
- Press POWER again, wait, it’s still a white apple
- Release the power and press volume plus and minus, either individually, then long press both together.
After a long press, the screen will go dark and enter the system normally, which is not safe mode, but all plug-ins are useless. Then enter Cydia to delete the conflicting plug-ins and restart the phone to enter the system normally!
The principle is mobile phone jailbreak, the installation of Cydia will generally automatically install MobileSubstrate this plug-in, boot startup, hold down the volume key “+”, will enter the state of not loading MobileSubstrate, You may consider this a pseudo-security state that does not load MobileSubstrate (MobileSubstrate must be updated to the latest version above 0.9.3997).
The software installed in Cydia mostly depends on this plug-in, do not load MobileSubstrate, is equivalent to the majority of the plug-in, you can delete the software causing white apple.
6.1.2 scheme ii
White apple
- Press startup + HOME to force a shutdown
- Press power on and the “+” key to power on. This is the default for not loading all cydia plug-ins.
- After the successful boot into the system, waiting, a long time to wait, ten minutes!
- Just go to Cydia and delete the conflicting mods.
Also 6.1.3 scheme three
If that doesn’t work, just swipe the official firmware and jailbreak is over.
reference
- PP assistant jailbreak system query
- MJ course