dumpdecrypted in LLDB

Just saw this on @everttjf blog, and according to the literature, iOS Hacking Guide, to dump the decrypted binary via LLDB is rather simple.

You just need a jailbreak device with debugserver running on it, and the cryptsize, cryptoff of that executable file. You may use otool to retrieve the cryptsize, cryptoff. That's all.

dumpdecrypted-lldb
dumpdecrypted-lldb

Let's take Ingress for example. connect to the debugserver in LLDB

(lldb) platform select remote-ios
(lldb) process connect connect://HOST:PORT
(lldb) command script import /PATH/TO/THE/dumpdecrypted.py
(lldb) dumpdecrypted -i Ingress -o /Users/BlueCocoa/Ingress_dumpdecrypted

If in doubt, please enter

(lldb) help dumpdecrypted

This LLDB script is on my GitHub, BlueCocoa/dumpdecrypted-lldb.

声明: 本文为0xBBC原创, 转载注明出处喵~

发表评论

电子邮件地址不会被公开。 必填项已用*标注