dumpdecrypted in LLDB

Just saw this on @everttjf blog, and according to the literature, iOS Hacking Guide, to dump the decrypted binary via LLDB is rather simple.

You just need a jailbreak device with debugserver running on it, and the cryptsize, cryptoff of that executable file. You may use otool to retrieve the cryptsize, cryptoff. That's all.


Let's take Ingress for example. connect to the debugserver in LLDB

(lldb) platform select remote-ios
(lldb) process connect connect://HOST:PORT
(lldb) command script import /PATH/TO/THE/dumpdecrypted.py
(lldb) dumpdecrypted -i Ingress -o /Users/BlueCocoa/Ingress_dumpdecrypted

If in doubt, please enter

(lldb) help dumpdecrypted

This LLDB script is on my GitHub, BlueCocoa/dumpdecrypted-lldb.

声明: 本文为0xBBC原创, 转载注明出处喵~

Leave a Reply

Your email address will not be published. Required fields are marked *