ios 动调入门

Posted on

PREFACE:lldb 动调入门

首先手机上需要 lldb server,用 xcode 调过以后会自动有一个 debugserver(在 /Developer/usr/bin/debugserver ),需要拿出来签名,一般是放在 /usr/bin 下面(原 lldb server)

# 签名

ios 12 需要修:https://github.com/pwn20wndstuff/Undecimus/issues/531(报错:无法 bind,控制台输出沙箱没给权限)

正常情况下调试需要增加这三个字段:

    <key>get-task-allow</key>
    <true/>
    <key>task_for_pid-allow</key>
    <true/>
    <key>platform-application</key>
    <true/>

总的

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>com.apple.springboard.debugapplications</key>
    <true/>
    <key>com.apple.backboardd.launchapplications</key>
    <true/>
    <key>com.apple.backboardd.debugapplications</key>
    <true/>
    <key>com.apple.frontboard.launchapplications</key>
    <true/>
    <key>com.apple.frontboard.debugapplications</key>
    <true/>
    <key>com.apple.diagnosticd.diagnostic</key>
    <true/>
    <key>com.apple.security.network.server</key>
    <true/>
    <key>com.apple.security.network.client</key>
    <true/>
    <key>com.apple.private.memorystatus</key>
    <true/>
    <key>com.apple.private.cs.debugger</key>
    <true/>
    <key>get-task-allow</key>
    <true/>
    <key>task_for_pid-allow</key>
    <true/>
    <key>platform-application</key>
    <true/>
</dict>
</plist>

传文件建议使用 scp

# 运行

使用通配符 * 可能会出现 bug

  • 启动应用:

    debugserver 127.0.0.1:1234 /var/containers/Bundle/Application/B1A257AC-7E38-4131-8A72-6DE17F9C2C61/Aweme.app

  • 监听:

    debugserver 127.0.0.1:1234

  • 远程调试

    process connect connect://127.0.0.1:1234