iOS Reverse Engineering Part One: Configuring LLDB
来源:互联网 发布:微星cpu超频软件 编辑:程序博客网 时间:2024/05/20 19:18
转载:http://versprite.com/og/ios-reverse-engineering-part-one-configuring-lldb/
Overview
This is the first part in a series where we will show you how to configure an environment and learn the basics for reverse engineering iOS applications. In this series we are using a jailbroken iPhone 4, running iOS 7.1.2.
Configuring LLDB
LLDB is the default debugger in Xcode and supports debugging Objective-C on iOS devices and the iOS simulator. If you don’t already have it, you will need to download and install Xcode ->https://developer.apple.com/xcode/downloads/
The next thing we will need is debugserver
, which allows for remote debugging through GDB or LLDB. We can grab this from the DeveloperDiskImage
.
hdiutil attach /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/8.0\ \(12A365\)/DeveloperDiskImage.dmg
cp /Volumes/DeveloperDiskImage/usr/bin/debugserver /Users/rotlogix/
Now we need to create an entitlements.plist in order to sign the debugserver application before moving it over to our device. For those who are unfamiliar with entitlements, they essentially assist in granting additional permissions to an application. Apple’s developer resources describe them as effectively extending the sandbox and capabilities of the designated application to allow a particular operation to occur.
Our entitlements.plist should look something like this:
<?
xml
version
=
"1.0"
encoding
=
"UTF-8"
?>
<!
DOCTYPE
plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/ PropertyList-1.0.dtd">
<
plist
version
=
"1.0"
>
<
dict
>
<
key
>com.apple.springboard.debugapplications</
key
> <
true
/>
<
key
>run-unsigned-code</
key
>
<
true
/>
<
key
>get-task-allow</
key
>
<
true
/>
<
key
>task_for_pid-allow</
key
>
<
true
/>
</
dict
>
</
plist
>
We can now use this to sign debugserver:
codesign -s - --entitlements entitlements.plist -f debugserver
After this has been completed, copy debugserver over to your jailbroken iDevice. Lets test whether or not everything is working by attaching to Damn Vulnerable iOS App.
Now load up LLDB in another console.
(lldb) platform select remote-ios
(lldb) process connect connect://192.168.0.8:6666
Finally for symbolicating, which LLDB supports extremely well, we want to load the symbols from the binary into LLDB. This will help us set breakpoints on specific Objective-C methods within the application that we are debugging.
(lldb) target create --arch arm /Users/rotlogix/Downloads/Payload/DamnVulnerableIOSApp.app/DamnVulnerableIOSApp
Current executable set to '/Users/rotlogix/Downloads/Payload/DamnVulnerableIOSApp.app/DamnVulnerableIOSApp' (armv7).
(lldb) b -[InsecureDataStorageVulnVC saveInPlistFileTapped:]
Breakpoint 1: where = DamnVulnerableIOSApp`-[InsecureDataStorageVulnVC saveInPlistFileTapped:], address = 0x00012c2c
Every seems to be working, and now we are ready to start debugging! If you are already familiar with gdb, there is a great resource that maps GDB commands to the LLDB equivalent ->http://lldb.llvm.org/lldb-gdb.html. In part two we will walk the through the basics of using LLDB to debug the Damn Vulnerable iOS Application.
- iOS Reverse Engineering Part One: Configuring LLDB
- Tutorial: iOS Reverse Engineering Part I: LLDB
- Tutorial: iOS Reverse Engineering Part II: class-dump & Hopper
- iOS Reverse Engineering Resources
- iOS Reverse Engineering Resources
- 初识ios Reverse engineering
- Android Reverse Engineering 101 – Part 1
- Part 1 – Reverse engineering using Androguard
- Reverse engineering
- On Software Reverse Engineering
- linux reverse code engineering
- Reverse-Engineering Malware
- Reverse engineering DotNetNuke skin
- Reverse Engineering with LD_PRELOAD
- Hibernate Reverse Engineering 向导
- Together Reverse-Engineering
- Reverse Engineering 启航~
- what is reverse engineering
- 同步异步理解
- 每周学一点 egret(6):抽离Exml对象id声明
- Java多线程基础
- 多线程 锁
- 选择排序---直接选择排序算法(Javascript版)
- iOS Reverse Engineering Part One: Configuring LLDB
- 如何解决Ubuntu终端里面显示路径名称太长
- linux sed命令详解
- ios图形上下文CGContext
- 安装搜狗输入法
- MFC 控件变量数据交换
- 选择排序---堆排序算法(Javascript版)
- Xamarin.Ios 下拉菜单,多选,键盘弹出功能
- Scaler算法小结