破解从 AppStore 下载的 IPA
2024-05-15 16:00:18
破解从 AppStore 下载的 IPA 主要包括如下步骤:
1、去除可执行文件中的加密数据。
2、重新签名打包。
可以参考:http://tungchingkai.blogspot.com/2009/02/how-to-decrypt-iphone-ipa-file.html
如上的文章中附了一个 shell 脚本文件可以方便破解。
这个脚本文件的使用方法是:
1、通过 scp 或者其他工具,将 DCrypt.sh 拷贝到越狱设备上。
2、给文件增加可执行权限:chmod +x ./DCrypt.sh
3、执行破解:./DCrypt.sh UCBrowserHD
但是文章中附的 DCrypt.sh 比较老,
在最新的越狱系统下执行会出错,出错点:
1、plutil 的参数发生了变化。
2、gdb 断点位置需要改变,在 *0x2000 出断点会导出 gdb 出错,无法完成内存 dump。
针对如上问题,对这个工具进行了修改(https://gist.github.com/Proteas/4720822),亲测可用:
#!/bin/sh
#
# DeCrypt - v1.2 (2013-02-05)
# - v1.1 (2008-10-21)
# - v1.2 (2013-02-05)
# FloydianSlip, Proteas
#
# Heavily based on xcrack
#
# Many thanks to:
# puy0, SaladFork, Flox, Flawless
#echo "DeCrypt 1.2 (2013-02-05)"
echo "FloydianSlip, Proteas"
echoif [ ! -e /usr/bin/plutil ]; then
echo "Cannot find plutil (apt-get install com.ericasadun.utilities)"
exit 1
fiif [ ! -e /usr/bin/gdb ]; then
echo "Cannot find gdb (apt-get install gdb)"
exit 1
fiif [ ! -e /usr/bin/otool ]; then
echo "Cannot find otool (apt-get install odcctools)"
exit 1
fiif [ ! -e /usr/bin/ldid ]; then
echo "Cannot find otool (apt-get install ldid)"
exit 1
fiif [ ! -e /usr/bin/awk ]; thenecho "Cannot find awk (apt-get install gawk)"exit 1
fiif [ ! -e /usr/bin/zip ]; thenecho "Cannot find zip (apt-get install zip)"exit 1
fiif [ $# -ne 1 ]; then
echo "Usage: $(basename $0) <ApplicationName>"
echo
exit 1
fiAppInput=$1if [ -d "$AppInput" ]; thentempLoc=$AppInput
else
echo "Locating $AppInput"
tempLoc=$(find /var/mobile/Applications -iname "$AppInput.app")
if [ -z "$tempLoc" ]; thenecho "Unable to locate $AppInput"exit 1
fi
AppCount=$(find /var/mobile/Applications -iname "$AppInput.app" | wc -l)
if [ $AppCount -gt 1 ]; thenecho "Found two installation directories:"find /var/mobile/Applications -iname "$AppInput.app"exit 1
fi
fiAppPath=$(dirname "$tempLoc")
AppName=$(basename "$tempLoc")
AppExec=$(plutil -key CFBundleExecutable "$tempLoc/Info.plist")
AppVer=$(plutil -key CFBundleVersion "$tempLoc/Info.plist")
AppDisplayName=$(plutil -key CFBundleDisplayName "$tempLoc/Info.plist")if [ ! -d "$AppPath" ]; then
echo "Unable to locate original installation directory"
exit 1
fiif [ ! -d "$AppPath/$AppName" ]; then
echo "Unable to locate .app directory"
exit 1
fiif [ ! -e "$AppPath/$AppName/$AppExec" ]; then
echo "Unable to locate executable"
exit 1
fiecho "Found $AppName"echo "Creating directories"
WorkDir="/tmp/DecryptApp-$(date +%Y%m%d-%H%M%S)"
NewAppDir="$HOME/Documents/Decrypted"if [ -e "$WorkDir" ]; then
rm -rf "$WorkDir"
fimkdir -p "$WorkDir"if [ ! -e "$NewAppDir" ]; then
mkdir -p "$NewAppDir"
fiif [ ! -d "$WorkDir" -o ! -d "$NewAppDir" ]; then
echo "Unable to create Directories"
exit 1
fiecho "Copying application files"cp -a "$AppPath/$AppName/" "$WorkDir/"if [ ! -e "$WorkDir/$AppName/$AppExec" ]; then
echo "Unable to copy application files"
rm -fr "$WorkDir"
exit 1
fiecho "Analyzing application"CryptID=$(otool -l "$WorkDir/$AppName/$AppExec" | grep cryptid | awk '{print $2}')
if [ $CryptID -ne "1" ]; then
echo "Application is not encrypted"
rm -fr "$WorkDir"
exit 1
fiCryptSize=$(otool -l "$WorkDir/$AppName/$AppExec" | grep cryptsize | awk '{print $2}')
if [ ! $CryptSize ]; then
echo "Unable to find CryptSize"
rm -fr "$WorkDir"
exit 1
fiCryptOff=$(otool -l "$WorkDir/$AppName/$AppExec" | grep cryptoff | awk '{print $2}')
if [ ! $CryptOff ]; thenecho "Unable to find CryptOff"rm -fr "$WorkDir"
exit 1
fiecho "Locating and patching CryptID"# "/System/Library/Frameworks" in hex
PathAsHex="2f53797374656d2f4c6962726172792f4672616d65776f726b73"# - Convert to hex on 1 long line, only take stuff before the path string,
# - Convert to 1 byte set per line, find 0x01 (line number is offset in the real file),
# - Strip newlines, reverse the order
oneLocations=($(od -A n -t x1 -v "$WorkDir/$AppName/$AppExec" | \
tr -d ' ','\n' | \
sed "s/$PathAsHex.*\$//" | \
sed "s/../&\n/g" | \
grep -n -s 01 | \
cut -d : -f 1 | \
sort -nr | \
tr "\n" " "))for TryOffset in "${oneLocations[@]}"; do
cp -a "$WorkDir/$AppName/$AppExec" "$WorkDir/$AppName/$AppExec.trying"
foo=$(echo -ne "\x00" | dd bs=1 seek=$((TryOffset - 1)) conv=notrunc status=noxfer of="$WorkDir/$AppName/$AppExec.trying" 2>&1> /dev/null)
cid=$(otool -l "$WorkDir/$AppName/$AppExec.trying" | grep cryptid | awk '{print $2}')
if [ $cid -eq 0 ]; thenbreak
fi
rm "$WorkDir/$AppName/$AppExec.trying"
doneif [ ! -e "$WorkDir/$AppName/$AppExec.trying" ]; then
echo "Unable to find CryptID"
rm -fr "$WorkDir"
exit 1
fimv "$WorkDir/$AppName/$AppExec.trying" "$WorkDir/$AppName/$AppExec"echo "Dumping unencrypted data from application"echo -e "set breakpoint pending on\r\n
break \"UIApplicationMain\"\r\n
commands 1\r\n\
dump memory $WorkDir/dump.bin 0x2000 $(($CryptSize + 0x2000))\r\n\
kill\r\n\
quit\r\n\
end\r\n\
start" > $WorkDir/batch.gdbfoo=$(gdb -q -e "$AppPath/$AppName/$AppExec" -x $WorkDir/batch.gdb -batch 2>&1> /dev/null)rm $WorkDir/batch.gdbecho "Verifiying data dump"DumpSize=$(stat -c%s "$WorkDir/dump.bin")
if [ "$DumpSize" != "$CryptSize" ]; then
echo "Memory dump is not the right size or does not exist"
rm -fr "$WorkDir"
exit 1
fiecho "Replacing encrypted data with data dump"
foo=$(dd seek=4096 bs=1 conv=notrunc if="$WorkDir/dump.bin" of="$WorkDir/$AppName/$AppExec" 2>&1> /dev/null)
rm "$WorkDir/dump.bin"
echo "Signing the application"
foo=$(ldid -s "$WorkDir/$AppName/$AppExec" 2>&1> /dev/null)
plutil -key 'SignerIdentity' -value 'Apple iPhone OS Application Signing' "$WorkDir/$AppName/Info.plist" 2>&1> /dev/nullif [ -e "$WorkDir/$AppName/SC_Info" ]; then
echo "Removing SC_Info"
rm -fr "$WorkDir/$AppName/SC_Info"
fiif [ -e "$WorkDir/$AppName/_CodeSignature" ]; then
echo "Removing _CodeSignature"
rm -fr "$WorkDir/$AppName/_CodeSignature"
fiif [ -h "$WorkDir/$AppName/CodeResources" ]; then
echo "Removing CodeResources"
rm -fr "$WorkDir/$AppName/CodeResources"
fiif [ -e "$WorkDir/$AppName/ResourceRules.plist" ]; then
echo "Removing ResourceRules.plist"
rm -fr "$WorkDir/$AppName/ResourceRules.plist"
fiecho "Building .ipa"mkdir -p "$WorkDir/Payload"
if [ ! -e "$WorkDir/Payload" ]; then
echo "Failed to create Payload directory"
rm -fr "$WorkDir"
exit 1
fi
mv "$WorkDir/$AppName" "$WorkDir/Payload/"echo "Copying iTunesArtwork"if [ -e "$AppPath/iTunesArtwork" ]; then
cp -a "$AppPath/iTunesArtwork" "$WorkDir/"
else
echo "Unable to find iTunesArtwork"
fiecho "Compressing the .ipa"
IPAName=$NewAppDir/$(echo $AppName | sed -e "s: :_:g")-v$AppVer.ipa
cd "$WorkDir"
zip -m -r "$IPAName" * 2>&1> /dev/null
cd - 2>&1> /dev/null
if [ ! -e "$IPAName" ]; then
echo "Failed to compress the .ipa"
rm -fr "$WorkDir"
exit 1
fiecho "Removing temporary files"
rm -rf "$WorkDir"echo "Done"
echo "Created decrypted .ipa at $IPAName"破解从 AppStore 下载的 IPA相关推荐
- MarkdownPad 汉化破解(含下载地址)
转自 http://jingyan.baidu.com/article/ca41422fe209271eaf99ed7c.html MarkdownPad是一个全功能Markdown编辑器的Windo ...
- PowerDesigner 15及破解补丁_PowerDesigner 12.5及破解补丁_PowerDesigner破解版_PowerDesigner下载
PowerDesign是Sybase推出的主打数据库设计工具.PowerDesign致力于采用基于Entiry-Relation的数据模型,分别从概念数据模型(Conceptual Data Mode ...
- For macOS.百度网盘 破解SVIP、下载速度限制~
For macOS.百度网盘 破解SVIP.下载速度限制~ 是插件的 https://github.com/CodeTips/BaiduNetdiskPlugin-macOS 2019-01-03 让 ...
- Navicat软件及破解工具 | 免费下载
Navicat软件及破解工具 免费下载: https://download.csdn.net/download/qq_25112523/10638290
- 官方 AppStore 下载的 OS X 10.11.6 El Capitan 制作 iso 镜像
文件准备 官方 AppStore 下载 OS X 10.11.6 EI Capitan 安装镜像 如果是从第三方网站下载的 Install OS X El Capitan 10.11.6 (15G31 ...
- 金融帝国2(Capitalism.Lab)完美破解修复版下载
重大消息:<金融帝国2>(Capitalism 2: Capitalism Lab)自动存档BUG已经完美修复 金融帝国2(Capitalism.Lab)完美破解修复版下载 中文名称: 金 ...
- Sandboxie沙盘3.38Final多国语言破解版免费下载
沙盘英文名sandbox,也叫沙箱,顾名思义可以看做是一种容器,里面所做的一切都可以推倒重来,军事上常用沙盘来进行一些战争区域的地形模拟,这个你见过吧?不用了可以把沙子推平重来. 我们所说的沙盘是一种 ...
- 苹果商店appstore下载应用时,总是重复验证付款信息,如何解决?
着急看解决方案的人,可以直接看帖子最下方 最近可能苹果服务不稳定,我在appstore下载应用总是提示"需要验证" 好吧,填一下验证信息,我是用银联支付,绑定的信用卡 验证完成后提 ...
- sourceinsight4.0破解教程及下载
sourceinsight4.0破解教程及下载 下载地址:http://download.csdn.net/download/zerolity/10048139 1.解压sourceinsihgt4. ...
最新文章
- java获取jsp 组件,利用Observer模式解决组件间通信问题-JSP教程,Java技巧及代码
- 函数式编程语言python-写 Python 代码不可不知的函数式编程技术
- [机器学习] Coursera ML笔记 - 逻辑回归(Logistic Regression)
- CSU 1081集训队分组(搜索)
- .net5或.net6(Preview) 之 顶级语句
- php 合并两个数组并去重,合并两个数组 以KEY 作为键
- linux vnc 改端口号,基于Linux中vnc配置端口号的修改方法
- OpenCV傅立叶变换
- ASP.NET MVC中,通用的异常处理
- 微信小程序 canvas API
- dbfs和dbm的换算_dBm和dBV是怎么换算的,最好是有公式,还有是dBm,dBV,dBA,dB是什么单位?...
- WINDOWS2008 SERVER服务器上网实战
- PCIe学习(一):PCIe基础及生成PIO例程分析
- HTML将广告关闭的JS代码,JS实现可点击展开与关闭的左侧广告代码,js代码
- getMonth()方法
- python的十句名言_“洗 脑”最厉害的10句名言!经典!
- android多个下拉控件,Android实现支持所有View的通用的下拉刷新控件
- 计算机软件定时运行,win10系统设置定时运行指定软件的详细方案
- RRT、RRT-connect、RRT*等算法、A*等等路径规划算法
- Python怎么识别文字?正确的方法详解