cycript使用方法

1. Basics $ ssh root@IP_ADDRESS $ cycript -p APPNAME // Dump all classes cy# ObjectiveC.classes 2. 枚举现时controller的view // display output nicely $ ?expand $ [[UIApp keyWindow] recursiveDescription] Update 6 Nov 2017: 枚举Current View $ [[[UIWindow keyWindow] rootViewController] _printHierarchy].toString() 3. 获取现时View的controller 方法1: visibleViewController cy# UIApp.keyWindow.rootViewController.visibleViewController 方法2: nextResponder // Using the “nextResponder” ObjectiveC…

Andreas Kurtz - Pentesting iOS Apps, Runtime Analysis and Manipulation

Watch on YouTube Pentesting iOS Apps - Runtime Analysis and Manipulation from Andreas Kurtz 后半部分介绍snoop-it. NIN: 可惜snoop-it 不支持64bit. objc fundermental Runtime Injection的原理 两种方式 Example - Mobile Substrate Example - cycript # cycript -p <pid> cy# [[UIDevice currentDevice] uniqueIdentifier]; @"xxxxxxxxxxxxx" cy# UIDevice.messages['uniqueIdentifier'] = function(){ return @"RUB&…