参考这文章
iOS Framework混淆/编译打包脚本(支持swift/oc/c++) - 简书
https://www.jianshu.com/p/be751f780d94
1 测试原版Demo
$ sh confuseAndBuild.sh
参数个数:0 参数值:
-e usage: ./confuseAndBuild.sh [-u|c|b|a]
-e -u
-e unconfuse: 清理工作,去混淆
-e -c
-e safeConfuse: 去混淆->备份->混淆
-e -b
-e buildAll: 编译生成通用framework
-e -a
-e safeConfuseAndBuild: 去混淆->备份->混淆->编译->去混淆
-e EXAMPLE:
-e ./confuseAndBuild.sh -u
下面尝试混淆代码
$ sh confuseAndBuild.sh -c
参数个数:1 参数值:-c
-e [info] clean start...
Not confuse yet!
-e [info] clean done
-e [info] backup all swift files
backup ./Framework/ConfuseFW.framework/Headers/ConfuseFW-Swift.h to ./Framework/ConfuseFW.framework/Headers/.ConfuseFW-Swift.h.bak
backup ./Framework/ConfuseFW.framework/Headers/ConfuseFW.h to ./Framework/ConfuseFW.framework/Headers/.ConfuseFW.h.bak
backup ./Example/Example/ViewController.swift to ./Example/Example/.ViewController.swift.bak
backup ./Example/Example/AppDelegate.swift to ./Example/Example/.AppDelegate.swift.bak
backup ./ConfuseFW/ConfuseClass.swift to ./ConfuseFW/.ConfuseClass.swift.bak
backup ./ConfuseFW/ConfuseFW.h to ./ConfuseFW/.ConfuseFW.h.bak
-e [info] confuse start...
private_var2 => WdxHoCRNEciQeqLA
private_cls => nIXdIrjgoXeTovvN
private_ConfuseClass2 => gPlqegDkjgNkkaLZ
private_ConfuseClass2 => gPlqegDkjgNkkaLZ
private_var2 => WdxHoCRNEciQeqLA
private_cls => nIXdIrjgoXeTovvN
private_ConfuseClass2 => gPlqegDkjgNkkaLZ
private_func2 => htkpkIcjJJiaVsWE
private_func2 => htkpkIcjJJiaVsWE
private_var2 => WdxHoCRNEciQeqLA
private_cls => nIXdIrjgoXeTovvN
private_ConfuseClass2 => gPlqegDkjgNkkaLZ
-e [info] confuse done
混淆成功。
混淆成功
撤销混淆
$ sh confuseAndBuild.sh -u
2 反编译framework
怎么查看framework?用class-dump、IDA。
尝试反编译计算器APP
class-dump -H /Applications/Calculator.app -o ~/Desktop/calculate\ heads
反编译CoreLocation.framework
$ class-dump -H /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/CoreLocation.framework -o ~/Desktop/CoreLocation
class-dump: Input file (/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/System/Library/Frameworks/CoreLocation.framework) doesn't contain an executable.
反编译AppKit.framework
class-dump /System/Library/Frameworks/AppKit.framework
尝试反编译demo的framework,用class-dump报错
$ class-dump -H code/xcode/iOSConfuse/Framework/ConfuseFW.framework -o ~/Desktop/confuse
2018-11-13 19:41:20.210 class-dump[20871:1234755] *** Assertion failure in -[CDObjectiveC2Processor loadIvarsAtAddress:], /Volumes/Lion/Users/nygard/Source/git/me/Tools/class-dump/Source/CDObjectiveC2Processor.m:411
2018-11-13 19:41:20.211 class-dump[20871:1234755] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'Invalid parameter not satisfying: [cursor offset] != 0'
*** First throw call stack:
(
0 CoreFoundation 0x00007fff2dcf400b __exceptionPreprocess + 171
1 libobjc.A.dylib 0x00007fff548e8c76 objc_exception_throw + 48
2 CoreFoundation 0x00007fff2dcf9da2 +[NSException raise:format:arguments:] + 98
3 Foundation 0x00007fff2fe06260 -[NSAssertionHandler handleFailureInMethod:object:file:lineNumber:description:] + 193
4 class-dump 0x000000010a0d0f96 class-dump + 159638
5 class-dump 0x000000010a0cfdd0 class-dump + 155088
6 class-dump 0x000000010a0ce4fc class-dump + 148732
7 class-dump 0x000000010a0cbabf class-dump + 137919
8 class-dump 0x000000010a0abc19 class-dump + 7193
9 class-dump 0x000000010a0bb80b class-dump + 71691
10 libdyld.dylib 0x00007fff554d8115 start + 1
)
libc++abi.dylib: terminating with uncaught exception of type NSException
Abort trap: 6
改用IDA反编译framework,显示func2被混淆了。
func2混淆后
反编译func2混淆前
反编译fun2混淆后
3 TODO
- 下面学打framework包。
- 有空要学一下Scheme。
- 怎么在Xcode运行脚本?
END
参考
class-dump的安装和使用 - 简书
https://www.jianshu.com/p/1e3fe0a8c048
网友评论