设为首页收藏本站
开启辅助访问
iOS非越狱注入插件 您所在的位置:网站首页 下载的视频格式不对怎么办 iOS非越狱注入插件

iOS非越狱注入插件

2023-09-14 08:35| 来源: 网络整理| 查看: 265

准备工作

这里我们以QQ App来举例,这里需要注入的是我自己写的一个QQPlus这个插件; 首先我们需要准备以下文件:

. ├── CydiaSubstrate ├── QQ.ipa ├── QQPlus.dylib ├── QQPlusSetting.bundle │ ├── Root.plist │ ├── en.lproj │ │ └── Root.strings │ └── interface.json ├── blank.caf ├── cy.csv └── libsubstitute.0.dylib CydiaSubstrate: 从越狱手机目录/Library/Frameworks/CydiaSubstrate.framework/CydiaSubstrate拷贝出来 libsubstitute.0.dylib: CydiaSubstrate依赖文件, 从越狱手机目录/usr/lib/libsubstitute.0.dylib拷贝出来 QQ.ipa: 一个砸壳后的ipa文件, 如果没有砸壳则无法进行以下操作, 可以使用otool验证是否加壳 QQPlus.dylib: 需要注入的插件(确保可用) QQPlusSetting.bundle: QQPlus.dylib插件需要依赖文件 blank.caf: QQPlus.dylib插件需要依赖文件 cy.csv: QQPlus.dylib插件需要依赖文件 开始注入 首先我们把QQ.ipa包解压(ipa就是个压缩包, 直接解压或者使用命令解压都可) unzip QQ.ipa

解压完成后我们先确认包是否加密, 使用otool命令

cd Payload/QQ.app/ otool -l QQ | grep crypt

输入以上命令后输出

cryptoff 28672 cryptsize 4096 cryptid 0

这里cryptid为0则为未加密, 确认了未加密后我们就可以开始注入了;

把CydiaSubstrate改名为libsubstrate.dylib然后将以下文件拷贝至/Payload/QQ.app/Frameworks目录 libsubstrate.dylib libsubstitute.0.dylib QQPlus.dylib 修改libsubstrate.dylib依赖文件 因为libsubstrate.dylib是从越狱手机上拷贝出来的, 他的一个依赖文件ibsubstitute.0.dylib的路径是/usr/lib/libsubstitute.0.dylib, 我们需要将他修改到Frameworks目录下, 否则会闪退, 使用otool命令查看: aria@shenqiHyaliyadeMacBook-Pro  ~/Desktop/remake/QQ  otool -L libSubstrate.dylib libSubstrate.dylib (architecture arm64): /usr/lib/libsubstrate.dylib (compatibility version 0.0.0, current version 0.0.0) /usr/lib/libsubstitute.0.dylib (compatibility version 0.0.0, current version 0.0.0) /usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1252.0.0) CydiaSubstrate (architecture arm64e): /usr/lib/libsubstrate.dylib (compatibility version 0.0.0, current version 0.0.0) /usr/lib/libsubstitute.0.dylib (compatibility version 0.0.0, current version 0.0.0) /usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1252.0.0)

可以看到倒数第三个依赖, 我们需要使用install_name_tool命令修改他

install_name_tool -change "/usr/lib/libsubstitute.0.dylib" "@executable_path/Frameworks/libsubstitute.0.dylib" libSubstrate.dylib

然后再次使用otool命令查看是否修改成功

aria@shenqiHyaliyadeMacBook-Pro  ~/Desktop/remake/QQ  otool -L libSubstrate.dylib libSubstrate.dylib (architecture arm64): /usr/lib/libsubstrate.dylib (compatibility version 0.0.0, current version 0.0.0) @executable_path/Frameworks/libsubstitute.0.dylib (compatibility version 0.0.0, current version 0.0.0) /usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1252.0.0) libSubstrate.dylib (architecture arm64e): /usr/lib/libsubstrate.dylib (compatibility version 0.0.0, current version 0.0.0) @executable_path/Frameworks/libsubstitute.0.dylib (compatibility version 0.0.0, current version 0.0.0) /usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1252.0.0)

这里可以看到已经把/usr/lib/libsubstitute.0.dylib已经被修改为@executable_path/Frameworks/libsubstitute.0.dylib

修改QQPlus.dylib插件依赖 因为是越狱插件, 所以他的依赖是/Library/Frameworks/CydiaSubstrate.framework/CydiaSubstrate, 但是在非越狱手机上是肯定没有这个依赖的, 所以我们一样需要对他进行修改, 用otool命令查看依赖 aria@shenqiHyaliyadeMacBook-Pro  ~/Desktop/remake/QQ  otool -L QQPlus.dylib QQPlus.dylib: /Library/MobileSubstrate/DynamicLibraries/QQPlus.dylib (compatibility version 1.0.0, current version 1.0.0) /System/Library/Frameworks/CoreGraphics.framework/CoreGraphics (compatibility version 64.0.0, current version 1355.22.0) /System/Library/Frameworks/Foundation.framework/Foundation (compatibility version 300.0.0, current version 1677.104.0) /System/Library/Frameworks/MobileCoreServices.framework/MobileCoreServices (compatibility version 1.0.0, current version 1069.25.0) /System/Library/Frameworks/QuartzCore.framework/QuartzCore (compatibility version 1.2.0, current version 1.11.0) /System/Library/Frameworks/Security.framework/Security (compatibility version 1.0.0, current version 59306.142.1) /System/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration (compatibility version 1.0.0, current version 1061.140.1) /System/Library/Frameworks/UIKit.framework/UIKit (compatibility version 1.0.0, current version 61000.0.0) /Library/Frameworks/CydiaSubstrate.framework/CydiaSubstrate (compatibility version 0.0.0, current version 0.0.0) /usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0) /usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 902.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1281.100.1) /System/Library/Frameworks/AVFoundation.framework/AVFoundation (compatibility version 1.0.0, current version 2.0.0) /System/Library/Frameworks/CFNetwork.framework/CFNetwork (compatibility version 1.0.0, current version 0.0.0) /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation (compatibility version 150.0.0, current version 1677.104.0) /System/Library/Frameworks/CoreTelephony.framework/CoreTelephony (compatibility version 1.0.0, current version 0.0.0)

这里可以很清楚的看到一个依赖/Library/Frameworks/CydiaSubstrate.framework/CydiaSubstrate, 同样我们需要使用install_name_tool命令修改他把他修改到Frameworks目录下的libSubstrate.dylib

install_name_tool -change "/Library/Frameworks/CydiaSubstrate.framework/CydiaSubstrate" "@executable_path/Frameworks/libSubstrate.dylib" QQPlus.dylib

再使用otool命令查看是否成功修改依赖

aria@shenqiHyaliyadeMacBook-Pro  ~/Desktop/remake/QQ  otool -L QQPlus.dylib QQPlus.dylib: /Library/MobileSubstrate/DynamicLibraries/QQPlus.dylib (compatibility version 1.0.0, current version 1.0.0) /System/Library/Frameworks/CoreGraphics.framework/CoreGraphics (compatibility version 64.0.0, current version 1355.22.0) /System/Library/Frameworks/Foundation.framework/Foundation (compatibility version 300.0.0, current version 1677.104.0) /System/Library/Frameworks/MobileCoreServices.framework/MobileCoreServices (compatibility version 1.0.0, current version 1069.25.0) /System/Library/Frameworks/QuartzCore.framework/QuartzCore (compatibility version 1.2.0, current version 1.11.0) /System/Library/Frameworks/Security.framework/Security (compatibility version 1.0.0, current version 59306.142.1) /System/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration (compatibility version 1.0.0, current version 1061.140.1) /System/Library/Frameworks/UIKit.framework/UIKit (compatibility version 1.0.0, current version 61000.0.0) @executable_path/Frameworks/libSubstrate.dylib (compatibility version 0.0.0, current version 0.0.0) /usr/lib/libobjc.A.dylib (compatibility version 1.0.0, current version 228.0.0) /usr/lib/libc++.1.dylib (compatibility version 1.0.0, current version 902.0.0) /usr/lib/libSystem.B.dylib (compatibility version 1.0.0, current version 1281.100.1) /System/Library/Frameworks/AVFoundation.framework/AVFoundation (compatibility version 1.0.0, current version 2.0.0) /System/Library/Frameworks/CFNetwork.framework/CFNetwork (compatibility version 1.0.0, current version 0.0.0) /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation (compatibility version 150.0.0, current version 1677.104.0) /System/Library/Frameworks/CoreTelephony.framework/CoreTelephony (compatibility version 1.0.0, current version 0.0.0)

这里可以看到依赖已经被修改为@executable_path/Frameworks/libSubstrate.dylib

拷贝QQPlus.dylib依赖文件到QQ.app根目录下(如果插件没有依赖文件则不需要此步骤, 由于我自己写的QQPlus.dylib需要依赖blank.caf、cy.csv、QQPlusSetting.bundle这三个文件, 所以需要一起拷贝进去)

修改QQ主程序, 插入Load Commands, 使用optool或者insert_dylib都行, 这里以optool进行操作:

aria@shenqiHyaliyadeMacBook-Pro  ~/Desktop/remake/QQ/Payload/QQ.app  optool install -c load -p "@executable_path/Frameworks/QQPlus.dylib" -t QQ Found thin header... Inserting a LC_LOAD_DYLIB command for architecture: arm64 Successfully inserted a LC_LOAD_DYLIB command for arm64 Writing executable to QQ...

再次使用otool命令查看是否注入成功

aria@shenqiHyaliyadeMacBook-Pro  ~/Desktop/remake/QQ/Payload/QQ.app  otool -L QQ QQ: @rpath/QQMainProject.framework/QQMainProject (compatibility version 1.0.0, current version 1.0.0) ... @executable_path/Frameworks/QQPlus.dylib (compatibility version 0.0.0, current version 0.0.0)

这里可以看到我们已经插入了@executable_path/Frameworks/QQPlus.dylib

打包QQ.ipa, 使用zip命令 zip -ry target.ipa Payload

重新签名安装 由于修改了包内容, 所以需要重新签名, 签名可以参考其他文章或者使用第三方软件; 安装成功后插件成功被加载, 效果如下:

IMG_3364.PNG Support

个人Cydia源: https://moxcomic.github.io QQ交流群: 821196802



【本文地址】

公司简介

联系我们

今日新闻

    推荐新闻

    专题文章
      CopyRight 2018-2019 实验室设备网 版权所有