# adcpp-ios-dump **Repository Path**: geekneo/adcpp-ios-dump ## Basic Information - **Project Name**: adcpp-ios-dump - **Description**: 一键Dump iOS加密MachO至A64Dbg与之对应的缓存目录。 - **Primary Language**: C++ - **License**: MIT - **Default Branch**: master - **Homepage**: None - **GVP Project**: No ## Statistics - **Stars**: 6 - **Forks**: 2 - **Created**: 2021-09-16 - **Last Updated**: 2023-10-22 ## Categories & Tags **Categories**: Uncategorized **Tags**: None ## README # adcpp-ios-dump #### 介绍 一键Dump iOS加密MachO至A64Dbg与之对应的缓存目录,[源码解读在这里](https://mp.weixin.qq.com/s/ckJ6kyA39WAFMfY9pQ2Exw)。 #### 软件架构 adcpp-ios-dump.py : A64Dbg插件主程序,用于人机交互; adcpp-ios-dump.adc : A64Dbg插件附加程序,用于Dump加密的MachO,它是由主程序发送至目标iOS进程中的Payload程序; adcpp-ios-dump.mm : A64Dbg插件附加程序源代码,用于macOS平台开发者模式修改adcpp-ios-dump.mm的实现逻辑; #### 安装教程 将adcpp-ios-dump.py、adcpp-ios-dump.adc拷贝至A64Dbg插件目录,然后重启A64Dbg即可。 macOS/Linux目录为: ``` ~/A64Dbg/plugin ``` Windows目录为: ``` SysDrive:\Users\~\A64Dbg\plugin ``` #### 使用说明 1.将A64Dbg调试模式设置为Remote UraniumVM iOS; 2.Attach要砸壳的目标进程; 3.执行主菜单Plugins/adcpp-ios-dump,然后就可以在A64Dbg缓存目录得到对应解密后的MachO文件; ```assembly adcpp_ios_dump : Start dumping process 1162 (Build Oct 9 2021 14:58:25). adcpp_ios_dump : Suspending task thread 00000303 with kernel result 0. adcpp_ios_dump : Suspending task thread 0000300b with kernel result 0. adcpp_ios_dump : Suspending task thread 00003203 with kernel result 0. adcpp_ios_dump : Suspending task thread 0000a03b with kernel result 0. adcpp_ios_dump : Suspending task thread 00005903 with kernel result 0. adcpp_ios_dump : Ignored adcpp thread 00010107. adcpp_ios_dump : Dumping /var/containers/Bundle/Application/6155B008-47B9-4660-857D-D0CC77A52838/iOSApp.app/iOSApp. adcpp_ios_dump : Readed file iOSApp, size 62505088. adcpp_ios_dump : Min version a0000, encrypt info 0x4000,50118656. adcpp_ios_dump : Sending iOSApp, 10.0.0, 62505088. Received iOSApp, 10.0.0, 62505088. Saved to ~/A64Dbg/decache/iOS/arm64-apple-ios/iOSApp. Linked to ~/A64Dbg/decache/iOS/arm64-apple-ios10.0.0/iOSApp. adcpp_ios_dump : Dumping /private/var/containers/Bundle/Application/6155B008-47B9-4660-857D-D0CC77A52838/iOSApp.app/Frameworks/webview_flutter.framework/webview_flutter. adcpp_ios_dump : Readed file webview_flutter, size 123376. adcpp_ios_dump : Min version 90000, encrypt info 0x4000,32768. adcpp_ios_dump : Sending webview_flutter, 9.0.0, 123376. Received webview_flutter, 9.0.0, 123376. Saved to ~/A64Dbg/decache/iOS/arm64-apple-ios/webview_flutter. Linked to ~/A64Dbg/decache/iOS/arm64-apple-ios9.0.0/webview_flutter. adcpp_ios_dump : Dumping /private/var/containers/Bundle/Application/6155B008-47B9-4660-857D-D0CC77A52838/iOSApp.app/Frameworks/yoga.framework/yoga. adcpp_ios_dump : Readed file yoga, size 197248. adcpp_ios_dump : Min version 80000, encrypt info 0x4000,65536. adcpp_ios_dump : Sending yoga, 8.0.0, 197248. Received yoga, 8.0.0, 197248. Saved to ~/A64Dbg/decache/iOS/arm64-apple-ios/yoga. Linked to ~/A64Dbg/decache/iOS/arm64-apple-ios8.0.0/yoga. adcpp_ios_dump : Dumping /private/var/containers/Bundle/Application/6155B008-47B9-4660-857D-D0CC77A52838/iOSApp.app/Frameworks/QMUIKit.framework/QMUIKit. adcpp_ios_dump : Readed file QMUIKit, size 1812032. adcpp_ios_dump : Min version 80000, encrypt info 0x4000,983040. adcpp_ios_dump : Sending QMUIKit, 8.0.0, 1812032. Received QMUIKit, 8.0.0, 1812032. Saved to ~/A64Dbg/decache/iOS/arm64-apple-ios/QMUIKit. Linked to ~/A64Dbg/decache/iOS/arm64-apple-ios8.0.0/QMUIKit. adcpp_ios_dump : Resuming task thread 00011807 with kernel result 0. adcpp_ios_dump : Resuming task thread 00011317 with kernel result 0. adcpp_ios_dump : Resuming task thread 0001264b with kernel result 0. adcpp_ios_dump : Resuming task thread 00004677 with kernel result 0. adcpp_ios_dump : Resuming task thread 0000ad13 with kernel result 0. adcpp_ios_dump : Ignored adcpp thread 00010107. adcpp_ios_dump : Finished dumping. ``` #### 版本历史 2022/2/21: * 修复没有LC_VERSION_MIN_IPHONEOS的MachO无法砸壳的问题; 2021/10/29: * 内置于A64Dbg,无需再手动安装该插件; 2021/10/9: * 发布V0.1.1; * 1.修复对于Fat文件砸壳崩溃的问题; * 2.修复在iOS13砸壳崩溃的问题; * 3.添加砸壳时暂停其他线程避免干扰提高稳定性的能力; 2021/9/16: * 发布V0.1.0; * 实现一键砸壳iOS程序至A64Dbg对应缓存目录的功能;