├── Makefile
├── src
├── self_contain
│ ├── lldbtools.md
│ ├── README.md
│ └── class_dump.md
├── appendix
│ ├── README.md
│ └── reference.md
├── assets
│ ├── favicon.ico
│ └── img
│ │ ├── add_files_to.jpg
│ │ ├── added_ipa_youtube.jpg
│ │ ├── choose_youtube_ipa.jpg
│ │ ├── monkeydev_new_project.jpg
│ │ ├── target_monkeydev_para.jpg
│ │ ├── xcode_youtube_building.jpg
│ │ ├── xcode_youtube_running.jpg
│ │ ├── apple_store_open_settings.png
│ │ ├── xcode_new_monkeydev_app.jpg
│ │ ├── xcode_youtube_installing.jpg
│ │ ├── xcode_debug_iphone_youtube.jpg
│ │ ├── xcode_project_info_youtube.jpg
│ │ ├── monkeydev_crash_cert_invalid_pretend.png
│ │ ├── xcode_deployment_target_default_empty.png
│ │ ├── xcode_target_minium_deployment_ios_13.png
│ │ ├── xcode_project_deployment_target_ios_12.png
│ │ ├── xcode_project_deployment_target_ios_13.png
│ │ ├── xcode_targets_minium_deployment_ios_12.png
│ │ ├── monkeydev_app_group_path_error_applestore.png
│ │ ├── monkeydev_crash_canopenurl_prefs_root_castle_error.png
│ │ └── monkeydev_crash_nscfconstantstring_stringbyappendingstring_nil_argument.png
├── summary
│ ├── project_file_structure.md
│ ├── internal_script_logic.md
│ ├── README.md
│ ├── misc_to_optimize.md
│ └── many_crash_abnormal.md
├── env_setup
│ ├── README.md
│ ├── debug_ipa
│ │ ├── common_issues
│ │ │ └── README.md
│ │ └── README.md
│ └── init_monkeydev
│ │ ├── README.md
│ │ └── common_issues.md
├── SUMMARY.md
├── README.md
└── monkeydev_overview
│ └── README.md
├── .gitignore
├── README_current.json
├── book_current.json
├── README.md
└── book.json
/Makefile:
--------------------------------------------------------------------------------
1 | include ../../common/honkit_makefile.mk
--------------------------------------------------------------------------------
/src/self_contain/lldbtools.md:
--------------------------------------------------------------------------------
1 | # LLDBTools
2 |
--------------------------------------------------------------------------------
/src/appendix/README.md:
--------------------------------------------------------------------------------
1 | # 附录
2 |
3 | 下面列出相关参考资料。
4 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | node_modules/
2 | output/
3 | debug/
4 |
5 | *.zip
6 |
7 | .DS_Store
8 |
9 | !src/**/output
--------------------------------------------------------------------------------
/src/assets/favicon.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/favicon.ico
--------------------------------------------------------------------------------
/src/assets/img/add_files_to.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/add_files_to.jpg
--------------------------------------------------------------------------------
/src/self_contain/README.md:
--------------------------------------------------------------------------------
1 | # 自身包含
2 |
3 | TODO:
4 |
5 | * 要加上其他的?
6 | * AntiAntiDebug ?
7 | * trace?
8 |
9 | ---
10 |
--------------------------------------------------------------------------------
/src/assets/img/added_ipa_youtube.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/added_ipa_youtube.jpg
--------------------------------------------------------------------------------
/src/assets/img/choose_youtube_ipa.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/choose_youtube_ipa.jpg
--------------------------------------------------------------------------------
/src/assets/img/monkeydev_new_project.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/monkeydev_new_project.jpg
--------------------------------------------------------------------------------
/src/assets/img/target_monkeydev_para.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/target_monkeydev_para.jpg
--------------------------------------------------------------------------------
/src/assets/img/xcode_youtube_building.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/xcode_youtube_building.jpg
--------------------------------------------------------------------------------
/src/assets/img/xcode_youtube_running.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/xcode_youtube_running.jpg
--------------------------------------------------------------------------------
/src/assets/img/apple_store_open_settings.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/apple_store_open_settings.png
--------------------------------------------------------------------------------
/src/assets/img/xcode_new_monkeydev_app.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/xcode_new_monkeydev_app.jpg
--------------------------------------------------------------------------------
/src/assets/img/xcode_youtube_installing.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/xcode_youtube_installing.jpg
--------------------------------------------------------------------------------
/src/assets/img/xcode_debug_iphone_youtube.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/xcode_debug_iphone_youtube.jpg
--------------------------------------------------------------------------------
/src/assets/img/xcode_project_info_youtube.jpg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/xcode_project_info_youtube.jpg
--------------------------------------------------------------------------------
/src/assets/img/monkeydev_crash_cert_invalid_pretend.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/monkeydev_crash_cert_invalid_pretend.png
--------------------------------------------------------------------------------
/src/assets/img/xcode_deployment_target_default_empty.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/xcode_deployment_target_default_empty.png
--------------------------------------------------------------------------------
/src/assets/img/xcode_target_minium_deployment_ios_13.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/xcode_target_minium_deployment_ios_13.png
--------------------------------------------------------------------------------
/src/assets/img/xcode_project_deployment_target_ios_12.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/xcode_project_deployment_target_ios_12.png
--------------------------------------------------------------------------------
/src/assets/img/xcode_project_deployment_target_ios_13.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/xcode_project_deployment_target_ios_13.png
--------------------------------------------------------------------------------
/src/assets/img/xcode_targets_minium_deployment_ios_12.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/xcode_targets_minium_deployment_ios_12.png
--------------------------------------------------------------------------------
/src/assets/img/monkeydev_app_group_path_error_applestore.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/monkeydev_app_group_path_error_applestore.png
--------------------------------------------------------------------------------
/src/assets/img/monkeydev_crash_canopenurl_prefs_root_castle_error.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/monkeydev_crash_canopenurl_prefs_root_castle_error.png
--------------------------------------------------------------------------------
/src/assets/img/monkeydev_crash_nscfconstantstring_stringbyappendingstring_nil_argument.png:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/crifan/ios_re_monkeydev_debug/HEAD/src/assets/img/monkeydev_crash_nscfconstantstring_stringbyappendingstring_nil_argument.png
--------------------------------------------------------------------------------
/src/summary/project_file_structure.md:
--------------------------------------------------------------------------------
1 | # 项目代码结构
2 |
3 | TODO:
4 |
5 | * 【已解决】MonkeyDev的Xcode项目代码优化:新增独立文件youtubeCronet.xm
6 | * 【已解决】MonkeyDev的Xcode项目代码优化:把公共部分提取到youtubeCommon.h
7 | * 【已解决】MonkeyDev的Xcode项目代码优化:把hook代码移动到独立文件
8 | * 【记录】优化MonkeyDev的YouTube代码:把Error部分提取到单独文件
9 |
10 | ---
11 |
--------------------------------------------------------------------------------
/src/env_setup/README.md:
--------------------------------------------------------------------------------
1 | # 环境搭建
2 |
3 | TODO:
4 |
5 | * 【记录】研究YouTube广告拦截导致视频从头播放的原因:XCode+MonkeyDev动态调试
6 | * 【已解决】Xcode调试越狱iPhone6中的YouTube
7 | * 【记录】恢复iOS逆向Xcode调试YouTube的开发环境
8 | * 【记录】恢复自己Mac的iOS逆向开发环境
9 | * 【已解决】自己Mac中恢复和重建Xcode的MonkeyDev开发环境
10 | * 【未解决】用XCode和MonkeyDev去调试iOS抖音app
11 |
12 | ---
13 |
14 |
--------------------------------------------------------------------------------
/README_current.json:
--------------------------------------------------------------------------------
1 | {
2 | "latestVersion": "v1.0.1",
3 | "lastUpdate": "20241007",
4 | "gitRepoName": "ios_re_monkeydev_debug",
5 | "bookName": "iOS逆向开发:MonkeyDev调试",
6 | "bookDescription": "整理iOS逆向开发中动态调试和插件tweak开发都会涉及到的工具MonkeyDev。先是概览;然后介绍环境搭建,包括初始化安装MonkeyDev,以如何及用Xcode+MonkeyDev去动态调试YouTube的ipa的过程;然后介绍MonkeyDev内部包含的内容,class-dump、LLDBTools等;然后总结心得,包括内部脚本逻辑、项目代码结构。"
7 | }
--------------------------------------------------------------------------------
/book_current.json:
--------------------------------------------------------------------------------
1 | {
2 | "title": "iOS逆向开发:MonkeyDev调试",
3 | "description": "整理iOS逆向开发中动态调试和插件tweak开发都会涉及到的工具MonkeyDev。先是概览;然后介绍环境搭建,包括初始化安装MonkeyDev,以如何及用Xcode+MonkeyDev去动态调试YouTube的ipa的过程;然后介绍MonkeyDev内部包含的内容,class-dump、LLDBTools等;然后总结心得,包括内部脚本逻辑、项目代码结构。",
4 | "pluginsConfig": {
5 | "github-buttons": {
6 | "buttons": [
7 | {
8 | "repo": "ios_re_monkeydev_debug"
9 | }
10 | ]
11 | },
12 | "sitemap-general": {
13 | "prefix": "https://book.crifan.org/books/ios_re_monkeydev_debug/website/"
14 | },
15 | "toolbar-button": {
16 | "url": "https://book.crifan.org/books/ios_re_monkeydev_debug/pdf/ios_re_monkeydev_debug.pdf"
17 | }
18 | }
19 | }
--------------------------------------------------------------------------------
/src/summary/internal_script_logic.md:
--------------------------------------------------------------------------------
1 | # 内部脚本逻辑
2 |
3 | TODO:
4 |
5 | 整理下面多个帖子
6 |
7 | ---
8 |
9 | MonkeyDev内部有一套自己的脚本,执行对应的预处理、编译、链接等等流程和逻辑。
10 |
11 | 下面介绍其中相关内容。
12 |
13 | ## pack.sh
14 |
15 | * 【未解决】XCode+MonkeyDev调试iOS的ipa除了首次外后续调试均会异常
16 | * 【未解决】研究MonkeyDev的XCode中/opt/MonkeyDev/Tools/pack.sh脚本的内部逻辑
17 | * 【未解决】给MonkeyDev的pack.sh加上echo的log日志调试分析运行逻辑
18 | * 【记录】研究MonkeyDev中pack.sh中为何info.plist异常缺失图标等字段
19 | *
20 |
21 | ## md
22 |
23 | * 【已解决】Xcode调试报错:/opt/MonkeyDev/bin/md No such file or directory
24 |
25 | ## md-install
26 |
27 | * 【已解决】Mac中MonkeyDev搭建环境运行md-install报错:File Xcode/Specifications/MacOSX Package Types.xcspec not found
28 | * 【已解决】MonkeyDev安装报错:tar Error Failed to extract md-install file.tar.gz
29 |
--------------------------------------------------------------------------------
/src/SUMMARY.md:
--------------------------------------------------------------------------------
1 | # iOS逆向开发:MonkeyDev调试
2 |
3 | * [前言](README.md)
4 | * [MonkeyDev概览](monkeydev_overview/README.md)
5 | * [环境搭建](env_setup/README.md)
6 | * [初始化MonkeyDev](env_setup/init_monkeydev/README.md)
7 | * [常见问题](env_setup/init_monkeydev/common_issues.md)
8 | * [用MonkeyDev调试ipa](env_setup/debug_ipa/README.md)
9 | * [常见问题](env_setup/debug_ipa/common_issues/README.md)
10 | * [自身包含](self_contain/README.md)
11 | * [class-dump](self_contain/class_dump.md)
12 | * [LLDBTools](self_contain/lldbtools.md)
13 | * [心得](summary/README.md)
14 | * [内部脚本逻辑](summary/internal_script_logic.md)
15 | * [项目代码结构](summary/project_file_structure.md)
16 | * [待改进的细节](summary/misc_to_optimize.md)
17 | * [调试时各种崩溃和异常](summary/many_crash_abnormal.md)
18 | * [附录](appendix/README.md)
19 | * [参考资料](appendix/reference.md)
20 |
--------------------------------------------------------------------------------
/src/summary/README.md:
--------------------------------------------------------------------------------
1 | # 心得
2 |
3 | TODO:
4 |
5 | * 【未解决】Mac中安装和搭建MonkeyDev+XCode的开发环境
6 | * 【已解决】MonkeyDev安装失败:Failed to download AloneMonkey/frida-ios-dump/3.x/dump.py
7 | * 【已解决】MonkeyDev安装报错:tar Error Failed to extract md-install file.tar.gz
8 | * 【已解决】MonkeyDev的XCode项目编译报错:codesign_allocate error failed with exit code 34304 errno No such file or directory
9 | * 【已解决】MonkeyDev的XCode编译:始终弹框安装codesign_allocate命令行工具
10 | * 【已解决】XCode启动崩溃:Failed to register spec from DEiOSSupportCore.ideplugin couldn't register specification malformed property list dictionary required key Identifier not present
11 | * 【已解决】MonkeyDev的XCode项目编译报错:Unable to install This application’s application-identifier entitlement does not match that of the installed application
12 | *
13 | * 【记录】用XCode和MonkeyDev调试Logos越狱插件代码的效果
14 | * 【已解决】用XCode和MonkeyDev去调试iOS抖音app
15 | * 【未解决】给MonkeyDev的pack.sh加上echo的log日志调试分析运行逻辑
16 | * 【记录】分析XCode+MonkeyDev编译抖音ipa详细过程的log
17 | * 【未解决】XCode+MonkeyDev调试iOS的ipa除了首次外后续调试均会异常
18 | * 【基本解决】Mac中用MonkeyDev+XCode去调试抖音脱壳ipa
19 |
20 | ---
21 |
22 | * 每次调试
23 | * 先Clean再Build:绕过bug,否则导致调试ipa会崩溃
24 | * 详见:
25 | * 【已解决】XCode+MonkeyDev调试18.9.0抖音的崩溃问题:先Clean后再调试
26 | * Xcode中,新增.xm文件的流程
27 | * 先新增.xm文件,再Build出.mm,再把.mm加到要编译的文件列表
28 | * 好像还要做一个什么映射还是关联?以便确保 自动从.xm生成.mm ?
29 |
--------------------------------------------------------------------------------
/src/self_contain/class_dump.md:
--------------------------------------------------------------------------------
1 | # class-dump
2 |
3 | TODO:
4 |
5 | * 【记录】支持iOS的Swift和ObjC混编的class-dump
6 | * 【已解决】MonkeyDev安装失败:Failed to download AloneMonkey/frida-ios-dump/3.x/dump.py
7 | * 【已解决】Mac中用class-dump导出YouTube头文件
8 |
9 | ---
10 |
11 | * `class-dump`:是编译好的二进制支持swift混淆的版本
12 | * 对应路径:`/opt/MonkeyDev/bin/class-dump`
13 | * 版本信息
14 | ```bash
15 | ➜ ~ class-dump --version
16 | class-dump 3.5 (64 bit) (Debug version compiled Sep 17 2017 16:24:48) compiled Sep 17 2017 16:24:48
17 | ```
18 |
19 | ## 让MonkeyDev的class-dump全局可用
20 |
21 | 此次,之前已安装好`iOSOpenDev`的环境和设置了相关的环境变量:
22 |
23 | * `~/.zshrc`
24 | ```bash
25 | export iOSOpenDevPath=/opt/iOSOpenDev
26 | export iOSOpenDevDevice=
27 | export PATH=/opt/iOSOpenDev/bin:$PATH
28 | ```
29 |
30 | 使得此处找到的`class-dump`是`iOSOpenDev`版本的:
31 |
32 | ```bash
33 | ➜ ~ which class-dump
34 | /opt/iOSOpenDev/bin/class-dump
35 | ```
36 |
37 | 此处想要,把全局的,命令行行中找到的`class-dump`换成(支持Swift和ObjC混淆的)`MonkeyDev`的
38 |
39 | 可以去:设置PATH环境变量,加上MonkeyDev的路径
40 |
41 | 编辑`~/.zshrc`,在最末尾加上:
42 |
43 | ```bash
44 | export MonkeyDevPath=/opt/MonkeyDev
45 | export MonkeyDevDeviceIP=
46 | export PATH=/opt/MonkeyDev/bin:$PATH
47 | ```
48 |
49 | 保存退出。重启终端,即可实现我们的效果:
50 |
51 | ```bash
52 | ➜ ~ which class-dump
53 | /opt/MonkeyDev/bin/class-dump
54 | ```
55 |
--------------------------------------------------------------------------------
/src/appendix/reference.md:
--------------------------------------------------------------------------------
1 | # 参考资料
2 |
3 | * [iOS逆向调试:Xcode+iOSOpenDev](https://book.crifan.org/books/ios_re_debug_xcode_iosopendev/website/)
4 | * [iOS逆向调试:debugserver+lldb](https://book.crifan.org/books/ios_re_debug_debugserver_lldb/website)
5 | *
6 | * 【整理】iOS越狱插件开发工具:MonkeyDev
7 | * 【未解决】MonkeyDev调试AppleStore报错:container_create_or_lookup_app_group_path_by_app_group_identifier
8 | * 【已解决】XCode+MonkeyDev动态调试YouTube的ipa
9 | * 【已解决】用MonkeyDev和XCode去调试17.8.0的抖音ipa
10 | * 【已解决】Mac中安装和搭建MonkeyDev+XCode的开发环境
11 | * 【已解决】MonkeyDev初始化报错:File /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/Library/Xcode/Specifications/MacOSX Package Types.xcspec not found
12 | * 【已解决】M2的Mac中给Xcode安装MonkeyDev出错:File /Applications/Xcode.app/Contents/PlugIns/IDEiOSSupportCore.ideplugin/Contents/Resources/Embedded-Device.xcspec not found
13 | * 【已解决】MonkeyDev的XCode编译报错:ld file not found /usr/lib/libstdc++.dylib
14 | * 【已解决】MonkeyDev编译运行报错:File not found arc libarclite_iphoneos.a
15 | * [开始使用](https://github.com/AloneMonkey/MonkeyDev/wiki/%E5%BC%80%E5%A7%8B%E4%BD%BF%E7%94%A8)
16 | * [非越狱App集成](https://github.com/AloneMonkey/MonkeyDev/wiki/%E9%9D%9E%E8%B6%8A%E7%8B%B1App%E9%9B%86%E6%88%90)
17 | * [iOSOpenDev修改版MonkeyDev](https://blog.alonemonkey.com/2017/06/28/monkeydev/)
18 | * [iOS逆向:2、MonkeyDev -- 记录(2020.12.24更) - leonlincq - 博客园](https://www.cnblogs.com/leonlincq/p/13967302.html)
19 | *
--------------------------------------------------------------------------------
/src/summary/misc_to_optimize.md:
--------------------------------------------------------------------------------
1 | # 待改进的细节
2 |
3 | MonkeyDev调试时,偶尔有些细节,不是我们期望的=不尽如人意 的地方,整理如下:
4 |
5 | ## image list的输出的加载镜像列表,其中app自身的路径,不是iPhone端的app的自身路径
6 |
7 | 概述:
8 |
9 | ```bash
10 | (lldb) image list -o -f
11 | [ 0] 0x0000000002bfc000 /Users/crifan/Library/Developer/Xcode/DerivedData/WhatsApp-fukxiohktyjtjqfvzmmrwluorwjn/Build/Products/Debug-iphoneos/WhatsApp.app/WhatsApp
12 | [ 1] 0x00000001069fc000 /Users/crifan/Library/Developer/Xcode/iOS DeviceSupport/13.3.1 (17D50)/Symbols/usr/lib/dyld
13 | ...
14 | ```
15 |
16 | * 其中的app的路径是
17 | * `/Users/crifan/Library/Developer/Xcode/DerivedData/WhatsApp-fukxiohktyjtjqfvzmmrwluorwjn/Build/Products/Debug-iphoneos/WhatsApp.app/WhatsApp`
18 | * 很明显是个Mac端的app的路径
19 | * 而不是移动端=iPhone端的app的实际路径
20 | * 而我们期望的是:iPhone端的app的实际路径
21 | * 其值应该是
22 | * 【记录】iOS逆向WhatsApp:lldb+debugserver调试时加载的image镜像列表
23 | * 中
24 | ```bash
25 | (lldb) image list -o -f
26 | [ 0] 0x0000000004c6c000 /private/var/containers/Bundle/Application/CCFD22D2-32EE-4F23-9C81-226663100D40/WhatsApp.app/WhatsApp(0x0000000104c6c000)
27 | [ 1] 0x0000000108a44000 /Users/crifan/Library/Developer/Xcode/iOS DeviceSupport/13.3.1 (17D50)/Symbols/usr/lib/dyld
28 | ...
29 | ```
30 | * 的
31 | * `/private/var/containers/Bundle/Application/CCFD22D2-32EE-4F23-9C81-226663100D40/WhatsApp.app/WhatsApp`
32 | * 这种,app在iPhone中实际的真实的路径
33 |
34 | 详见
35 |
36 | * 【记录】iOS逆向WhatsApp:MonkeyDev调试时加载的image镜像列表
37 |
--------------------------------------------------------------------------------
/src/env_setup/debug_ipa/common_issues/README.md:
--------------------------------------------------------------------------------
1 | # 常见问题
2 |
3 | 此处整理MonkeyDev调试编译运行ipa期间的常见问题。
4 |
5 | ## ld: file not found: /usr/lib/libstdc++.dylib
6 |
7 | * 问题
8 |
9 | MonkeyDev编译链接时报错:
10 |
11 | ```bash
12 | ld: file not found: /usr/lib/libstdc++.dylib
13 | ```
14 | * 原因:`Xcode 10+`之后=新版XCode,没了`/usr/lib/libstdc++.dylib`
15 | * 解决办法:网上找到缺失的`/usr/lib/libstdc++.dylib`,再安装拷贝到对应目录即可。
16 | * 具体步骤
17 |
18 | 网上有人弄了个仓库,专门干这事。所以去下载代码和运行对应脚本即可。
19 |
20 | ```bash
21 | git clone https://github.com/devdawei/libstdc-.git
22 |
23 | cd libstdc-
24 |
25 | chmod +x install-xcode_11+.sh
26 |
27 | ./install-xcode_11+.sh
28 | ```
29 |
30 | ## File not found: /xxx/arc/libarclite_iphoneos.a
31 |
32 | * 问题
33 |
34 | MonkeyDev调试ipa报错:
35 |
36 | ```bash
37 | File not found: /Applications/Xcode.app/Contents/Developer/Toolchains/XcodeDefault.xctoolchain/usr/lib/arc/libarclite_iphoneos.a
38 | ```
39 |
40 | * 原因:没有设置PROJECT中的iOS部署目标的iOS版本
41 | * 导致是默认的值`Default`=空值
42 | * 
43 | * 解决办法:去设置PROJECT中的iOS部署目标的iOS版本
44 | * 具体操作
45 | * 把项目的`PROJECT`->`Info`->`Deployment Target`->`iOS Deployment Target`从默认的`Default`=空值,改为`iOS 13.0`
46 | * 
47 | * 注意:尽量保持和`Targets`->ProjectName->`General`->`Minimum Deployment`中的`iOS 13.0` 的值一致
48 | * 
49 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # iOS逆向开发:MonkeyDev调试
2 |
3 | * 最新版本:`v1.0.1`
4 | * 更新时间:`20241007`
5 |
6 | ## 简介
7 |
8 | 整理iOS逆向开发中动态调试和插件tweak开发都会涉及到的工具MonkeyDev。先是概览;然后介绍环境搭建,包括初始化安装MonkeyDev,以如何及用Xcode+MonkeyDev去动态调试YouTube的ipa的过程;然后介绍MonkeyDev内部包含的内容,class-dump、LLDBTools等;然后总结心得,包括内部脚本逻辑、项目代码结构。
9 |
10 | ## 源码+浏览+下载
11 |
12 | 本书的各种源码、在线浏览地址、多种格式文件下载如下:
13 |
14 | ### HonKit源码
15 |
16 | * [crifan/ios_re_monkeydev_debug: iOS逆向开发:MonkeyDev调试](https://github.com/crifan/ios_re_monkeydev_debug)
17 |
18 | #### 如何使用此HonKit源码去生成发布为电子书
19 |
20 | 详见:[crifan/honkit_template: demo how to use crifan honkit template and demo](https://github.com/crifan/honkit_template)
21 |
22 | ### 在线浏览
23 |
24 | * [iOS逆向开发:MonkeyDev调试 book.crifan.org](https://book.crifan.org/books/ios_re_monkeydev_debug/website/)
25 | * [iOS逆向开发:MonkeyDev调试 crifan.github.io](https://crifan.github.io/ios_re_monkeydev_debug/website/)
26 |
27 | ### 离线下载阅读
28 |
29 | * [iOS逆向开发:MonkeyDev调试 PDF](https://book.crifan.org/books/ios_re_monkeydev_debug/pdf/ios_re_monkeydev_debug.pdf)
30 | * [iOS逆向开发:MonkeyDev调试 ePub](https://book.crifan.org/books/ios_re_monkeydev_debug/epub/ios_re_monkeydev_debug.epub)
31 | * [iOS逆向开发:MonkeyDev调试 Mobi](https://book.crifan.org/books/ios_re_monkeydev_debug/mobi/ios_re_monkeydev_debug.mobi)
32 |
33 | ## 版权和用途说明
34 |
35 | 此电子书教程的全部内容,如无特别说明,均为本人原创。其中部分内容参考自网络,均已备注了出处。如发现有侵权,请通过邮箱联系我 `admin 艾特 crifan.com`,我会尽快删除。谢谢合作。
36 |
37 | 各种技术类教程,仅作为学习和研究使用。请勿用于任何非法用途。如有非法用途,均与本人无关。
38 |
39 | ## 鸣谢
40 |
41 | 感谢我的老婆**陈雪**的包容理解和悉心照料,才使得我`crifan`有更多精力去专注技术专研和整理归纳出这些电子书和技术教程,特此鸣谢。
42 |
43 | ## 其他
44 |
45 | ### 作者的其他电子书
46 |
47 | 本人`crifan`还写了其他`150+`本电子书教程,感兴趣可移步至:
48 |
49 | [crifan/crifan_ebook_readme: Crifan的电子书的使用说明](https://github.com/crifan/crifan_ebook_readme)
50 |
51 | ### 关于作者
52 |
53 | 关于作者更多介绍,详见:
54 |
55 | [关于CrifanLi李茂 – 在路上](https://www.crifan.org/about/)
56 |
--------------------------------------------------------------------------------
/src/README.md:
--------------------------------------------------------------------------------
1 | # iOS逆向开发:MonkeyDev调试
2 |
3 | * 最新版本:`v1.0.1`
4 | * 更新时间:`20241007`
5 |
6 | ## 简介
7 |
8 | 整理iOS逆向开发中动态调试和插件tweak开发都会涉及到的工具MonkeyDev。先是概览;然后介绍环境搭建,包括初始化安装MonkeyDev,以如何及用Xcode+MonkeyDev去动态调试YouTube的ipa的过程;然后介绍MonkeyDev内部包含的内容,class-dump、LLDBTools等;然后总结心得,包括内部脚本逻辑、项目代码结构。
9 |
10 | ## 源码+浏览+下载
11 |
12 | 本书的各种源码、在线浏览地址、多种格式文件下载如下:
13 |
14 | ### HonKit源码
15 |
16 | * [crifan/ios_re_monkeydev_debug: iOS逆向开发:MonkeyDev调试](https://github.com/crifan/ios_re_monkeydev_debug)
17 |
18 | #### 如何使用此HonKit源码去生成发布为电子书
19 |
20 | 详见:[crifan/honkit_template: demo how to use crifan honkit template and demo](https://github.com/crifan/honkit_template)
21 |
22 | ### 在线浏览
23 |
24 | * [iOS逆向开发:MonkeyDev调试 book.crifan.org](https://book.crifan.org/books/ios_re_monkeydev_debug/website/)
25 | * [iOS逆向开发:MonkeyDev调试 crifan.github.io](https://crifan.github.io/ios_re_monkeydev_debug/website/)
26 |
27 | ### 离线下载阅读
28 |
29 | * [iOS逆向开发:MonkeyDev调试 PDF](https://book.crifan.org/books/ios_re_monkeydev_debug/pdf/ios_re_monkeydev_debug.pdf)
30 | * [iOS逆向开发:MonkeyDev调试 ePub](https://book.crifan.org/books/ios_re_monkeydev_debug/epub/ios_re_monkeydev_debug.epub)
31 | * [iOS逆向开发:MonkeyDev调试 Mobi](https://book.crifan.org/books/ios_re_monkeydev_debug/mobi/ios_re_monkeydev_debug.mobi)
32 |
33 | ## 版权和用途说明
34 |
35 | 此电子书教程的全部内容,如无特别说明,均为本人原创。其中部分内容参考自网络,均已备注了出处。如发现有侵权,请通过邮箱联系我 `admin 艾特 crifan.com`,我会尽快删除。谢谢合作。
36 |
37 | 各种技术类教程,仅作为学习和研究使用。请勿用于任何非法用途。如有非法用途,均与本人无关。
38 |
39 | ## 鸣谢
40 |
41 | 感谢我的老婆**陈雪**的包容理解和悉心照料,才使得我`crifan`有更多精力去专注技术专研和整理归纳出这些电子书和技术教程,特此鸣谢。
42 |
43 | ## 其他
44 |
45 | ### 作者的其他电子书
46 |
47 | 本人`crifan`还写了其他`150+`本电子书教程,感兴趣可移步至:
48 |
49 | [crifan/crifan_ebook_readme: Crifan的电子书的使用说明](https://github.com/crifan/crifan_ebook_readme)
50 |
51 | ### 关于作者
52 |
53 | 关于作者更多介绍,详见:
54 |
55 | [关于CrifanLi李茂 – 在路上](https://www.crifan.org/about/)
56 |
--------------------------------------------------------------------------------
/src/env_setup/init_monkeydev/README.md:
--------------------------------------------------------------------------------
1 | # 初始化MonkeyDev开发环境
2 |
3 | > [!WARNING|title:安装路径/opt不能变]
4 | > 后续的`MonkeyDev`、`theos`等的安装路径选择,虽然按道理可以自定义,但是此处内部很多脚本貌似只支持固定的默认的路径
5 | >
6 | > 所以,只能安装到默认的固定路径:
7 | > * `/opt/MonkeyDev`
8 | > * `/opt/theos`
9 | >
10 | > 而不能轻易改变路径,否则后续会出现很多诡异的问题
11 |
12 | 初始化搭建MonkeyDev环境=初始化安装MonkeyDev:
13 |
14 | * 下载theos
15 | ```bash
16 | sudo git clone --recursive https://github.com/theos/theos.git /opt/theos
17 | ```
18 | * 下载MonkeyDev(到固定位置:`/opt/MonkeyDev`)
19 | ```bash
20 | sudo git clone https://github.com/AloneMonkey/MonkeyDev.git /opt/MonkeyDev
21 | ```
22 | * 本地运行脚本去安装
23 | ```bash
24 | cd MonkeyDev/bin
25 | sudo bash md-install
26 | ```
27 |
28 | ## 搭建好的环境,对应目录的文件
29 |
30 | ```bash
31 | crifan@licrifandeMacBook-Pro ~ ll /opt/MonkeyDev
32 | total 88
33 | drwxr-xr-x 7 root wheel 224B 6 28 22:01 Frameworks
34 | -rw-r--r-- 1 root wheel 34K 6 28 22:26 LICENSE
35 | drwxr-xr-x 3 root wheel 96B 6 28 22:01 Librarys
36 | drwxr-xr-x 4 root wheel 128B 6 28 22:01 MFrameworks
37 | -rw-r--r-- 1 root wheel 1.7K 6 28 22:26 README.md
38 | drwxr-xr-x 3 root wheel 96B 6 28 22:01 Resource
39 | drwxr-xr-x 4 root wheel 128B 6 28 22:01 Tools
40 | drwxr-xr-x 12 root wheel 384B 6 28 22:07 bin
41 | -rw-r--r-- 1 root wheel 802B 6 28 22:26 change.log
42 | drwxr-xr-x 4 root wheel 128B 6 28 22:01 include
43 | drwxr-xr-x 14 root wheel 448B 6 28 22:03 templates
44 |
45 | crifan@licrifandeMacBook-Pro ~ ll /opt/theos
46 | total 112
47 | -rw-r--r-- 1 root wheel 5.1K 6 28 21:59 CODE_OF_CONDUCT.md
48 | -rw-r--r-- 1 root wheel 35K 6 28 21:59 LICENSE.md
49 | -rw-r--r-- 1 root wheel 1.0K 6 28 21:59 Prefix.pch
50 | -rw-r--r-- 1 root wheel 3.1K 6 28 21:59 README.md
51 | drwxr-xr-x 17 root wheel 544B 6 28 21:59 bin
52 | drwxr-xr-x 3 root wheel 96B 6 28 21:59 extras
53 | drwxr-xr-x 3 root wheel 96B 6 28 21:59 include
54 | drwxr-xr-x 3 root wheel 96B 6 28 21:59 lib
55 | drwxr-xr-x 28 root wheel 896B 6 28 21:59 makefiles
56 | drwxr-xr-x 3 root wheel 96B 6 28 21:59 mod
57 | -rw-r--r-- 1 root wheel 657B 6 28 21:59 package.json
58 | drwxr-xr-x 3 root wheel 96B 6 28 21:59 sdks
59 | drwxr-xr-x 3 root wheel 96B 6 28 21:59 templates
60 | drwxr-xr-x 3 root wheel 96B 6 28 21:59 toolchain
61 | drwxr-xr-x 8 root wheel 256B 6 28 21:59 vendor
62 | ```
--------------------------------------------------------------------------------
/src/monkeydev_overview/README.md:
--------------------------------------------------------------------------------
1 | # MonkeyDev概览
2 |
3 | [iOS逆向开发](https://book.crifan.org/books/ios_reverse_dev/website/)期间,其中常会涉及到[动态调试](https://book.crifan.org/books/ios_re_dynamic_debug/website/)和[写tweak插件](https://book.crifan.org/books/ios_re_jailbreak_tweak/website/),其中有个很好用的工具就是:`MonkeyDev`
4 |
5 | * `MonkeyDev`
6 | * 是什么:iOS逆向开发的成套工具
7 | * 概述:**iOSOpenDev的升级版** = 集成XCode和其他各种工具的更强的集成环境
8 | * 一句话描述:一个基于Xcode模块技术快速开发越狱和非越狱插件的工具,可以自动完成逆向中的固定步骤,一键集成非越狱插件,大大提升逆向分析和开发效率
9 | * 形式:Xcode的一个插件,可以新建MonkeyDev的相关不同类型的项目,做相关的逆向开发
10 | * 典型的用途
11 | * 砸壳出ipa后,用MonkeyDev+Xcode去动态调试
12 | * 用MonkeyDev去写(iPhone越狱后的)tweak插件
13 | * 主要包含模块
14 | * `Logos Tweak`
15 | * 使用theos提供的logify.pl工具将*.xm文件转成*.mm文件进行编译,集成了CydiaSubstrate,可以使用MSHookMessageEx和MSHookFunction来Hook OC函数、C/C++函数或指定地址
16 | * `CaptainHook Tweak`
17 | * 使用CaptainHook提供的头文件进行OC函数的Hook,以及属性的获取
18 | * `Command-line Tool`
19 | * 可以直接创建运行于越狱设备的命令行工具
20 | * `MonkeyApp`
21 | * 自动给第三方应用集成Reveal、Cycript和注入dylib的模块,支持调试dylib和第三方应用,支持Pod给第三方应用集成SDK,只需要准备一个砸壳后的ipa或者app文件即可
22 | * `MonkeyPod`
23 | * 将自动开发的非越狱插件制造成Pod以供其它人通过pod的方法来使用
24 | * `MonkeyAppMac`
25 | * 针对Mac逆向开发的模块,可以自动集成substitute,注入以及符号还原工作
26 |
27 | ## MonkeyDev vs iOSOpenDev
28 |
29 | * MonkeyDev vs iOSOpenDev
30 | * MonkeyDev比iOSOpenDev)多出一些更加有用的参数:
31 | * MonkeyDevDevicePassword
32 | * 默认值:`alpine`
33 | * MonkeyDevTheosPath
34 | * 默认值:`/opt/theos`
35 | * MonkeyDevKillProcessOnInstall
36 | * 默认值:`SpringBoard`
37 |
38 | ## 官方资料
39 | * 官方资料
40 | * Github
41 | * AloneMonkey/MonkeyDev: CaptainHook Tweak、Logos Tweak and Command-line Tool、Patch iOS Apps, Without Jailbreak.
42 | * https://github.com/AloneMonkey/MonkeyDev
43 | * wiki
44 | * https://github.com/AloneMonkey/MonkeyDev/wiki
45 | * [开始使用](https://github.com/AloneMonkey/MonkeyDev/wiki/%E5%BC%80%E5%A7%8B%E4%BD%BF%E7%94%A8)
46 | * [非越狱App集成](https://github.com/AloneMonkey/MonkeyDev/wiki/%E9%9D%9E%E8%B6%8A%E7%8B%B1App%E9%9B%86%E6%88%90)
47 | * 代码
48 | * [MonkeyDev/bin/md at master · AloneMonkey/MonkeyDev](https://github.com/AloneMonkey/MonkeyDev/blob/master/bin/md)
49 | * `export PATH=/opt/MonkeyDev/bin:$MonkeyDevTheosPath/bin:/usr/local/bin:/usr/bin:/usr/sbin:/bin:/sbin:$PATH`
50 | * 相关
51 | * AloneMonkey/MonkeyDev-Xcode-Templates: MonkeyDev-Xcode-Templates
52 | * https://github.com/AloneMonkey/MonkeyDev-Xcode-Templates
53 | * Blog
54 | * https://blog.alonemonkey.com/
55 | * [iOSOpenDev修改版MonkeyDev](https://blog.alonemonkey.com/2017/06/28/monkeydev/)
56 |
--------------------------------------------------------------------------------
/book.json:
--------------------------------------------------------------------------------
1 | {
2 | "title": "iOS逆向开发:MonkeyDev调试",
3 | "description": "整理iOS逆向开发中动态调试和插件tweak开发都会涉及到的工具MonkeyDev。先是概览;然后介绍环境搭建,包括初始化安装MonkeyDev,以如何及用Xcode+MonkeyDev去动态调试YouTube的ipa的过程;然后介绍MonkeyDev内部包含的内容,class-dump、LLDBTools等;然后总结心得,包括内部脚本逻辑、项目代码结构。",
4 | "pluginsConfig": {
5 | "github-buttons": {
6 | "buttons": [
7 | {
8 | "repo": "ios_re_monkeydev_debug",
9 | "user": "crifan",
10 | "type": "star",
11 | "count": true,
12 | "size": "small"
13 | },
14 | {
15 | "user": "crifan",
16 | "type": "follow",
17 | "width": "120",
18 | "count": false,
19 | "size": "small"
20 | }
21 | ]
22 | },
23 | "sitemap-general": {
24 | "prefix": "https://book.crifan.org/books/ios_re_monkeydev_debug/website/"
25 | },
26 | "toolbar-button": {
27 | "url": "https://book.crifan.org/books/ios_re_monkeydev_debug/pdf/ios_re_monkeydev_debug.pdf",
28 | "icon": "fa-file-pdf-o",
29 | "label": "下载PDF"
30 | },
31 | "theme-default": {
32 | "showLevel": true
33 | },
34 | "disqus": {
35 | "shortName": "crifan"
36 | },
37 | "prism": {
38 | "css": [
39 | "prism-themes/themes/prism-atom-dark.css"
40 | ]
41 | },
42 | "sharing": {
43 | "douban": false,
44 | "facebook": true,
45 | "google": false,
46 | "hatenaBookmark": false,
47 | "instapaper": false,
48 | "line": false,
49 | "linkedin": false,
50 | "messenger": false,
51 | "pocket": false,
52 | "qq": true,
53 | "qzone": false,
54 | "stumbleupon": false,
55 | "twitter": true,
56 | "viber": false,
57 | "vk": false,
58 | "weibo": true,
59 | "whatsapp": false,
60 | "all": [
61 | "douban",
62 | "facebook",
63 | "google",
64 | "instapaper",
65 | "line",
66 | "linkedin",
67 | "messenger",
68 | "pocket",
69 | "qq",
70 | "qzone",
71 | "stumbleupon",
72 | "twitter",
73 | "viber",
74 | "vk",
75 | "weibo",
76 | "whatsapp"
77 | ]
78 | },
79 | "tbfed-pagefooter": {
80 | "copyright": "crifan.org,使用署名4.0国际(CC BY 4.0)协议发布",
81 | "modify_label": "最后更新:",
82 | "modify_format": "YYYY-MM-DD HH:mm:ss"
83 | },
84 | "donate": {
85 | "wechat": "https://www.crifan.org/files/res/crifan_com/crifan_wechat_pay.jpg",
86 | "alipay": "https://www.crifan.org/files/res/crifan_com/crifan_alipay_pay.jpg",
87 | "title": "",
88 | "button": "打赏",
89 | "alipayText": "支付宝打赏给Crifan",
90 | "wechatText": "微信打赏给Crifan"
91 | }
92 | },
93 | "author": "Crifan Li ",
94 | "language": "zh-hans",
95 | "root": "./src",
96 | "links": {
97 | "sidebar": {
98 | "主页": "http://www.crifan.org"
99 | }
100 | },
101 | "plugins": [
102 | "theme-comscore",
103 | "anchors",
104 | "expandable-menu",
105 | "-lunr",
106 | "-search",
107 | "search-plus",
108 | "disqus",
109 | "-highlight",
110 | "prism",
111 | "prism-themes",
112 | "github-buttons",
113 | "-splitter",
114 | "splitter-nosessionbutcookie",
115 | "-sharing",
116 | "sharing-plus",
117 | "tbfed-pagefooter",
118 | "donate",
119 | "sitemap-general",
120 | "copy-code-button",
121 | "blockquote-callout",
122 | "toolbar-button"
123 | ]
124 | }
--------------------------------------------------------------------------------
/src/env_setup/debug_ipa/README.md:
--------------------------------------------------------------------------------
1 | # 用MonkeyDev调试ipa
2 |
3 | ## 用Xcode+MonkeyDev去调试砸壳后的YouTube的ipa
4 |
5 | * 概述
6 | * (1)`Xcode`新建`MonkeyDev`的`MonkeyApp`项目
7 | * (2)设置基本参数
8 | * `Product`:`youtube`
9 | * `Organization Identifier`:`com.google.ios`
10 | * 自动生成包名:`com.google.ios.youtube`
11 | * 记得要和app真实包名是一致的
12 | * (3)右键`TargetApp`->`Add Files to youtube`->选择YouTube的`ipa`
13 | * 注意勾选:
14 | * `Destination`:`Copy Items if needed`
15 | * 表示将ipa拷贝过来,而不是只是建立引用(链接)
16 | * `Added folders`:`Create groups`
17 | * (4)确保已设置合适的目标部署iOS版本
18 | * 尽量让`PROJECT`和`TARGETS`中的iOS目标的版本一致
19 | * `PROJECT`->`ProjectName`->`Info`->`Deployment Target`->`iOS Deployment Target`,比如设置为`iOS 12.0`
20 | * `TARGETS`->`ProjectName`->`General`->`Minimum Deployment`,比如设置为`iOS 12.0`
21 | * (5)确保`Targets`是`youtube`(而**不是**youtubeDylib),点击**▶️**按钮去启动调试,即可正常调试
22 | * 如果遇到各种问题
23 | * Unable to install
24 | * Could not inspect the application package
25 | * There was an internal API error
26 | * 可以:
27 | * 多试试几次
28 | * 或`Xcode`->`Clean Build Folder`,一般均可解决问题
29 |
30 | * 详解:
31 |
32 | ### 新建MonkeyDev项目
33 |
34 | * Xcode中新建项目,选`MonkeyDev`->`MonkeyApp`
35 | * 
36 | * 填写项目信息
37 | * 效果
38 | * 
39 | * 包名:`com.google.ios.youtube`
40 | * `Product Name`:`youtube`
41 | * `Organization Identifier`:`com.google.ios`
42 | * 自动生成包名:`com.google.ios.youtube`
43 | * `Target App`: `Optional`
44 | * 选择项目保存路径
45 | * 此处:`/Users/crifan/dev/DevRoot/YoutubeAdsFilter/Xcode/YouTube_1708`
46 | * 新建好了`Xcode`+`MonkeyDev`的项目
47 | * 
48 |
49 | ### 确保已设置合适的目标部署iOS版本
50 |
51 | * 尽量让`PROJECT`和`TARGETS`中的iOS目标的版本一致
52 | * `PROJECT`->`ProjectName`->`Info`->`Deployment Target`->`iOS Deployment Target`,比如设置为`iOS 12.0`
53 | * 
54 | * `TARGETS`->`ProjectName`->`General`->`Minimum Deployment`,比如设置为`iOS 12.0`
55 | * 
56 |
57 | ### 导入ipa
58 |
59 | * 添加导入([砸壳](https://book.crifan.org/books/ios_re_crack_shell_ipa/website/)后的)ipa
60 | * `TargetApp`->右键->`Add Files to`
61 | * 
62 | * 选择ipa文件
63 | * 图
64 | * 
65 | * 参数
66 | * `Destination`:`Copy Items if needed`
67 | * `Added folders`:`Create groups`
68 | * 添加好了的ipa
69 | * 
70 |
71 | ### 确认(调整)MonkeyDev配置参数
72 |
73 | 注意:默认的`TARGETS`是`youtubeDylib`,要先去切换过去`TARGETS`->`youtube`,才能看到配置。
74 |
75 | 去`TARGETS`->`youtube` 中确认此处MonkeyDev的配置参数(是你所希望的):
76 |
77 | 
78 |
79 | 此处参数配置值(多数是默认值)是:
80 |
81 | * `MONKEYDEV_ADD_SUBSTRATE` = `YES`
82 | * `MONKEYDEV_CLASS_DUMP` = `NO`
83 | * `MONKEYDEV_DEFAULT_BUNDLEID` = `NO`
84 | * `MONKEYDEV_INSERT_DYLIB` = `YES`
85 | * `MONKEYDEV_RESTORE_SYMBOL`=`NO`
86 | * `MONKEYDEV_TARGET_APP`=`Optional`
87 |
88 | ### 开始调试ipa
89 |
90 | 注意:默认的`TARGETS`是`youtubeDylib`,要先去切换过去`TARGETS`->`youtube`,才能正常运行,安装ipa,开始调试。
91 |
92 | 然后Xcode中即可去调试运行ipa:
93 |
94 | * Building
95 | * 
96 | * Installing
97 | * 
98 | * Running
99 | * 
100 |
101 | 然后可以在`iPhone`真机上调试`YouTube`了:
102 |
103 | 
104 |
--------------------------------------------------------------------------------
/src/env_setup/init_monkeydev/common_issues.md:
--------------------------------------------------------------------------------
1 | # 常见问题
2 |
3 | 此处整理MonkeyDev环境初始化期间的常见问题。
4 |
5 | ## curl: (7) Failed to connect to raw.githubusercontent.com port 443: Connection refused
6 |
7 | ```bash
8 | curl: (7) Failed to connect to raw.githubusercontent.com port 443: Connection refused
9 | Failed to download https://raw.githubusercontent.com/AloneMonkey/frida-ios-dump/3.x/dump.py to /opt/MonkeyDev/bin/dump.py
10 | ```
11 |
12 | 解决办法:
13 |
14 | 另外单独下载`frida-ios-dump`:
15 |
16 | ```bash
17 | git clone https://github.com/AloneMonkey/frida-ios-dump.git
18 | ```
19 |
20 | 然后把其中的`dump.py`和`dump.js`拷贝到`/opt/MonkeyDev/bin/`
21 |
22 | ->
23 |
24 | * `/opt/MonkeyDev/bin/dump.py`
25 | * `/opt/MonkeyDev/bin/dump.js`
26 |
27 | ## Failed to extract /xxx/md-install.gvGnDuMp/file.tar.gz to
28 |
29 | ```bash
30 | Failed to extract /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/md-install.gvGnDuMp/file.tar.gz to /var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/md-install.KQllUKhp
31 | ```
32 |
33 | 解决办法:
34 |
35 | 自己新建一个临时目录:
36 |
37 | ```bash
38 | mkdir -p /tmp/md_install/tempdirs
39 | ```
40 |
41 | 改`bin/md-install`为:
42 |
43 | ```bash
44 | # export tempDirsFile="`mktemp -d -t $scriptName`/tempdirs"
45 | export tempDirsFile="/tmp/md_install/tempdirs"
46 | ```
47 |
48 | ## Failed to echo into
49 |
50 | 错误现象:
51 |
52 | ```bash
53 | line 82行:Failed to echo into
54 | ```
55 |
56 | 解决办法:
57 |
58 | 注释掉
59 |
60 | ```bash
61 | # echo "$tempDir" >> "$tempDirsFile" || \
62 | # panic $? "Failed to echo into $tempDirsFile"
63 | ```
64 |
65 | ## File /xxx/Specifications/MacOSX Package Types.xcspec not found
66 |
67 | ```bash
68 | ➜ bin sudo bash md-install
69 | ...
70 | File /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/Library/Xcode/Specifications/MacOSX Package Types.xcspec not found
71 | ```
72 |
73 | 解决办法:
74 |
75 | * Xcode <13
76 | * 背景:存在`MacOSX Package Types.xcspec`,只是路径不对
77 | * 解决办法:改动路径或换用软链接
78 | * Xcode 13+
79 | * 背景:不存在`MacOSX Package Types.xcspec`(和`MacOSX Product Types.xcspec`),所以要去网上下载后,再去:改动路径或换用软链接
80 | * 下载`MacOSX Package Types.xcspec`和`MacOSX Product Types.xcspec`
81 | * [qbs/share/qbs/modules/bundle at master · qbs/qbs](https://github.com/qbs/qbs/tree/master/share/qbs/modules/bundle)中,下载
82 | * https://github.com/qbs/qbs/blob/master/share/qbs/modules/bundle/MacOSX-Package-Types.xcspec
83 | * 保存为:`MacOSX Package Types.xcspec`
84 | * https://github.com/qbs/qbs/blob/master/share/qbs/modules/bundle/MacOSX-Product-Types.xcspec
85 | * 保存为:`MacOSX Product Types.xcspec`
86 | * 拷贝到(旧版Xcode中对应的)目录:`/Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/Library/Xcode/PrivatePlugIns/IDEOSXSupportCore.ideplugin/Contents/Resources`
87 |
88 | 然后继续去操作:
89 |
90 | * 【推荐】方法1:使用软链接
91 |
92 | ```bash
93 | sudo ln -s /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/Library/Xcode/PrivatePlugIns/IDEOSXSupportCore.ideplugin/Contents/Resources /Applications/Xcode.app/Contents/Developer/Platforms/MacOSX.platform/Developer/Library/Xcode/Specifications
94 | ```
95 |
96 | * 方法2:(修改`md-install`脚本)改动路径
97 |
98 | 修改`/opt/MonkeyDev/bin/md-install`
99 |
100 | 修改路径,改为:
101 |
102 | ```bash
103 | # macosxSDKSpecificationsPath=$macosSdkPlatformPath/Developer/Library/Xcode/Specifications
104 | # packageTypesForMacOSXPath="$macosxSDKSpecificationsPath/MacOSX Package Types.xcspec"
105 | # productTypesForMacOSXPath="$macosxSDKSpecificationsPath/MacOSX Product Types.xcspec"
106 | macosxSDKSpecificationsPath=$macosSdkPlatformPath/Developer/Library/Xcode/PrivatePlugIns
107 | packageTypesForMacOSXPath="$macosxSDKSpecificationsPath/IDEOSXSupportCore.ideplugin/Contents/Resources/MacOSX Package Types.xcspec"
108 | productTypesForMacOSXPath="$macosxSDKSpecificationsPath/IDEOSXSupportCore.ideplugin/Contents/Resources/MacOSX Product Types.xcspec"
109 | ```
110 |
111 | 最后重新运行:
112 |
113 | ```bash
114 | sudo bash md-install
115 | ```
116 |
117 | 即可
118 |
119 | ## File /xxx/IDEiOSSupportCore.ideplugin/xxx/Embedded-Device.xcspec not found
120 |
121 | * 问题:
122 |
123 | Xcode 14.3.1的Mac中,报错:
124 |
125 | ```bash
126 | ➜ bin sudo bash md-install
127 | ...
128 | File /Applications/Xcode.app/Contents/PlugIns/IDEiOSSupportCore.ideplugin/Contents/Resources/Embedded-Device.xcspec not found
129 | ```
130 |
131 | * 原因:`Xcode 13+`之后,部分路径变化了,所以找不到对应路径
132 | * 解决办法:从Xcode中搜索到Embedded-Device.xcspec的实际位置,然后拷贝到报错的路径(如果不存在,先创建对应目录)即可
133 | * 具体步骤
134 |
135 | (1)找到Embedded-Device.xcspec
136 |
137 | ```bash
138 | ➜ ~ cd /Applications/Xcode.app/Contents
139 | ➜ Contents find . -name Embedded-Device.xcspec
140 | ./Developer/Library/Xcode/Plug-ins/XCBSpecifications.ideplugin/Contents/Resources/Embedded-Device.xcspec
141 | ```
142 |
143 | 找到:
144 |
145 | * `/Applications/Xcode.app/Contents/Developer/Library/Xcode/Plug-ins/XCBSpecifications.ideplugin/Contents/Resources/Embedded-Device.xcspec`
146 |
147 | (2)拷贝到报错目录
148 |
149 | 先新建该目录
150 |
151 | ```bash
152 | sudo mkdir -p /Applications/Xcode.app/Contents/PlugIns/IDEiOSSupportCore.ideplugin/Contents/Resources/
153 | ```
154 |
155 | 再去拷贝:
156 |
157 | ```bash
158 | sudo cp /Applications/Xcode.app/Contents/Developer/Library/Xcode/Plug-ins/XCBSpecifications.ideplugin/Contents/Resources/Embedded-Device.xcspec /Applications/Xcode.app/Contents/PlugIns/IDEiOSSupportCore.ideplugin/Contents/Resources/
159 | ```
160 |
161 | 确认文件的确存在:
162 |
163 | ```bash
164 | ➜ PlugIns ll /Applications/Xcode.app/Contents/PlugIns/IDEiOSSupportCore.ideplugin/Contents/Resources/
165 | total 8
166 | -rw-r--r--@ 1 root wheel 437B 10 12 15:34 Embedded-Device.xcspec
167 | ```
168 |
169 | 最后重新去操作:
170 |
171 | `sudo bash md-install`
172 |
--------------------------------------------------------------------------------
/src/summary/many_crash_abnormal.md:
--------------------------------------------------------------------------------
1 | # 调试时各种崩溃和异常
2 |
3 | TODO:
4 |
5 | * 【未解决】XCode+MonkeyDev调试iOS的ipa除了首次外后续调试均会异常
6 | * 【未解决】iOS逆向AppleStore:为何MonkeyDev调试安装ipa后运行会出现各种出错
7 |
8 | ---
9 |
10 | 用MonkeyDev调试ipa期间,经常会遇到:各种的崩溃和异常
11 |
12 | ## 现象
13 |
14 | * MonkeyDev调试ipa的各种崩溃和异常
15 | * AppleStore
16 | * app group path问题
17 | * ` [unspecified] container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled`
18 | * 
19 | * Charles抓包证书出错问题 = 无法抓包,会报证书问题
20 | * 举例
21 | * 【未解决】MonkeyDev调试Apple Store报错:此服务器的证书无效。您可能正在连接到一个伪装成xp.apple.com的服务器,这会威胁到您的机密信息的安全
22 | * 
23 | * (从iCloud)同步Apple账户失败 = 账号登录问题:导致后续显示`打开设置`页面,让转去设置中去登录账号
24 | * 举例
25 | * 【未解决】iOS逆向AppleStore点击打开设置报错canOpenURL failed for URL prefs:root=CASTLE error 未能完成操作 OSStatus错误 -10814
26 | * 
27 | * 
28 | * 【已解决】iOS逆向AppleStore:打开设置报错NSOSStatusErrorDomain Code -10814 _LSLine 225 _LSFunction _LSDOpenClient openURL
29 | * 【未解决】iOS逆向AppleStore:无法自动登录Apple账号
30 | * 【未解决】iOS逆向AppleStore:官网版本和砸壳版本对比找区别
31 | * 【未解决】iOS逆向AppleStore:砸壳版本调试出现各种问题
32 | * 抖音
33 | * NSString空字符串崩溃问题
34 | * 举例
35 | * 【规避解决】XCode的MonkeyDev调试抖音ipa崩溃:__NSCFConstantString stringByAppendingString nil argument
36 | * 
37 | * 【未解决】通过XCode给stringByAppendingString加断点调试寻找抖音崩溃原因
38 | * 【已解决】尝试解决XCode的MonkeyDev抖音ipa调试崩溃:hook函数stringByAppendingString
39 | * 等等
40 |
41 | ## 原因
42 |
43 | * 根本原因
44 | * 概述:entitlement权限丢失
45 | * 细节
46 | * MonkeyDev调试ipa期间,会重新打包,会丢失掉原先app内部的完整的entitlement权限
47 | * 然后只使用了默认的最最基本的entitlement权限
48 | * 导致原先app的内置的很多其他对于app运行期间极其重要的entitlement权限,就丢失了
49 | * 所以就会导致后续运行期间,出现各种:崩溃和异常
50 |
51 | ### 底层技术细节
52 |
53 | 比如用MonkeyDev去调试`Apple Store`的ipa来说:
54 |
55 | Xcode的编译期间的log可以看出编译过程是:
56 |
57 | ```bash
58 | /usr/bin/codesign --force --sign 846361C864F687841B120144B1F1D0770BCB0EE6 --entitlements /Users/crifan/Library/Developer/Xcode/DerivedData/Jolly-edtiyeefjwnsmtdjblcgpzxtpvnt/Build/Intermediates.noindex/Jolly.build/Debug-iphoneos/Jolly.build/Jolly.app.xcent --timestamp\=none --generate-entitlement-der /Users/crifan/Library/Developer/Xcode/DerivedData/Jolly-edtiyeefjwnsmtdjblcgpzxtpvnt/Build/Products/Debug-iphoneos/Jolly.app
59 | ```
60 |
61 | 其中用到的`Jolly.app.xcent`,是:
62 |
63 | (不论是否开启`CODE_SIGN_INJECT_BASE_ENTITLEMENTS`,都会使用的,通过默认的entitlement的模板所生成的)
64 |
65 | 默认的,内容非常少的,entitlement模板内容:
66 |
67 | * `/Users/crifan/Library/Developer/Xcode/DerivedData/Jolly-edtiyeefjwnsmtdjblcgpzxtpvnt/Build/Intermediates.noindex/Jolly.build/Debug-iphoneos/Jolly.build/DerivedSources/Entitlements.plist`
68 |
69 | ```xml
70 |
71 |
72 |
73 |
74 | application-identifier
75 | 3WRHBBSBW4.com.apple.store.Jolly
76 | com.apple.developer.team-identifier
77 | 3WRHBBSBW4
78 | get-task-allow
79 |
80 |
81 |
82 | ```
83 |
84 | 从而覆盖掉
85 |
86 | * 原始的,内容非常全的entitlement内容 == app原始的entitlement内容
87 |
88 | ```xml
89 |
90 |
91 |
92 |
93 | com.apple.watchlist.private
94 |
95 | com.apple.authkit.client.private
96 |
97 | com.apple.developer.associated-domains
98 |
99 | applinks:www.apple.com
100 | applinks:www.apple.com.cn
101 | applinks:concierge.apple.com
102 | applinks:reserve-prime.apple.com
103 | applinks:reserve-gb.apple.com
104 | applinks:reserve-cn.apple.com
105 | webcredentials:www.apple.com
106 |
107 | com.apple.private.tcc.allow
108 |
109 | kTCCServiceMediaLibrary
110 | kTCCServiceAddressBook
111 |
112 | com.apple.accounts.idms.fullaccess
113 |
114 | com.apple.developer.pass-type-identifiers
115 |
116 | MT9US5E2G8.*
117 |
118 | application-identifier
119 | W74U47NE8E.com.apple.store.Jolly
120 | com.apple.accounts.appleaccount.fullaccess
121 |
122 | com.apple.itunesstored.private
123 |
124 | com.apple.private.MobileGestalt.AllowedProtectedKeys
125 |
126 | UniqueDeviceID
127 | SerialNumber
128 | IntegratedCircuitCardIdentifier
129 | InternationalMobileEquipmentIdentity
130 | InternationalMobileEquipmentIdentity2
131 | IntegratedCircuitCardIdentifier2
132 |
133 | fairplay-client
134 | 187241837
135 | com.apple.Contacts.database-allow
136 |
137 | com.apple.developer.siri
138 |
139 | com.apple.private.applemediaservices
140 |
141 | com.apple.ap.adservicesd.statusconditionservice
142 |
143 | com.apple.developer.usernotifications.time-sensitive
144 |
145 | com.apple.private.appstored
146 |
147 | IAPHistory
148 |
149 | com.apple.springboard.opensensitiveurl
150 |
151 | com.apple.developer.in-app-payments
152 |
153 | com.apple.ASA_AOS
154 | com.apple.ASA_EPC
155 | com.apple.ASA_AOS_KRYPTON
156 | com.apple.ASA_EPC_KRYPTON
157 | com.apple.ASA-AOS-ALT
158 |
159 | com.apple.security.application-groups
160 |
161 | group.com.apple.store.Jolly
162 |
163 | com.apple.security.exception.shared-preference.read-write
164 |
165 | com.apple.AvatarUI.Staryu
166 | com.apple.animoji
167 |
168 | com.apple.developer.associated-appclip-app-identifiers
169 |
170 | W74U47NE8E.com.apple.store.Jolly.Clip
171 |
172 | com.apple.proactive.PersonalizationPortrait.Topic.readOnly
173 |
174 | com.apple.private.ind.client
175 |
176 | com.apple.security.exception.mach-lookup.global-name
177 |
178 | com.apple.AppleMediaServicesUIDynamicService
179 | com.apple.appstored.xpc
180 | com.apple.proactive.PersonalizationPortrait.Topic.readOnly
181 | com.apple.corefollowup.agent
182 | com.apple.ndoagent
183 | com.apple.ind.xpc
184 |
185 | aps-environment
186 | production
187 | com.apple.developer.default-data-protection
188 | NSFileProtectionCompleteUntilFirstUserAuthentication
189 | com.apple.security.exception.shared-preference.read-only
190 |
191 | com.apple.suggestions
192 |
193 | com.apple.security.exception.files.absolute-path.read-only
194 |
195 | /var/mobile/Library/Preferences/com.apple.suggestions.plist
196 |
197 | com.apple.private.ndoagent
198 |
199 | com.apple.ap.adservicesd.statusconditionclient.allow_read
200 |
201 | com.apple.private.tcc.allow-or-regional-prompt
202 |
203 | kTCCServiceAddressBook
204 |
205 | com.apple.developer.team-identifier
206 | MT9US5E2G8
207 | com.apple.coretelephony.Identity.get
208 |
209 | com.apple.private.avatar.store
210 |
211 | com.apple.accounts.appleidauthentication.defaultaccess
212 |
213 | com.apple.features.all-access
214 |
215 |
216 |
217 | ```
218 |
219 | 注,查看entitlement的方式:
220 |
221 | ```bash
222 | crifan@licrifandeMacBook-Pro ~/dev/dev_root/iosReverse/AppleStore/fromiPhone11/AppleStore_TrollStoreInstalledOk_inited/Bundle/46830BF1-0DBF-4EE2-8084-1C0404BD7555 codesign -d --entitlements - Apple\ Store.app
223 | Executable=/Users/crifan/dev/dev_root/iosReverse/AppleStore/fromiPhone11/AppleStore_TrollStoreInstalledOk_inited/Bundle/46830BF1-0DBF-4EE2-8084-1C0404BD7555/Apple Store.app/Apple Store
224 | ...
225 | ```
226 |
227 | 或:
228 |
229 | ```bash
230 | crifan@licrifandeMacBook-Pro ~/dev/dev_root/iosReverse/AppleStore/dynamicDebug/Xcode/Jolly/Jolly/TargetApp ldid -e Apple\ Store.app/Apple\ Store > AppleStore_embeded_entitlements.plist
231 | ```
232 |
233 | 由此导致了:
234 |
235 | 后续app正常运行期间,由于丢失了所需要的各种的entitlement权限,而运行崩溃或异常
236 |
237 | 举例:
238 |
239 | 丢失了原有的app group的entitlement权限的设置:
240 |
241 | ```xml
242 | com.apple.security.application-groups
243 |
244 | group.com.apple.store.Jolly
245 |
246 | ```
247 |
248 | 而导致了后续的app group path的问题:
249 |
250 | ```bash
251 | 2023-01-11 14:43:19.763884+0800 Apple Store[10606:1787412] [unspecified] container_create_or_lookup_app_group_path_by_app_group_identifier: client is not entitled
252 | [ApplicationGroupContainer.swift:37] applicationGroupContainerPath() - Application security container path not found
253 | ```
254 |
255 | ## 解决办法
256 |
257 | ### 彻底解决
258 |
259 | * 彻底解决:暂时无解
260 | * 之前尝试解决,但是无法解决
261 | * 【无法解决】iOS逆向app:更改配置尝试解决MonkeyDev调试安装ipa各种错误
262 | * 抖音 = Aweme
263 | * 【记录】研究XCode+MonkeyDev后续调试ipa但不签名codesign能否解决崩溃问题
264 | * 【未解决】XCode的MonkeyDev参考和学习ipa安装过程和机制生成安装后不崩溃的抖音ipa
265 | * 【记录】分析XCode+MonkeyDev编译抖音ipa详细过程的log
266 | * AppleStore = Jolly.app
267 | * 【基本解决】iOS逆向Xcode中codesign:Xcode参数CODE_SIGN_INJECT_BASE_ENTITLEMENTS
268 | * 【未解决】iOS逆向AppleStore:codesign通过额外参数--preserve-metadata实现保留entitlement
269 | * 【未解决】iOS逆向AppleStore:Xcode编译时codesign不传入--entitlements参数即不使用entitlement文件
270 | * 【未解决】iOS逆向AppleStore:Xcode编译时codesign时如何指定合适的entitlement权限文件
271 | * 【未解决】iOS逆向AppleStore:Xcode编译时禁用codesign代码签名
272 | * 【未解决】iOS逆向Xcode中codesign:寻找BaseEntitlements.plist来源
273 | * 【未解决】iOS逆向Xcode中codesign:研究DerivedSources/Entitlements.plist的来源
274 | * 【未解决】iOS逆向Xcode中codesign:研究xcbuild文件的编译过程细节
275 | * 【无法解决】iOS逆向Xcode中codesign:找.app.xcent文件内容来源自己更改或替换默认内容
276 | * 【未解决】iOS逆向AppleStore:Xcode编译时codesign给参数--entitlements指定自己的entitlement文件
277 | * 【基本解决】iOS逆向Xcode中codesign:搞懂DerivedSources/Entitlements.plist的内容的来源
278 | * 【未解决】iOS逆向AppleStore:Xcode编译时如何保留修改后的entitlement文件或重签名的app
279 | * 【未解决】iOS逆向AppleStore:研究Xcode编译过程找二进制中entitlement丢失的原因
280 | * 【未解决】iOS逆向Xcode中自己指定entitlement:禁用自动管理签名
281 | * 【未解决】iOS逆向Xcode的codesign:看看编译时各种环境变量是否有用的
282 | * 【未解决】研究MonkeyDev的XCode中/opt/MonkeyDev/Tools/pack.sh脚本的内部逻辑
283 | * 【未解决】iOS逆向AppleStore:自己单独运行命令设置完整的entitlement权限
284 | * 【已解决】XCode中查看Build Phases中Run Script的sh脚本的log输出
285 | * 【未解决】给MonkeyDev的pack.sh加上echo的log日志调试分析运行逻辑
286 | * 【未解决】iOS逆向AppleStore:Xcode的build期间如何在Sign之后执行自定义命令
287 | * 【未解决】iOS逆向AppleStore:导致异常版本中的二进制中丢失plist的entitlement等信息的原因
288 | * 【已解决】Xcode调试ipa或app:确保项目debug-ipa正常调试运行
289 |
290 | ### 规避办法workaround
291 |
292 | * 规避办法:改用其他调试手段
293 | * 优先推荐:`Xcode+iOSOpenDev`
294 | * [iOS逆向调试:Xcode+iOSOpenDev](https://book.crifan.org/books/ios_re_debug_xcode_iosopendev/website/)
295 | * 其次可以考虑:`debugserver+lldb`
296 | * [iOS逆向调试:debugserver+lldb](https://book.crifan.org/books/ios_re_debug_debugserver_lldb/website)
297 |
--------------------------------------------------------------------------------