-
-
[原创]修改iphone微博的位置(iOS6.1.2)
-
发表于: 2013-3-18 17:44
-
设备与环境:
iOS6.1.2(需要越狱,安装openSSH, dbg,nano)
sina微博客户端,我这里使用的是3.3.6
iTouch4, 8G
MacOS 10.7.4(需要安装Hopper Disassembler, XCode with command tools)
越狱,安装openSSH, 安装gdb
在cydia添加源cydia.radare.org, 更新gdb到1708
下载dumpdecrypted 627K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6K6N6r3g2X3j5h3&6W2M7%4y4W2M7W2)9J5c8X3c8#2L8i4m8V1k6h3y4J5P5i4m8@1k6h3c8Q4x3U0k6F1j5Y4y4H3i4K6y4n7i4@1f1%4i4K6R3@1i4@1t1$3i4@1f1#2i4K6V1H3i4K6S2q4i4@1f1^5i4@1u0r3i4K6W2n7i4@1f1#2i4K6R3#2i4@1p5#2i4@1f1%4i4@1p5^5i4K6S2n7i4@1f1#2i4@1u0m8i4K6S2r3i4@1f1%4i4K6W2n7i4@1q4q4i4@1f1#2i4@1u0p5i4K6V1#2
修改根据你的XCode安装环境修改Makefile,修改其中BIN, GCC, SDK参数
编译dumpdecrypted,然后scp dumpdecrypted 到 root@iTouch_IP_Address:/var/root/
远程连接到iTouch设备 ssh root@iTouch_IP_Address
检查dumpdecrypted是否已经拷贝到root目录
运行dumpdecrypted,获得微博的解密版本
#DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile Applications/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx/Weibo.app/Weibo
将解密后的Weibo.decrypted拷贝的MacOS系统
scp Weibo.decrypted XXXX@MacOS_IP_Address:/Desktop/crack/
使用Hopper Disassembler静态分析
回到iTouch的ssh会话,使用nano .gdbinit创建一个gdb的启动配置
define bbvm
set $__bbvm=$arg0-0x1000
end
define bb
b *($__bbvm+$arg0)
end
点击运行Weibo,回到ssh:ps ax|grep Weibo 获得pid
gdb -p pid 开始调试
运行 i mach-region 0 // 查看起始地址
运行 bbvm 起始地址 // 设置地址基值(0xc5000)
回到Hopper Disassembler,在Label中查找WBSpotEngine,找到 WBSpotEngine:initWithLocation:函数, 获得函数地址AA(0x18ad50)
回到ssh 设置断点并继续
点击写微博,会被中断,回到ssh,输入
set $r2 = [[CLLocation alloc]initWithLatitude:25.743854 longitude:123.470707]
c
微博的位置已经修改了,发一条新位置的微博
获得更多想要的坐标 fb4K9s2c8@1M7q4)9K6b7g2)9J5c8W2)9J5c8X3c8A6N6s2g2Q4x3X3g2Y4L8$3!0Y4L8r3g2Q4x3X3g2U0L8R3`.`.
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
Thanks for share.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
用Flex插件不行吗?
|
|
|
|
|
|
Thanks for share.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
高手
|
