以下僅做我在hook 中的記錄,
環境 VM PRO 15
MAC OS 15
Xcode 11.2
工具 monkeydev
install_name_tool
otool
思路:將要hook 的dylib,注入到我們新建的xcode工程中,然后拿着protuct 放到monkeydev 里去正常hook。
1.將dylib扔進hopper,發現有一個RobborVC,隨新建一個Xcode工程,在viewDidAppear中,present進RobborVC,
Class cls =NSClassFromString(@"RobotVc"); id Vc = [[cls alloc]init]; [self presentViewController:Vc animated:YES completion:^{ }];
1.使用 0tool -l 查看dylib 的依賴路徑,如下圖,發現dylib 還依賴了一個libsubstrate.dylib,
2.將上面兩個dylib 拖入新建Xocde的根目錄中
3.使用install_name_tool修改dylib 依賴路徑,
install_name_tool [-id name] input 修改對自身的依賴 install_name_tool [-change old new] input 修改對第三方庫的依賴 如: install_name_tool -id @@executable_path/Frameworks/CXZDZW.dylib /Users/jack/Desktop/testDLb/CXZDZW.dylib
install_name_tool -change @loader_path/libsubstrate.dylib /Users/jack/Desktop/testDLb/libsubstrate.dylib
4.載build phases 新增 run script 增加bash腳本,進行copy dylib進 $BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH 目錄下,並簽名
if [-f $BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/CXZDZW.dylib];then
rm -rf $BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/CXZDZW.dylib
fi
if [-f $BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/libsubstrate.dylib];then
rm -rf $BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/libsubstrate.dylib
fi
if [[ "${CONFIGURATION}" == "Debug" || "${CONFIGURATION}" == "DailyBuild" ]]; then echo "begin copy CXZDZW dylibs into product" cp -R $PROJECT_DIR/CXZDZW.dylib $BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH cp -R $PROJECT_DIR/libsubstrate.dylib $BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH if [ "${CODE_SIGNING_REQUIRED:-}" != "NO" ]; then /usr/bin/codesign --force --sign "${EXPANDED_CODE_SIGN_IDENTITY}" "$BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/CXZDZW.dylib" /usr/bin/codesign --force --sign "${EXPANDED_CODE_SIGN_IDENTITY}" "$BUILT_PRODUCTS_DIR/$FRAMEWORKS_FOLDER_PATH/libsubstrate.dylib" fi fi
5.找到.app文件,拖入monkeydev中,hook 即可
ps:草稿箱好多半成品文章。。。。