文章目录
MonkeyDev
使用
注入SDK
MonkeyDev
强大的工具集,MonkeyDev ,使用它行了!

安装教程见 Wiki

使用
拿着之前通过 frida砸壳 的 ipa包,先创建一个 MonkeyDev 工程。这里以 qqmusic 为例

%title插图%num
将砸壳的 ipa 放到 qqmusic/TargetApp/ 下,然后拖拽至工程文件中。

设置主工程的证书,dylib的不用设置

%title插图%num

提示 Showing All Messages Signing for “qqmusicDylib” requires a development team. Select a development team in the Signing & Capabilities editor. ,此时选择 qqmusicDylib->Build Settings->Add User-Defined Setting

%title插图%num

添加 CODE_SIGNING_ALLOWED 为 NO,再运行即可。

file not found: /usr/lib/libstdc++.dylib 问题

原因是新版本xcode去掉了libstdc++这个库,从老版本复制过来即可,这里直接使用别人的 https://github.com/devdawei/libstdc-

注入SDK
可以运行之后,我们在工程中初始化pod,

1 修改pod文件,注释use_frameworks!
2 # platform :ios, ‘9.0’
3
4 target ‘qqmusic’ do
5   # Comment the next line if you don’t want to use dynamic frameworks
6   # use_frameworks!
7   pod ‘GrowingAnalytics-cdp/Autotracker’
8   # Pods for qqmusic
9
10 end
11
12 target ‘qqmusicDylib’ do
13   # Comment the next line if you don’t want to use dynamic frameworks
14   # use_frameworks!
15   pod ‘GrowingAnalytics-cdp/Autotracker’
16   # Pods for qqmusicDylib
17
18 end

查找对应的appdelegate类,使用class-dump命令
class-dump -H xxx.app -o yourDir/Headers
1
发现其 AppDelegate 类叫 XXXXAppDelegate

然后使用logos注入SDK初始化代码,使用文档查看官网 http://iphonedevwiki.net/index.php/Logos

%title插图%num

1 // See http://iphonedevwiki.net/index.php/Logos
2
3 #import <UIKit/UIKit.h>
4 #import “GrowingAutotracker.h”
5
6 static NSString *const kGrowingProjectId = @”91eaf9b283361032″;
7
8 %hook XXXXAppDelegate
9
10 – (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {
11         BOOL result = %orig;
12     GrowingTrackConfiguration *configuration = [GrowingTrackConfiguration configurationWithProjectId:kGrowingProjectId];
13     configuration.debugEnabled = YES;
14     configuration.impressionScale = 1.0;
15     configuration.dataCollectionServerHost = @”https://run.mocky.io/v3/08999138-a180-431d-a136-051f3c6bd306″;
16     [GrowingAutotracker startWithConfiguration:configuration launchOptions:launchOptions];
17         return result;
18 }
19
20 %end

然后再编译运行,至此,已经可以在App中调试SDK,并有相关日志输出了。