The LLDB has been introduced and used in previous articles. LLDB is really cool when we debug the application, but it has to stop the program every time, which is really an advantage when we analyze and modify the APP. However, when we need to analyze the whole APP in a large project, such debugging seems to be inadequate. Cycript fills this need.

Cycript is a scripting language developed by Saurik, the founder of Cydia. Cycript mixes OC with the interpreter for JavaScript syntax, which means that we can use OC or JavaScript, or both, in a single command. It can hook up to running processes and modify a lot of things at run time.

1. Language classification

  • Compiled languages (OC) require the source code to be compiled by the compiler to generate executable files for the corresponding architecture (binary)

  • Interpreted Python source code does not need to be compiled in advance by the compiler, but is temporarily translated into binary by a corresponding interpreter at runtime for the CPU to read.

A compiled language is the equivalent of a fluent English speaker reading a book in English without any other tools. The trade-off is that learning English is a slow process. Interpreted language is the equivalent of a non-English speaker reading an English book and then using a dictionary to read it properly. The advantage is that there is no time-consuming process of learning (compiling).

In theory, interpreted languages run much slower than interpreted languages, but in practice there are many great interpreters out there that execute specific code very quickly. The principle is that previously explained code is cached during execution so that it does not need to be explained again. Such as: pypy3

Cycript, the main character of this article, is an interpreted language!

Second, the installation

1. Download and install

Cycript installation is extremely simple, download the SDK here, and the downloaded file is an executable. The file is not big, only 2.9m.

Open the terminal and CD goes to the Cycript directory to run Cycript directly

./cycript
Copy the code

Not surprisingly, the following error will be reported:

This is because the native Ruby version is not the same as the version required by Cycript.

2. Solve Ruby

Step 1 Check the local Ruby version:
cd /System/Library/Frameworks/Ruby.framework/Versions/
ls
Copy the code

The native display version number is 2.3, while Cycript requires version 2.0.

Solution: Copy a copy of Ruby source code and change its version number (folder name) to 2.0

Step 2 Disable the SIP function

In OS X El Capitan, there is a security-related mode called System Integrity Protection (SIP), which forbids running software as root on a Mac. When you upgrade to OS X 10.11, you may see some applications disabled, which you may install from a terminal or third-party software source. This is convenient for most users, but some developers or advanced Mac users don’t need it.

  • Restart the computer and press Command +R to enter recovery mode
  • Open the terminal and entercsrutil disable, restart
  • If you want to start SIP, repeat the previous two steps and change the command tocsrutil enable

Step 3 Copy 2.3 directly and change to 2.0

After restarting your computer, run the following command:

Sudo mkdir -p/System/Library/Frameworks/Ruby framework Versions / 2.0 / usr/lib/sudo ln-s/ System/Library/Frameworks/Ruby framework Versions / 2.3 / usr/lib/libruby 2.3.0. Dylib / System/Library/Frameworks/Ruby framework Versions / 2.0 / usr/lib/libruby 2.0.0. DylibCopy the code

Note: Depending on your ruby version, Will be the second command above/System/Library/Frameworks/Ruby framework Versions / 2.3 / usr/lib/libruby 2.3.0. Dylib in Ruby version 2.3 into the machine. This is not demoting Ruby, just making a copy of dylib 2.0 of Ruby and getting Cycript running.

Run again

./cycript
Copy the code

If cy# appears, you are entering a Cycript environment.

3. Configure environment variables

Step 1 Moves Cycript

The /opt directory is a special directory for additional feature packs, so we put Cycript in that directory as well.

Step 2 Environment variables

Go to the user’s root directory, which contains the file.bash_profile, and open it with a text editor.

exportCY = / opt/cycript_0. 9.594 /export PATH = $CY:$PATH
Copy the code

Save Save. Cycript can then be used in any directory.

Three, simple use

1. Basic grammar

2. Basic debugging

Monkey was introduced in the previous article, and you can see that it already helps us integrate Cycript’s dynamic library. So it works with the Monkey to debug.

Without stopping, create a Monkey project and put the ipA package of Youku into the corresponding Target directory. For details:

Monkey has a port number 6666 open by default, as shown below:

So we use Cycript to connect to port 6666 and find the IP address of the Wifi the phone is connected to:


Cycript -r 192.168.32.113:6666Copy the code

If you’re stuck at this step, you’re not in a Cycript environment

So there are three possibilities

  • The phone and computer must be on the same wifi
  • Wifi has a problem, change to a wifi try, or directly use the mobile phone to open a hotspot, computer connected to your hotspot
  • The port number is occupied, you need to change the port (first change the port opened by the Monkey, then change the port connected by the command).

Once everything is normal, you can start debugging, as shown below:

// View the current KeyWindow uiwindow.keywindow () // custom variable var KeyWindow = uiwindow.keywindow () KeyWindow // hide the status bar [UIApp]setStatusBarHidden:YES]; // Use the address to view#0x108e3cd80// View all variables under an object *#0x108e3cd80// Check the name of the member variable under an object [I]for(i in* keyWindow)] / / formatting output current View hierarchy keyWindow. RecursiveDescription (), toString () / / display the current View of all the Button choose (UIButton)Copy the code

3. Advanced usage

In the previous article LLDB, we introduced that LLDB can define its own scripts for its own use, and Cycript can also customize its own apis.

1. Create a cy file

Create a new cy file called fyTest.cy

2. Define variables and functions

Define variables and functions in fyTest.cy

/ / get AppID FYAPPID = NSBundle. MainBundle. BundleIdentifier; / / get sandbox FYAPPPATH = NSBundle mainBundle. BundlePath; FYRootVC =function() {return UIApp.keyWindow.rootViewController;
};

FYGetCurrentVCFromRootVC = function(rootVC){
    var currentVC;
    if([rootVC presentedViewController]){
        rootVC = [rootVC presentedViewController];
    }
    
    if([rootVC isKindOfClass:[UITabBarController class]]){
        currentVC = FYGetCurrentVCFromRootVC(rootVC.selectedViewController);
    }else if([rootVC isKindOfClass:[UINavigationController class]]){
        currentVC = FYGetCurrentVCFromRootVC(rootVC.visibleViewController);
    }else{
        currentVC = rootVC;
    }
    returncurrentVC; }; // Get current VC FYCurrentVC =function() {return FYGetCurrentVCFromRootVC(FYRootVC());
};

Copy the code

3. Import Cy file

4. Use Cy files

Fytest. cy file is already in our APP, but we still need to import it every time we use it.

@import FYTest
Copy the code

5. Cy encapsulated by the gods

By default, Monkey preinstalled several CY files for us, as shown in the following two images:

  • Cy of MachO

  • Cy loaded over the network

Which variables and functions are available can be found here: ms, md

Four,

At this point, all the non-jailbreaking stuff is sorted out, and the next chapter will be mobile jailbreaking, shell smashing, and assembly static analysis. If you think it’ll help, just click on the caution button

Reference:

  • www.cnblogs.com/WinJayQ/p/8…