Those of you who have done game plugins know that code injection is usually tested using this tool (as well as hijacking injection and other injection methods).
There are usually two ways to do this test injection
On iPhone, we can use LLDB and Cycript to directly inject OC native language for testing, which is much simpler. In fact, we often use LLDB for debugging, and you probably already know a lot about it.
One is to inject a.dll dynamic library.
So when we do iOS reverse development, we inject the dynamic library to achieve code injection
Injection of dynamic libraries
Step 1 [Organize and optimize the previously re-signed items]
Create a new project
Create APP folder and put target APP [wechat] in it
Create a compile script
Put the previous [iOS reverse Journey (Advanced) – re-signature APP (2)] inside the script, write to the fileAssignApp.shAnd put it into the project
Then, in the instruction to run the script, add theAssignApp.shAt run time Xcode will automatically re-sign for us
Step 2 [Create a Framework]
Create a new Framework called PFFramework
Add the Framework to the project
This will inject the Framework into the project
Add injection code
Run and view the results
However, it was found that the injection was not successful, because our Framework was not used in wechat, so the dynamic library would not be loaded.
Step 3 [Modify Macho file properties]
At this time, we need to modify macho’s file attributes, so that wechat will load our Framework
Modify the macho file properties of the wechat executable
We’re going to use a new tool called Yololib which is very easy to use go into the.app and check the location of our PFFrameWork
Go to the command line mode and use the tool to modify its Macho file properties yololib WeChat Frameworks/PFFrameWork.framework/PFFrameWorkAnd then repackage the APP
Obviously this is too much work, we can use a simpler way.
Is added to the end of the original script on yololib “$TARGET_APP_PATH / $APP_BINARY” “Frameworks/PFFramework framework/PFFramework” code so that we can successfully injected
Look at the results
Note: I found that sometimes there was a crash in the project.
The reason for this is that the pfframework. framework is on and off, causing the project to crash occasionally
The amazing thing is that a clean build is going to work, but it took me a while to figure it out. It turns out that on the second build, the compiler will sometimes put pfframework.framework in the.app first, Then we execute the script rm -rf “$TARGET_APP_PATH” and automatically delete the library. So I’ll replace rm -rf “$TARGET_APP_PATH” with this function
functionrmFilterFramework() {for element in `ls The $1`
doiftest"$element"= ="Frameworks" || test"$element"= ="*.framewrok"; thenecho$elementelse
rm -rf The $1"/"$elementfidone
}
Copy the code
After modification, there will be no more bugs
Dynamic library injection
Step 1 [Organize and optimize the principle of re-signed projects]
This is consistent with the first step of injecting dynamic libraries into the Framework, which I won’t repeat here
Step 2 [Create a dylib]
Create a new dylib called PFLibrary
Modify his platform information and change the MAC to iOS
Change signature Authentication Change MAC Developer to iOS Developer
Add dylib to the project
Add injection code
Step 3 [Modify Macho file properties]
It is basically the same as step 3 of dynamic library injection [Framework], except that yololib is different when writing scripts. As long as can be changed to the following instructions yololib “$TARGET_APP_PATH / $APP_BINARY” “Frameworks/libPFLibrary. Dylib”