Note: you will encounter a shell smashing failure, make sure to download from the App Store, if not re-download. Clutch requires jailbroken apps for iOS8.0 or higher. Download link: github.com/KJCracks/Cl…

1, after downloading willClutch - 2.0.4Put it on the jailbreak phoneusr/binDirectory (The default password isalpine)

SCP Clutch - 2.0.4 [email protected]: / usr/bin /Copy the code

2,sshTo connect to an Apple device, run the following command:

SSH [email protected]Copy the code

3, into theusr/binPurpose toClutch - 2.0.4Grant executable permissions:

Chmod + x Clutch - 2.0.4Copy the code

4, implementChmodCommand to view command parameters:

Clutch - 2.0.4Copy the code

-b Dumps only binary files

-d Dump the. Ipa file. Then smash the shell to obtain the. Ipa file path

5. List the installed applications:

Clutch - 2.0.4 - ICopy the code

6, start to break the shell, choose number 2 to break the shell of wechat:

Clutch - 2.0.4-2 dCopy the code

Run as follows:

Finally, generate a package path after shell breaking:/ private/var/mobile/Documents/Dumped/com. Tencent. Xin - iOS9.0 - (Clutch - 2.0.4). IpaDumpedFile download toMacIn:

SCP - r [email protected]: / private/var/mobile/Documents/Dumped ipas /Copy the code

Check whether encryption is enabled:

otool -l WeChat|grep cry
Copy the code

Crypff 16384 cryptsize 58556416 cryptid 0 Indicates that cryptid 0 is not encrypted

7, will be acquired.ipaModified towxtest.zipAnd unzip intowxtestIn the filePayload, run the following command:

class-dump -H WeChat.app -o apph
Copy the code

All header files corresponding to wechat are displayed in appH. As shown in figure:

apphIs all header file information corresponding to wechat. As shown in figure:

2. Prison Break

4. Shell smashing tool Clutch (Dynamic Shell smashing)