Dumpdecrypted: github.com/stefanesser… After downloading, enter the file and execute make to get the file dumpdecrypted. Dylib (dynamic library)
1. Upload files to jailbroken phones
SCP dumpdecrypted. Dylib [email protected]: / var/root /Copy the code2. Find the app path on your jailbroken phone
ps -A
Copy the code/var/containers/Bundle/Application/EB29BBE6-2F89-467F-A1B1-E0FFFCF3AF75/WeChat.app/WeChat
3, execute the command to break the shell
DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/containers/Bundle/Application/EB29BBE6-2F89-467F-A1B1-E0FFFCF3AF75/WeChat.app/WeChat
Copy the codeThe above dynamic library is not signed, so you need to sign the dynamic library:
ldid -S dumpdecrypted.dylib
Copy the codeAfter signing and executing the above command, you will get the decrypted executable file, which is the same as the WeChat. App /WeChat file, as shown in the figure below:
4. Download the file to the Mac desktop namedWeChat
SCP - r [email protected]: / var/root/WeChat. The decrypted WeChatCopy the codeRun a command to test whether the file is encrypted
otool -l WeChat|grep cry
Copy the code
5. Reverse out the wechat header file
class-dump -H WeChat -o apph
Copy the codeAfter the execution, you can see that the corresponding header file of wechat application is stored in apph.