一直在看别人如何破解一个app,下面自己也尝试着学习怎么去破解一个app的密码,下面是完整的过程。

准备工作:

  一台mac或者pc安装了ssh客户端

  一台越狱的iphone

  iphone上安装了openSSH

  iphone上安装了gdb,请注意是这个:https://code.google.com/p/apiexplorer/downloads/list

  iphone上安装了adv-cmds

1、编写CrackMe,并且编译到真机上面,因为我是越狱手机,所以不需要证书就能够真机调试,CrackMe的关键代码如下:

  

//

//  ViewController.m

//  CrackMe_1

//

//  Created by test on 15-4-8.

//  Copyright (c) 2015年 va. All rights reserved.

//

#import "ViewController.h"

@interface ViewController ()<UIAlertViewDelegate>

@property (nonatomic, strong) NSString *pass;

@property (nonatomic, strong) UITextField *passInputTextField;

@property (nonatomic, strong) UIButton *confirmButton;

@end

@implementation ViewController

- (void)viewDidLoad {

    [super viewDidLoad];

    _pass = @"123456";

    _passInputTextField = [[UITextField alloc] init];

    _passInputTextField.bounds = CGRectMake(0, 0, CGRectGetWidth(self.view.bounds), 30);

    _passInputTextField.center = CGPointMake(self.view.center.x, self.view.center.y - 80);

    _passInputTextField.layer.borderColor = [[UIColor blackColor] CGColor];

    _passInputTextField.layer.borderWidth = 2;

    [self.view addSubview:_passInputTextField];

    _confirmButton = [[UIButton alloc] initWithFrame:CGRectMake(0, CGRectGetMaxY(_passInputTextField.frame) + 20, CGRectGetWidth(self.view.bounds), 30)];

    [_confirmButton setTitle:@"确认" forState:UIControlStateNormal];

    [_confirmButton setTitleColor:[UIColor blackColor] forState:UIControlStateNormal];

    [_confirmButton addTarget:self action:@selector(checkPass:) forControlEvents:UIControlEventTouchUpInside];

    _confirmButton.backgroundColor = [UIColor whiteColor];

    [self.view addSubview:_confirmButton];

    self.view.backgroundColor = [UIColor greenColor];

}

- (void)checkPass:(id)sender

{

    if([_pass isEqualToString:_passInputTextField.text])

    {

        UIAlertView *alertView = [[UIAlertView alloc] initWithTitle:@"tips"

                                                            message:@"right"

                                                           delegate:self

                                                  cancelButtonTitle:nil

                                                  otherButtonTitles:@"确定", nil];

        [alertView show];

    }

    else

    {

        UIAlertView *alertView = [[UIAlertView alloc] initWithTitle:@"tips"

                                                            message:@"wrong"

                                                           delegate:self

                                                  cancelButtonTitle:nil

                                                  otherButtonTitles:@"确定", nil];

        [alertView show];

    }

}

- (void)didReceiveMemoryWarning {

    [super didReceiveMemoryWarning];

    // Dispose of any resources that can be recreated.

}

- (void)alertView:(UIAlertView *)alertView clickedButtonAtIndex:(NSInteger)buttonIndex

{

}

@end

假设写死了密码,123456;用户输入123456弹出right提示,其它弹出wrong提示

界面如下:

  

二、用Hopper反汇编二进制文件

这里使用的是mac,也可以使用windows上面的IDA替代

左边已经能够看到关键的方法,定位到checkPass这个方法,可以看到跳转之前有一个字符串比较的操作,相对的我们可以在GDB找到这一行代码,下上断点

userdeMacBook-Air:machO user$ ssh root@xxx.xxx.xxx.xxx

The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.

RSA key fingerprint is b1:b3:2a:5b:4c:55:7c:0d:4c:fa:7e:ee:b7:27:c0:73.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'xxx.xxx.xxx.xxx' (RSA) to the list of known hosts.

root@xxx.xxx.xxx.xxx's password:

Permission denied, please try again.

root@xxx.xxx.xxx.xxx's password:

userde-iPhone:~ root# ps -ax|grep Crack

 3181 ??         0:00.52 /var/mobile/Applications/62B1E6C6-1AE8-43C7-B159-4D996BD57C49/CrackMe_1.app/CrackMe_1

 3199 ttys001    0:00.01 grep Crack

userde-iPhone:~ root# gdb -p 3181

GNU gdb 6.3.50-20050815 (Apple version gdb-1821) (Fri Jun 29 08:41:41 UTC 2012)

Copyright 2004 Free Software Foundation, Inc.

GDB is free software, covered by the GNU General Public License, and you are

welcome to change it and/or distribute copies of it under certain conditions.

Type "show copying" to see the conditions.

There is absolutely no warranty for GDB.  Type "show warranty" for details.

This GDB was configured as "arm-apple-darwin".

/private/var/root/3181: No such file or directory

Attaching to process 3181.

Reading symbols for shared libraries . done

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

Reading symbols for shared libraries

warning: Could not find object file "/Users/user/Library/Developer/Xcode/DerivedData/CrackMe_1-elcszaunecqvufebksjmisdqgltl/Build/Intermediates/CrackMe_1.build/Debug-iphoneos/CrackMe_1.build/Objects-normal/armv7/ViewController.o" - no debug information available for "ViewController.m".

warning: Could not find object file "/Users/user/Library/Developer/Xcode/DerivedData/CrackMe_1-elcszaunecqvufebksjmisdqgltl/Build/Intermediates/CrackMe_1.build/Debug-iphoneos/CrackMe_1.build/Objects-normal/armv7/AppDelegate.o" - no debug information available for "AppDelegate.m".

warning: Could not find object file "/Users/user/Library/Developer/Xcode/DerivedData/CrackMe_1-elcszaunecqvufebksjmisdqgltl/Build/Intermediates/CrackMe_1.build/Debug-iphoneos/CrackMe_1.build/Objects-normal/armv7/main.o" - no debug information available for "main.m".

............................................................................................................................................................ done

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

Reading symbols for shared libraries + done

0x3a147a50 in mach_msg_trap ()

(gdb) b -[ViewController checkPass:]

Breakpoint 1 at 0xc1576

(gdb) c

Continuing.

Breakpoint 1, 0x000c1576 in -[ViewController checkPass:] ()

(gdb) disas

Dump of assembler code for function -[ViewController checkPass:]:

0x000c156c <-[ViewController checkPass:]+0>:	push	{r4, r5, r6, r7, lr}

0x000c156e <-[ViewController checkPass:]+2>:	add	r7, sp, #12

0x000c1570 <-[ViewController checkPass:]+4>:	stmdb	sp!, {r8, r10}

0x000c1574 <-[ViewController checkPass:]+8>:	sub	sp, #136

0x000c1576 <-[ViewController checkPass:]+10>:	add	r3, sp, #124

0x000c1578 <-[ViewController checkPass:]+12>:	movw	r9, #0	; 0x0

0x000c157c <-[ViewController checkPass:]+16>:	movt	r9, #0	; 0x0

0x000c1580 <-[ViewController checkPass:]+20>:	str	r0, [sp, #132]

0x000c1582 <-[ViewController checkPass:]+22>:	str	r1, [sp, #128]

0x000c1584 <-[ViewController checkPass:]+24>:	str.w	r9, [sp, #124]

0x000c1588 <-[ViewController checkPass:]+28>:	mov	r0, r3

0x000c158a <-[ViewController checkPass:]+30>:	mov	r1, r2

0x000c158c <-[ViewController checkPass:]+32>:	blx	0xc2fec <dyld_stub_objc_storeStrong>

0x000c1590 <-[ViewController checkPass:]+36>:	movw	r0, #6816	; 0x1aa0

0x000c1594 <-[ViewController checkPass:]+40>:	movt	r0, #0	; 0x0

0x000c1598 <-[ViewController checkPass:]+44>:	add	r0, pc

0x000c159a <-[ViewController checkPass:]+46>:	ldr	r0, [r0, #0]

0x000c159c <-[ViewController checkPass:]+48>:	movw	r1, #9252	; 0x2424

0x000c15a0 <-[ViewController checkPass:]+52>:	movt	r1, #0	; 0x0

0x000c15a4 <-[ViewController checkPass:]+56>:	add	r1, pc

0x000c15a6 <-[ViewController checkPass:]+58>:	movw	r2, #9294	; 0x244e

0x000c15aa <-[ViewController checkPass:]+62>:	movt	r2, #0	; 0x0

0x000c15ae <-[ViewController checkPass:]+66>:	add	r2, pc

0x000c15b0 <-[ViewController checkPass:]+68>:	movw	r3, #9280	; 0x2440

0x000c15b4 <-[ViewController checkPass:]+72>:	movt	r3, #0	; 0x0

0x000c15b8 <-[ViewController checkPass:]+76>:	add	r3, pc

0x000c15ba <-[ViewController checkPass:]+78>:	ldr.w	r9, [sp, #132]

0x000c15be <-[ViewController checkPass:]+82>:	ldr	r3, [r3, #0]

0x000c15c0 <-[ViewController checkPass:]+84>:	add	r3, r9

0x000c15c2 <-[ViewController checkPass:]+86>:	ldr	r3, [r3, #0]

0x000c15c4 <-[ViewController checkPass:]+88>:	ldr.w	r9, [sp, #132]

0x000c15c8 <-[ViewController checkPass:]+92>:	ldr	r2, [r2, #0]

0x000c15ca <-[ViewController checkPass:]+94>:	add	r2, r9

0x000c15cc <-[ViewController checkPass:]+96>:	ldr	r2, [r2, #0]

0x000c15ce <-[ViewController checkPass:]+98>:	ldr	r1, [r1, #0]

0x000c15d0 <-[ViewController checkPass:]+100>:	str	r0, [sp, #112]

0x000c15d2 <-[ViewController checkPass:]+102>:	mov	r0, r2

0x000c15d4 <-[ViewController checkPass:]+104>:	ldr	r2, [sp, #112]

0x000c15d6 <-[ViewController checkPass:]+106>:	str	r3, [sp, #108]

0x000c15d8 <-[ViewController checkPass:]+108>:	blx	r2

0x000c15da <-[ViewController checkPass:]+110>:	mov	r7, r7

0x000c15dc <-[ViewController checkPass:]+112>:	blx	0xc2fe8 <dyld_stub_objc_retainAutoreleasedReturnValue>

0x000c15e0 <-[ViewController checkPass:]+116>:	movw	r1, #6736	; 0x1a50

0x000c15e4 <-[ViewController checkPass:]+120>:	movt	r1, #0	; 0x0

0x000c15e8 <-[ViewController checkPass:]+124>:	add	r1, pc

0x000c15ea <-[ViewController checkPass:]+126>:	ldr	r1, [r1, #0]

0x000c15ec <-[ViewController checkPass:]+128>:	movw	r2, #9176	; 0x23d8

0x000c15f0 <-[ViewController checkPass:]+132>:	movt	r2, #0	; 0x0

0x000c15f4 <-[ViewController checkPass:]+136>:	add	r2, pc

0x000c15f6 <-[ViewController checkPass:]+138>:	ldr	r2, [r2, #0]

0x000c15f8 <-[ViewController checkPass:]+140>:	ldr	r3, [sp, #108]

0x000c15fa <-[ViewController checkPass:]+142>:	str	r0, [sp, #104]

0x000c15fc <-[ViewController checkPass:]+144>:	mov	r0, r3

0x000c15fe <-[ViewController checkPass:]+146>:	str	r1, [sp, #100]

0x000c1600 <-[ViewController checkPass:]+148>:	mov	r1, r2

0x000c1602 <-[ViewController checkPass:]+150>:	ldr	r2, [sp, #104]

0x000c1604 <-[ViewController checkPass:]+152>:	ldr	r3, [sp, #100]

0x000c1606 <-[ViewController checkPass:]+154>:	blx	r3

0x000c1608 <-[ViewController checkPass:]+156>:	ldr	r1, [sp, #104]

0x000c160a <-[ViewController checkPass:]+158>:	str	r0, [sp, #96]

0x000c160c <-[ViewController checkPass:]+160>:	mov	r0, r1

0x000c160e <-[ViewController checkPass:]+162>:	blx	0xc2fe0 <dyld_stub_objc_release>

0x000c1612 <-[ViewController checkPass:]+166>:	ldr	r0, [sp, #96]

0x000c1614 <-[ViewController checkPass:]+168>:	sxtb	r1, r0

0x000c1616 <-[ViewController checkPass:]+170>:	cmp	r1, #0

0x000c1618 <-[ViewController checkPass:]+172>:	beq.n	0xc16e2 <-[ViewController checkPass:]+374>

0x000c161a <-[ViewController checkPass:]+174>:	movs	r0, #0

0x000c161c <-[ViewController checkPass:]+176>:	movt	r0, #0	; 0x0

0x000c1620 <-[ViewController checkPass:]+180>:	add	r1, sp, #120

0x000c1622 <-[ViewController checkPass:]+182>:	movw	r2, #6670	; 0x1a0e

0x000c1626 <-[ViewController checkPass:]+186>:	movt	r2, #0	; 0x0

0x000c162a <-[ViewController checkPass:]+190>:	add	r2, pc

0x000c162c <-[ViewController checkPass:]+192>:	ldr	r2, [r2, #0]

0x000c162e <-[ViewController checkPass:]+194>:	mov	r3, r2

0x000c1630 <-[ViewController checkPass:]+196>:	movw	r9, #9116	; 0x239c

0x000c1634 <-[ViewController checkPass:]+200>:	movt	r9, #0	; 0x0

0x000c1638 <-[ViewController checkPass:]+204>:	add	r9, pc

0x000c163a <-[ViewController checkPass:]+206>:	movw	r12, #6686	; 0x1a1e

0x000c163e <-[ViewController checkPass:]+210>:	movt	r12, #0	; 0x0

0x000c1642 <-[ViewController checkPass:]+214>:	add	r12, pc

0x000c1644 <-[ViewController checkPass:]+216>:	movw	lr, #6692	; 0x1a24

0x000c1648 <-[ViewController checkPass:]+220>:	movt	lr, #0	; 0x0

0x000c164c <-[ViewController checkPass:]+224>:	add	lr, pc

0x000c164e <-[ViewController checkPass:]+226>:	movw	r4, #6698	; 0x1a2a

0x000c1652 <-[ViewController checkPass:]+230>:	movt	r4, #0	; 0x0

0x000c1656 <-[ViewController checkPass:]+234>:	add	r4, pc

0x000c1658 <-[ViewController checkPass:]+236>:	mov	r5, r2

0x000c165a <-[ViewController checkPass:]+238>:	movw	r6, #9070	; 0x236e

0x000c165e <-[ViewController checkPass:]+242>:	movt	r6, #0	; 0x0

0x000c1662 <-[ViewController checkPass:]+246>:	add	r6, pc

0x000c1664 <-[ViewController checkPass:]+248>:	movw	r8, #8964	; 0x2304

0x000c1668 <-[ViewController checkPass:]+252>:	movt	r8, #0	; 0x0

0x000c166c <-[ViewController checkPass:]+256>:	add	r8, pc

0x000c166e <-[ViewController checkPass:]+258>:	movw	r10, #9078	; 0x2376

0x000c1672 <-[ViewController checkPass:]+262>:	movt	r10, #0	; 0x0

0x000c1676 <-[ViewController checkPass:]+266>:	add	r10, pc

0x000c1678 <-[ViewController checkPass:]+268>:	ldr.w	r10, [r10]

0x000c167c <-[ViewController checkPass:]+272>:	ldr.w	r8, [r8]

0x000c1680 <-[ViewController checkPass:]+276>:	str	r0, [sp, #92]

0x000c1682 <-[ViewController checkPass:]+278>:	mov	r0, r10

0x000c1684 <-[ViewController checkPass:]+280>:	str	r1, [sp, #88]

0x000c1686 <-[ViewController checkPass:]+282>:	mov	r1, r8

0x000c1688 <-[ViewController checkPass:]+284>:	str	r4, [sp, #84]

0x000c168a <-[ViewController checkPass:]+286>:	str	r5, [sp, #80]

0x000c168c <-[ViewController checkPass:]+288>:	str	r6, [sp, #76]

0x000c168e <-[ViewController checkPass:]+290>:	str	r3, [sp, #72]

0x000c1690 <-[ViewController checkPass:]+292>:	str.w	r9, [sp, #68]

0x000c1694 <-[ViewController checkPass:]+296>:	str.w	r12, [sp, #64]

0x000c1698 <-[ViewController checkPass:]+300>:	str.w	lr, [sp, #60]

0x000c169c <-[ViewController checkPass:]+304>:	blx	r2

0x000c169e <-[ViewController checkPass:]+306>:	ldr	r1, [sp, #132]

0x000c16a0 <-[ViewController checkPass:]+308>:	ldr	r2, [sp, #76]

0x000c16a2 <-[ViewController checkPass:]+310>:	ldr	r3, [r2, #0]

0x000c16a4 <-[ViewController checkPass:]+312>:	str	r1, [sp, #56]

0x000c16a6 <-[ViewController checkPass:]+314>:	mov	r1, r3

0x000c16a8 <-[ViewController checkPass:]+316>:	ldr	r2, [sp, #64]

0x000c16aa <-[ViewController checkPass:]+318>:	ldr	r3, [sp, #60]

0x000c16ac <-[ViewController checkPass:]+320>:	ldr.w	r9, [sp, #56]

0x000c16b0 <-[ViewController checkPass:]+324>:	str.w	r9, [sp]

0x000c16b4 <-[ViewController checkPass:]+328>:	ldr.w	r12, [sp, #92]

0x000c16b8 <-[ViewController checkPass:]+332>:	str.w	r12, [sp, #4]

0x000c16bc <-[ViewController checkPass:]+336>:	ldr.w	lr, [sp, #84]

0x000c16c0 <-[ViewController checkPass:]+340>:	str.w	lr, [sp, #8]

0x000c16c4 <-[ViewController checkPass:]+344>:	str.w	r12, [sp, #12]

0x000c16c8 <-[ViewController checkPass:]+348>:	ldr	r4, [sp, #80]

0x000c16ca <-[ViewController checkPass:]+350>:	blx	r4

0x000c16cc <-[ViewController checkPass:]+352>:	str	r0, [sp, #120]

0x000c16ce <-[ViewController checkPass:]+354>:	ldr	r0, [sp, #120]

0x000c16d0 <-[ViewController checkPass:]+356>:	ldr	r1, [sp, #68]

0x000c16d2 <-[ViewController checkPass:]+358>:	ldr	r1, [r1, #0]

0x000c16d4 <-[ViewController checkPass:]+360>:	ldr	r2, [sp, #72]

0x000c16d6 <-[ViewController checkPass:]+362>:	blx	r2

0x000c16d8 <-[ViewController checkPass:]+364>:	ldr	r0, [sp, #88]

0x000c16da <-[ViewController checkPass:]+366>:	ldr	r1, [sp, #92]

0x000c16dc <-[ViewController checkPass:]+368>:	blx	0xc2fec <dyld_stub_objc_storeStrong>

0x000c16e0 <-[ViewController checkPass:]+372>:	b.n	0xc17a8 <-[ViewController checkPass:]+572>

0x000c16e2 <-[ViewController checkPass:]+374>:	movs	r0, #0

0x000c16e4 <-[ViewController checkPass:]+376>:	movt	r0, #0	; 0x0

0x000c16e8 <-[ViewController checkPass:]+380>:	add	r1, sp, #116

0x000c16ea <-[ViewController checkPass:]+382>:	movw	r2, #6470	; 0x1946

0x000c16ee <-[ViewController checkPass:]+386>:	movt	r2, #0	; 0x0

0x000c16f2 <-[ViewController checkPass:]+390>:	add	r2, pc

0x000c16f4 <-[ViewController checkPass:]+392>:	ldr	r2, [r2, #0]

0x000c16f6 <-[ViewController checkPass:]+394>:	mov	r3, r2

0x000c16f8 <-[ViewController checkPass:]+396>:	movw	r9, #8916	; 0x22d4

0x000c16fc <-[ViewController checkPass:]+400>:	movt	r9, #0	; 0x0

0x000c1700 <-[ViewController checkPass:]+404>:	add	r9, pc

0x000c1702 <-[ViewController checkPass:]+406>:	movw	r12, #6486	; 0x1956

0x000c1706 <-[ViewController checkPass:]+410>:	movt	r12, #0	; 0x0

0x000c170a <-[ViewController checkPass:]+414>:	add	r12, pc

0x000c170c <-[ViewController checkPass:]+416>:	movw	lr, #6524	; 0x197c

0x000c1710 <-[ViewController checkPass:]+420>:	movt	lr, #0	; 0x0

0x000c1714 <-[ViewController checkPass:]+424>:	add	lr, pc

0x000c1716 <-[ViewController checkPass:]+426>:	movw	r4, #6498	; 0x1962

0x000c171a <-[ViewController checkPass:]+430>:	movt	r4, #0	; 0x0

0x000c171e <-[ViewController checkPass:]+434>:	add	r4, pc

0x000c1720 <-[ViewController checkPass:]+436>:	mov	r5, r2

0x000c1722 <-[ViewController checkPass:]+438>:	movw	r6, #8870	; 0x22a6

0x000c1726 <-[ViewController checkPass:]+442>:	movt	r6, #0	; 0x0

0x000c172a <-[ViewController checkPass:]+446>:	add	r6, pc

0x000c172c <-[ViewController checkPass:]+448>:	movw	r8, #8764	; 0x223c

0x000c1730 <-[ViewController checkPass:]+452>:	movt	r8, #0	; 0x0

0x000c1734 <-[ViewController checkPass:]+456>:	add	r8, pc

0x000c1736 <-[ViewController checkPass:]+458>:	movw	r10, #8878	; 0x22ae

0x000c173a <-[ViewController checkPass:]+462>:	movt	r10, #0	; 0x0

0x000c173e <-[ViewController checkPass:]+466>:	add	r10, pc

0x000c1740 <-[ViewController checkPass:]+468>:	ldr.w	r10, [r10]

0x000c1744 <-[ViewController checkPass:]+472>:	ldr.w	r8, [r8]

0x000c1748 <-[ViewController checkPass:]+476>:	str	r0, [sp, #52]

0x000c174a <-[ViewController checkPass:]+478>:	mov	r0, r10

0x000c174c <-[ViewController checkPass:]+480>:	str	r1, [sp, #48]

0x000c174e <-[ViewController checkPass:]+482>:	mov	r1, r8

0x000c1750 <-[ViewController checkPass:]+484>:	str	r4, [sp, #44]

0x000c1752 <-[ViewController checkPass:]+486>:	str	r5, [sp, #40]

0x000c1754 <-[ViewController checkPass:]+488>:	str	r6, [sp, #36]

0x000c1756 <-[ViewController checkPass:]+490>:	str	r3, [sp, #32]

0x000c1758 <-[ViewController checkPass:]+492>:	str.w	r9, [sp, #28]

0x000c175c <-[ViewController checkPass:]+496>:	str.w	r12, [sp, #24]

0x000c1760 <-[ViewController checkPass:]+500>:	str.w	lr, [sp, #20]

0x000c1764 <-[ViewController checkPass:]+504>:	blx	r2

0x000c1766 <-[ViewController checkPass:]+506>:	ldr	r1, [sp, #132]

0x000c1768 <-[ViewController checkPass:]+508>:	ldr	r2, [sp, #36]

0x000c176a <-[ViewController checkPass:]+510>:	ldr	r3, [r2, #0]

0x000c176c <-[ViewController checkPass:]+512>:	str	r1, [sp, #16]

0x000c176e <-[ViewController checkPass:]+514>:	mov	r1, r3

0x000c1770 <-[ViewController checkPass:]+516>:	ldr	r2, [sp, #24]

0x000c1772 <-[ViewController checkPass:]+518>:	ldr	r3, [sp, #20]

0x000c1774 <-[ViewController checkPass:]+520>:	ldr.w	r9, [sp, #16]

0x000c1778 <-[ViewController checkPass:]+524>:	str.w	r9, [sp]

0x000c177c <-[ViewController checkPass:]+528>:	ldr.w	r12, [sp, #52]

0x000c1780 <-[ViewController checkPass:]+532>:	str.w	r12, [sp, #4]

0x000c1784 <-[ViewController checkPass:]+536>:	ldr.w	lr, [sp, #44]

0x000c1788 <-[ViewController checkPass:]+540>:	str.w	lr, [sp, #8]

0x000c178c <-[ViewController checkPass:]+544>:	str.w	r12, [sp, #12]

0x000c1790 <-[ViewController checkPass:]+548>:	ldr	r4, [sp, #40]

0x000c1792 <-[ViewController checkPass:]+550>:	blx	r4

0x000c1794 <-[ViewController checkPass:]+552>:	str	r0, [sp, #116]

0x000c1796 <-[ViewController checkPass:]+554>:	ldr	r0, [sp, #116]

0x000c1798 <-[ViewController checkPass:]+556>:	ldr	r1, [sp, #28]

0x000c179a <-[ViewController checkPass:]+558>:	ldr	r1, [r1, #0]

0x000c179c <-[ViewController checkPass:]+560>:	ldr	r2, [sp, #32]

0x000c179e <-[ViewController checkPass:]+562>:	blx	r2

0x000c17a0 <-[ViewController checkPass:]+564>:	ldr	r0, [sp, #48]

0x000c17a2 <-[ViewController checkPass:]+566>:	ldr	r1, [sp, #52]

0x000c17a4 <-[ViewController checkPass:]+568>:	blx	0xc2fec <dyld_stub_objc_storeStrong>

0x000c17a8 <-[ViewController checkPass:]+572>:	add	r0, sp, #124

0x000c17aa <-[ViewController checkPass:]+574>:	movs	r1, #0

0x000c17ac <-[ViewController checkPass:]+576>:	movt	r1, #0	; 0x0

0x000c17b0 <-[ViewController checkPass:]+580>:	blx	0xc2fec <dyld_stub_objc_storeStrong>

0x000c17b4 <-[ViewController checkPass:]+584>:	add	sp, #136

0x000c17b6 <-[ViewController checkPass:]+586>:	ldmia.w	sp!, {r8, r10}

0x000c17ba <-[ViewController checkPass:]+590>:	pop	{r4, r5, r6, r7, pc}

End of assembler dump.

(gdb) b *0x000c1606

Breakpoint 2 at 0xc1606

(gdb) c

Continuing.

Breakpoint 2, 0x000c1606 in -[ViewController checkPass:] ()

(gdb) po $r0

123456

(gdb) po $r1

0x3226c9af does not appear to point to a valid object.

(gdb) po $r2

<object returned empty description>

(gdb) po $r3

0x39baf621 does not appear to point to a valid object.

(gdb)

 在 0x000c1606下断点继续跑,断下之后可以看到r0寄存器中存放的是password

IOS CrackMe 破解学习的更多相关文章

  1. iOS开发如何学习前端(2)

    iOS开发如何学习前端(2) 上一篇成果如下. 实现的效果如下. 实现了一个横放的<ul>,也既iOS中的UITableView. 实现了当鼠标移动到列表中的某一个<li>,也 ...

  2. iOS开发如何学习前端(1)

    iOS开发如何学习前端(1) 我为何学前端?因为无聊. 概念 前端大概三大块. HTML CSS JavaScript 基本上每个概念在iOS中都有对应的.HTML请想象成只能拉Autolayout或 ...

  3. 移动开发iOS&Android对比学习--异步处理

    在移动开发里很多时候需要用到异步处理.Android的主线程如果等待超过一定时间的时候直接出现ANR(对不熟悉Android的朋友这里需要解释一下什么叫ANR.ANR就是Application Not ...

  4. 关于iOS开发的学习

    关于iOS开发的学习,打个比方就像把汽车分解:    最底层的原料有塑料,钢铁    再用这些底层的东西造出来发动机,座椅    最后再加上写螺丝,胶水等,把汽车就拼起来了 iOS基本都是英文的资料, ...

  5. iOS核心动画学习整理

    最近利用业余时间终于把iOS核心动画高级技巧(https://zsisme.gitbooks.io/ios-/content/chapter1/the-layer-tree.html)看完,对应其中一 ...

  6. iOS CoreData技术学习资源汇总

    一.CoreData学习指引 1. 苹果官方:Core Data Programming Guide 什么是CoreData? 创建托管对象模型 初始化Core Data堆栈 提取对象 创建和修改自定 ...

  7. IOS内存管理学习笔记

    内存管理作为iOS中非常重要的部分,每一个iOS开发者都应该深入了解iOS内存管理,最近在学习iOS中整理出了一些知识点,先从MRC开始说起. 1.当一个对象在创建之后它的引用计数器为1,当调用这个对 ...

  8. 关于 iOS 的一些学习资料

    iOS.Book.Effective Objective-C 2.0 1. 中文翻译版 (更新中) https://github.com/HagerHu/effective-objective-c-2 ...

  9. ios之runtime学习

    今天学习了一下ios的runtime,看了其他博主的博客写的很不错,自己就不班门弄斧了,仅在此转载: 1.关于oc中类和元类:http://husbandman.diandian.com/post/2 ...

随机推荐

  1. linux 学习-软件的安装

    Linux软件的安装rpm -ivh安装软件全名 -i install 安装 -v verbose 显示详细信息 -h hash 显示进度 --nodeps 不检测依赖性(不推荐使用) rpm -U ...

  2. PopupWindow 的使用

    //contentView : 气泡显示的内容 //width ,height : 宽高 PopupWindow popupWindow = new PopupWindow(contentView, ...

  3. centos 6.5 安装mysql 5.6错误

    yum list libaio yum install libaio.i686 yum list glibc* yum install glibc.i686 yum list libstdc++* y ...

  4. webservice(二)

    ---摘自网络,感谢提供者 WsExplorer和Tcp/Ip Monitor工具本身就存在于eclipse和MyEclipse中 使用工具的原因: 1.  使用工具可以更好的了解WebService ...

  5. 【转】http://www.cnblogs.com/yuzukwok/p/3884377.html

    来自:http://www.cnblogs.com/yuzukwok/p/3884377.html An Introduction to Xamarin.Forms 来源:http://develop ...

  6. jdk7 HashSet和HashMap源码分析

    先来看看HashMap的一些成员变量以及他们的含义 /** * The default initial capacity - MUST be a power of two. */ static fin ...

  7. windows上安装ubuntukylin16.04并且在ubuntukylin上安装jdk

    1.安装ubuntukylin16.04 教程链接:http://jingyan.baidu.com/article/f71d60379824041ab641d19d.html 我是完全按照这个教程来 ...

  8. vim的配置文件参数

    环境:kali linux vim的配置文件存放在/etc/vim目录中,配置文件名为vimrc set nocompatible "去掉有关vi一致性模式,避免以前版本的bug和局限&qu ...

  9. IIS7添加mp4 MINE类型报错:无法写入配置文件

    解决方法: 方法一: 可能是由于文件为只读属性,所以修改网站文件访问权限,把此文件夹或者文件的写入权限给了这个用户. 方法二: 可能由于网站目录所在的分区是fat32格式,所以要把网站目录放在NTFS ...

  10. 移动端audio自动播放问题

    中秋临近,心血来潮想做个手机端贺卡,以前接触的移动端较少,虽然是个简单的贺卡,其实也蛮多坑的,简略说一下在制作贺卡的过程遇到的坑: 一:移动端的屏幕大小不能算作body的大小,因为手机浏览器头部都有网 ...