一直在看别人如何破解一个app,下面自己也尝试着学习怎么去破解一个app的密码,下面是完整的过程。

准备工作:

  一台mac或者pc安装了ssh客户端

  一台越狱的iphone

  iphone上安装了openSSH

  iphone上安装了gdb,请注意是这个:https://code.google.com/p/apiexplorer/downloads/list

  iphone上安装了adv-cmds

1、编写CrackMe,并且编译到真机上面,因为我是越狱手机,所以不需要证书就能够真机调试,CrackMe的关键代码如下:

  

//

//  ViewController.m

//  CrackMe_1

//

//  Created by test on 15-4-8.

//  Copyright (c) 2015年 va. All rights reserved.

//

#import "ViewController.h"

@interface ViewController ()<UIAlertViewDelegate>

@property (nonatomic, strong) NSString *pass;

@property (nonatomic, strong) UITextField *passInputTextField;

@property (nonatomic, strong) UIButton *confirmButton;

@end

@implementation ViewController

- (void)viewDidLoad {

    [super viewDidLoad];

    _pass = @"123456";

    _passInputTextField = [[UITextField alloc] init];

    _passInputTextField.bounds = CGRectMake(0, 0, CGRectGetWidth(self.view.bounds), 30);

    _passInputTextField.center = CGPointMake(self.view.center.x, self.view.center.y - 80);

    _passInputTextField.layer.borderColor = [[UIColor blackColor] CGColor];

    _passInputTextField.layer.borderWidth = 2;

    [self.view addSubview:_passInputTextField];

    _confirmButton = [[UIButton alloc] initWithFrame:CGRectMake(0, CGRectGetMaxY(_passInputTextField.frame) + 20, CGRectGetWidth(self.view.bounds), 30)];

    [_confirmButton setTitle:@"确认" forState:UIControlStateNormal];

    [_confirmButton setTitleColor:[UIColor blackColor] forState:UIControlStateNormal];

    [_confirmButton addTarget:self action:@selector(checkPass:) forControlEvents:UIControlEventTouchUpInside];

    _confirmButton.backgroundColor = [UIColor whiteColor];

    [self.view addSubview:_confirmButton];

    self.view.backgroundColor = [UIColor greenColor];

}

- (void)checkPass:(id)sender

{

    if([_pass isEqualToString:_passInputTextField.text])

    {

        UIAlertView *alertView = [[UIAlertView alloc] initWithTitle:@"tips"

                                                            message:@"right"

                                                           delegate:self

                                                  cancelButtonTitle:nil

                                                  otherButtonTitles:@"确定", nil];

        [alertView show];

    }

    else

    {

        UIAlertView *alertView = [[UIAlertView alloc] initWithTitle:@"tips"

                                                            message:@"wrong"

                                                           delegate:self

                                                  cancelButtonTitle:nil

                                                  otherButtonTitles:@"确定", nil];

        [alertView show];

    }

}

- (void)didReceiveMemoryWarning {

    [super didReceiveMemoryWarning];

    // Dispose of any resources that can be recreated.

}

- (void)alertView:(UIAlertView *)alertView clickedButtonAtIndex:(NSInteger)buttonIndex

{

}

@end

假设写死了密码,123456;用户输入123456弹出right提示,其它弹出wrong提示

界面如下:

  

二、用Hopper反汇编二进制文件

这里使用的是mac,也可以使用windows上面的IDA替代

左边已经能够看到关键的方法,定位到checkPass这个方法,可以看到跳转之前有一个字符串比较的操作,相对的我们可以在GDB找到这一行代码,下上断点

userdeMacBook-Air:machO user$ ssh root@xxx.xxx.xxx.xxx

The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.

RSA key fingerprint is b1:b3:2a:5b:4c:55:7c:0d:4c:fa:7e:ee:b7:27:c0:73.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'xxx.xxx.xxx.xxx' (RSA) to the list of known hosts.

root@xxx.xxx.xxx.xxx's password:

Permission denied, please try again.

root@xxx.xxx.xxx.xxx's password:

userde-iPhone:~ root# ps -ax|grep Crack

 3181 ??         0:00.52 /var/mobile/Applications/62B1E6C6-1AE8-43C7-B159-4D996BD57C49/CrackMe_1.app/CrackMe_1

 3199 ttys001    0:00.01 grep Crack

userde-iPhone:~ root# gdb -p 3181

GNU gdb 6.3.50-20050815 (Apple version gdb-1821) (Fri Jun 29 08:41:41 UTC 2012)

Copyright 2004 Free Software Foundation, Inc.

GDB is free software, covered by the GNU General Public License, and you are

welcome to change it and/or distribute copies of it under certain conditions.

Type "show copying" to see the conditions.

There is absolutely no warranty for GDB.  Type "show warranty" for details.

This GDB was configured as "arm-apple-darwin".

/private/var/root/3181: No such file or directory

Attaching to process 3181.

Reading symbols for shared libraries . done

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

Reading symbols for shared libraries

warning: Could not find object file "/Users/user/Library/Developer/Xcode/DerivedData/CrackMe_1-elcszaunecqvufebksjmisdqgltl/Build/Intermediates/CrackMe_1.build/Debug-iphoneos/CrackMe_1.build/Objects-normal/armv7/ViewController.o" - no debug information available for "ViewController.m".

warning: Could not find object file "/Users/user/Library/Developer/Xcode/DerivedData/CrackMe_1-elcszaunecqvufebksjmisdqgltl/Build/Intermediates/CrackMe_1.build/Debug-iphoneos/CrackMe_1.build/Objects-normal/armv7/AppDelegate.o" - no debug information available for "AppDelegate.m".

warning: Could not find object file "/Users/user/Library/Developer/Xcode/DerivedData/CrackMe_1-elcszaunecqvufebksjmisdqgltl/Build/Intermediates/CrackMe_1.build/Debug-iphoneos/CrackMe_1.build/Objects-normal/armv7/main.o" - no debug information available for "main.m".

............................................................................................................................................................ done

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

Reading symbols for shared libraries + done

0x3a147a50 in mach_msg_trap ()

(gdb) b -[ViewController checkPass:]

Breakpoint 1 at 0xc1576

(gdb) c

Continuing.

Breakpoint 1, 0x000c1576 in -[ViewController checkPass:] ()

(gdb) disas

Dump of assembler code for function -[ViewController checkPass:]:

0x000c156c <-[ViewController checkPass:]+0>:	push	{r4, r5, r6, r7, lr}

0x000c156e <-[ViewController checkPass:]+2>:	add	r7, sp, #12

0x000c1570 <-[ViewController checkPass:]+4>:	stmdb	sp!, {r8, r10}

0x000c1574 <-[ViewController checkPass:]+8>:	sub	sp, #136

0x000c1576 <-[ViewController checkPass:]+10>:	add	r3, sp, #124

0x000c1578 <-[ViewController checkPass:]+12>:	movw	r9, #0	; 0x0

0x000c157c <-[ViewController checkPass:]+16>:	movt	r9, #0	; 0x0

0x000c1580 <-[ViewController checkPass:]+20>:	str	r0, [sp, #132]

0x000c1582 <-[ViewController checkPass:]+22>:	str	r1, [sp, #128]

0x000c1584 <-[ViewController checkPass:]+24>:	str.w	r9, [sp, #124]

0x000c1588 <-[ViewController checkPass:]+28>:	mov	r0, r3

0x000c158a <-[ViewController checkPass:]+30>:	mov	r1, r2

0x000c158c <-[ViewController checkPass:]+32>:	blx	0xc2fec <dyld_stub_objc_storeStrong>

0x000c1590 <-[ViewController checkPass:]+36>:	movw	r0, #6816	; 0x1aa0

0x000c1594 <-[ViewController checkPass:]+40>:	movt	r0, #0	; 0x0

0x000c1598 <-[ViewController checkPass:]+44>:	add	r0, pc

0x000c159a <-[ViewController checkPass:]+46>:	ldr	r0, [r0, #0]

0x000c159c <-[ViewController checkPass:]+48>:	movw	r1, #9252	; 0x2424

0x000c15a0 <-[ViewController checkPass:]+52>:	movt	r1, #0	; 0x0

0x000c15a4 <-[ViewController checkPass:]+56>:	add	r1, pc

0x000c15a6 <-[ViewController checkPass:]+58>:	movw	r2, #9294	; 0x244e

0x000c15aa <-[ViewController checkPass:]+62>:	movt	r2, #0	; 0x0

0x000c15ae <-[ViewController checkPass:]+66>:	add	r2, pc

0x000c15b0 <-[ViewController checkPass:]+68>:	movw	r3, #9280	; 0x2440

0x000c15b4 <-[ViewController checkPass:]+72>:	movt	r3, #0	; 0x0

0x000c15b8 <-[ViewController checkPass:]+76>:	add	r3, pc

0x000c15ba <-[ViewController checkPass:]+78>:	ldr.w	r9, [sp, #132]

0x000c15be <-[ViewController checkPass:]+82>:	ldr	r3, [r3, #0]

0x000c15c0 <-[ViewController checkPass:]+84>:	add	r3, r9

0x000c15c2 <-[ViewController checkPass:]+86>:	ldr	r3, [r3, #0]

0x000c15c4 <-[ViewController checkPass:]+88>:	ldr.w	r9, [sp, #132]

0x000c15c8 <-[ViewController checkPass:]+92>:	ldr	r2, [r2, #0]

0x000c15ca <-[ViewController checkPass:]+94>:	add	r2, r9

0x000c15cc <-[ViewController checkPass:]+96>:	ldr	r2, [r2, #0]

0x000c15ce <-[ViewController checkPass:]+98>:	ldr	r1, [r1, #0]

0x000c15d0 <-[ViewController checkPass:]+100>:	str	r0, [sp, #112]

0x000c15d2 <-[ViewController checkPass:]+102>:	mov	r0, r2

0x000c15d4 <-[ViewController checkPass:]+104>:	ldr	r2, [sp, #112]

0x000c15d6 <-[ViewController checkPass:]+106>:	str	r3, [sp, #108]

0x000c15d8 <-[ViewController checkPass:]+108>:	blx	r2

0x000c15da <-[ViewController checkPass:]+110>:	mov	r7, r7

0x000c15dc <-[ViewController checkPass:]+112>:	blx	0xc2fe8 <dyld_stub_objc_retainAutoreleasedReturnValue>

0x000c15e0 <-[ViewController checkPass:]+116>:	movw	r1, #6736	; 0x1a50

0x000c15e4 <-[ViewController checkPass:]+120>:	movt	r1, #0	; 0x0

0x000c15e8 <-[ViewController checkPass:]+124>:	add	r1, pc

0x000c15ea <-[ViewController checkPass:]+126>:	ldr	r1, [r1, #0]

0x000c15ec <-[ViewController checkPass:]+128>:	movw	r2, #9176	; 0x23d8

0x000c15f0 <-[ViewController checkPass:]+132>:	movt	r2, #0	; 0x0

0x000c15f4 <-[ViewController checkPass:]+136>:	add	r2, pc

0x000c15f6 <-[ViewController checkPass:]+138>:	ldr	r2, [r2, #0]

0x000c15f8 <-[ViewController checkPass:]+140>:	ldr	r3, [sp, #108]

0x000c15fa <-[ViewController checkPass:]+142>:	str	r0, [sp, #104]

0x000c15fc <-[ViewController checkPass:]+144>:	mov	r0, r3

0x000c15fe <-[ViewController checkPass:]+146>:	str	r1, [sp, #100]

0x000c1600 <-[ViewController checkPass:]+148>:	mov	r1, r2

0x000c1602 <-[ViewController checkPass:]+150>:	ldr	r2, [sp, #104]

0x000c1604 <-[ViewController checkPass:]+152>:	ldr	r3, [sp, #100]

0x000c1606 <-[ViewController checkPass:]+154>:	blx	r3

0x000c1608 <-[ViewController checkPass:]+156>:	ldr	r1, [sp, #104]

0x000c160a <-[ViewController checkPass:]+158>:	str	r0, [sp, #96]

0x000c160c <-[ViewController checkPass:]+160>:	mov	r0, r1

0x000c160e <-[ViewController checkPass:]+162>:	blx	0xc2fe0 <dyld_stub_objc_release>

0x000c1612 <-[ViewController checkPass:]+166>:	ldr	r0, [sp, #96]

0x000c1614 <-[ViewController checkPass:]+168>:	sxtb	r1, r0

0x000c1616 <-[ViewController checkPass:]+170>:	cmp	r1, #0

0x000c1618 <-[ViewController checkPass:]+172>:	beq.n	0xc16e2 <-[ViewController checkPass:]+374>

0x000c161a <-[ViewController checkPass:]+174>:	movs	r0, #0

0x000c161c <-[ViewController checkPass:]+176>:	movt	r0, #0	; 0x0

0x000c1620 <-[ViewController checkPass:]+180>:	add	r1, sp, #120

0x000c1622 <-[ViewController checkPass:]+182>:	movw	r2, #6670	; 0x1a0e

0x000c1626 <-[ViewController checkPass:]+186>:	movt	r2, #0	; 0x0

0x000c162a <-[ViewController checkPass:]+190>:	add	r2, pc

0x000c162c <-[ViewController checkPass:]+192>:	ldr	r2, [r2, #0]

0x000c162e <-[ViewController checkPass:]+194>:	mov	r3, r2

0x000c1630 <-[ViewController checkPass:]+196>:	movw	r9, #9116	; 0x239c

0x000c1634 <-[ViewController checkPass:]+200>:	movt	r9, #0	; 0x0

0x000c1638 <-[ViewController checkPass:]+204>:	add	r9, pc

0x000c163a <-[ViewController checkPass:]+206>:	movw	r12, #6686	; 0x1a1e

0x000c163e <-[ViewController checkPass:]+210>:	movt	r12, #0	; 0x0

0x000c1642 <-[ViewController checkPass:]+214>:	add	r12, pc

0x000c1644 <-[ViewController checkPass:]+216>:	movw	lr, #6692	; 0x1a24

0x000c1648 <-[ViewController checkPass:]+220>:	movt	lr, #0	; 0x0

0x000c164c <-[ViewController checkPass:]+224>:	add	lr, pc

0x000c164e <-[ViewController checkPass:]+226>:	movw	r4, #6698	; 0x1a2a

0x000c1652 <-[ViewController checkPass:]+230>:	movt	r4, #0	; 0x0

0x000c1656 <-[ViewController checkPass:]+234>:	add	r4, pc

0x000c1658 <-[ViewController checkPass:]+236>:	mov	r5, r2

0x000c165a <-[ViewController checkPass:]+238>:	movw	r6, #9070	; 0x236e

0x000c165e <-[ViewController checkPass:]+242>:	movt	r6, #0	; 0x0

0x000c1662 <-[ViewController checkPass:]+246>:	add	r6, pc

0x000c1664 <-[ViewController checkPass:]+248>:	movw	r8, #8964	; 0x2304

0x000c1668 <-[ViewController checkPass:]+252>:	movt	r8, #0	; 0x0

0x000c166c <-[ViewController checkPass:]+256>:	add	r8, pc

0x000c166e <-[ViewController checkPass:]+258>:	movw	r10, #9078	; 0x2376

0x000c1672 <-[ViewController checkPass:]+262>:	movt	r10, #0	; 0x0

0x000c1676 <-[ViewController checkPass:]+266>:	add	r10, pc

0x000c1678 <-[ViewController checkPass:]+268>:	ldr.w	r10, [r10]

0x000c167c <-[ViewController checkPass:]+272>:	ldr.w	r8, [r8]

0x000c1680 <-[ViewController checkPass:]+276>:	str	r0, [sp, #92]

0x000c1682 <-[ViewController checkPass:]+278>:	mov	r0, r10

0x000c1684 <-[ViewController checkPass:]+280>:	str	r1, [sp, #88]

0x000c1686 <-[ViewController checkPass:]+282>:	mov	r1, r8

0x000c1688 <-[ViewController checkPass:]+284>:	str	r4, [sp, #84]

0x000c168a <-[ViewController checkPass:]+286>:	str	r5, [sp, #80]

0x000c168c <-[ViewController checkPass:]+288>:	str	r6, [sp, #76]

0x000c168e <-[ViewController checkPass:]+290>:	str	r3, [sp, #72]

0x000c1690 <-[ViewController checkPass:]+292>:	str.w	r9, [sp, #68]

0x000c1694 <-[ViewController checkPass:]+296>:	str.w	r12, [sp, #64]

0x000c1698 <-[ViewController checkPass:]+300>:	str.w	lr, [sp, #60]

0x000c169c <-[ViewController checkPass:]+304>:	blx	r2

0x000c169e <-[ViewController checkPass:]+306>:	ldr	r1, [sp, #132]

0x000c16a0 <-[ViewController checkPass:]+308>:	ldr	r2, [sp, #76]

0x000c16a2 <-[ViewController checkPass:]+310>:	ldr	r3, [r2, #0]

0x000c16a4 <-[ViewController checkPass:]+312>:	str	r1, [sp, #56]

0x000c16a6 <-[ViewController checkPass:]+314>:	mov	r1, r3

0x000c16a8 <-[ViewController checkPass:]+316>:	ldr	r2, [sp, #64]

0x000c16aa <-[ViewController checkPass:]+318>:	ldr	r3, [sp, #60]

0x000c16ac <-[ViewController checkPass:]+320>:	ldr.w	r9, [sp, #56]

0x000c16b0 <-[ViewController checkPass:]+324>:	str.w	r9, [sp]

0x000c16b4 <-[ViewController checkPass:]+328>:	ldr.w	r12, [sp, #92]

0x000c16b8 <-[ViewController checkPass:]+332>:	str.w	r12, [sp, #4]

0x000c16bc <-[ViewController checkPass:]+336>:	ldr.w	lr, [sp, #84]

0x000c16c0 <-[ViewController checkPass:]+340>:	str.w	lr, [sp, #8]

0x000c16c4 <-[ViewController checkPass:]+344>:	str.w	r12, [sp, #12]

0x000c16c8 <-[ViewController checkPass:]+348>:	ldr	r4, [sp, #80]

0x000c16ca <-[ViewController checkPass:]+350>:	blx	r4

0x000c16cc <-[ViewController checkPass:]+352>:	str	r0, [sp, #120]

0x000c16ce <-[ViewController checkPass:]+354>:	ldr	r0, [sp, #120]

0x000c16d0 <-[ViewController checkPass:]+356>:	ldr	r1, [sp, #68]

0x000c16d2 <-[ViewController checkPass:]+358>:	ldr	r1, [r1, #0]

0x000c16d4 <-[ViewController checkPass:]+360>:	ldr	r2, [sp, #72]

0x000c16d6 <-[ViewController checkPass:]+362>:	blx	r2

0x000c16d8 <-[ViewController checkPass:]+364>:	ldr	r0, [sp, #88]

0x000c16da <-[ViewController checkPass:]+366>:	ldr	r1, [sp, #92]

0x000c16dc <-[ViewController checkPass:]+368>:	blx	0xc2fec <dyld_stub_objc_storeStrong>

0x000c16e0 <-[ViewController checkPass:]+372>:	b.n	0xc17a8 <-[ViewController checkPass:]+572>

0x000c16e2 <-[ViewController checkPass:]+374>:	movs	r0, #0

0x000c16e4 <-[ViewController checkPass:]+376>:	movt	r0, #0	; 0x0

0x000c16e8 <-[ViewController checkPass:]+380>:	add	r1, sp, #116

0x000c16ea <-[ViewController checkPass:]+382>:	movw	r2, #6470	; 0x1946

0x000c16ee <-[ViewController checkPass:]+386>:	movt	r2, #0	; 0x0

0x000c16f2 <-[ViewController checkPass:]+390>:	add	r2, pc

0x000c16f4 <-[ViewController checkPass:]+392>:	ldr	r2, [r2, #0]

0x000c16f6 <-[ViewController checkPass:]+394>:	mov	r3, r2

0x000c16f8 <-[ViewController checkPass:]+396>:	movw	r9, #8916	; 0x22d4

0x000c16fc <-[ViewController checkPass:]+400>:	movt	r9, #0	; 0x0

0x000c1700 <-[ViewController checkPass:]+404>:	add	r9, pc

0x000c1702 <-[ViewController checkPass:]+406>:	movw	r12, #6486	; 0x1956

0x000c1706 <-[ViewController checkPass:]+410>:	movt	r12, #0	; 0x0

0x000c170a <-[ViewController checkPass:]+414>:	add	r12, pc

0x000c170c <-[ViewController checkPass:]+416>:	movw	lr, #6524	; 0x197c

0x000c1710 <-[ViewController checkPass:]+420>:	movt	lr, #0	; 0x0

0x000c1714 <-[ViewController checkPass:]+424>:	add	lr, pc

0x000c1716 <-[ViewController checkPass:]+426>:	movw	r4, #6498	; 0x1962

0x000c171a <-[ViewController checkPass:]+430>:	movt	r4, #0	; 0x0

0x000c171e <-[ViewController checkPass:]+434>:	add	r4, pc

0x000c1720 <-[ViewController checkPass:]+436>:	mov	r5, r2

0x000c1722 <-[ViewController checkPass:]+438>:	movw	r6, #8870	; 0x22a6

0x000c1726 <-[ViewController checkPass:]+442>:	movt	r6, #0	; 0x0

0x000c172a <-[ViewController checkPass:]+446>:	add	r6, pc

0x000c172c <-[ViewController checkPass:]+448>:	movw	r8, #8764	; 0x223c

0x000c1730 <-[ViewController checkPass:]+452>:	movt	r8, #0	; 0x0

0x000c1734 <-[ViewController checkPass:]+456>:	add	r8, pc

0x000c1736 <-[ViewController checkPass:]+458>:	movw	r10, #8878	; 0x22ae

0x000c173a <-[ViewController checkPass:]+462>:	movt	r10, #0	; 0x0

0x000c173e <-[ViewController checkPass:]+466>:	add	r10, pc

0x000c1740 <-[ViewController checkPass:]+468>:	ldr.w	r10, [r10]

0x000c1744 <-[ViewController checkPass:]+472>:	ldr.w	r8, [r8]

0x000c1748 <-[ViewController checkPass:]+476>:	str	r0, [sp, #52]

0x000c174a <-[ViewController checkPass:]+478>:	mov	r0, r10

0x000c174c <-[ViewController checkPass:]+480>:	str	r1, [sp, #48]

0x000c174e <-[ViewController checkPass:]+482>:	mov	r1, r8

0x000c1750 <-[ViewController checkPass:]+484>:	str	r4, [sp, #44]

0x000c1752 <-[ViewController checkPass:]+486>:	str	r5, [sp, #40]

0x000c1754 <-[ViewController checkPass:]+488>:	str	r6, [sp, #36]

0x000c1756 <-[ViewController checkPass:]+490>:	str	r3, [sp, #32]

0x000c1758 <-[ViewController checkPass:]+492>:	str.w	r9, [sp, #28]

0x000c175c <-[ViewController checkPass:]+496>:	str.w	r12, [sp, #24]

0x000c1760 <-[ViewController checkPass:]+500>:	str.w	lr, [sp, #20]

0x000c1764 <-[ViewController checkPass:]+504>:	blx	r2

0x000c1766 <-[ViewController checkPass:]+506>:	ldr	r1, [sp, #132]

0x000c1768 <-[ViewController checkPass:]+508>:	ldr	r2, [sp, #36]

0x000c176a <-[ViewController checkPass:]+510>:	ldr	r3, [r2, #0]

0x000c176c <-[ViewController checkPass:]+512>:	str	r1, [sp, #16]

0x000c176e <-[ViewController checkPass:]+514>:	mov	r1, r3

0x000c1770 <-[ViewController checkPass:]+516>:	ldr	r2, [sp, #24]

0x000c1772 <-[ViewController checkPass:]+518>:	ldr	r3, [sp, #20]

0x000c1774 <-[ViewController checkPass:]+520>:	ldr.w	r9, [sp, #16]

0x000c1778 <-[ViewController checkPass:]+524>:	str.w	r9, [sp]

0x000c177c <-[ViewController checkPass:]+528>:	ldr.w	r12, [sp, #52]

0x000c1780 <-[ViewController checkPass:]+532>:	str.w	r12, [sp, #4]

0x000c1784 <-[ViewController checkPass:]+536>:	ldr.w	lr, [sp, #44]

0x000c1788 <-[ViewController checkPass:]+540>:	str.w	lr, [sp, #8]

0x000c178c <-[ViewController checkPass:]+544>:	str.w	r12, [sp, #12]

0x000c1790 <-[ViewController checkPass:]+548>:	ldr	r4, [sp, #40]

0x000c1792 <-[ViewController checkPass:]+550>:	blx	r4

0x000c1794 <-[ViewController checkPass:]+552>:	str	r0, [sp, #116]

0x000c1796 <-[ViewController checkPass:]+554>:	ldr	r0, [sp, #116]

0x000c1798 <-[ViewController checkPass:]+556>:	ldr	r1, [sp, #28]

0x000c179a <-[ViewController checkPass:]+558>:	ldr	r1, [r1, #0]

0x000c179c <-[ViewController checkPass:]+560>:	ldr	r2, [sp, #32]

0x000c179e <-[ViewController checkPass:]+562>:	blx	r2

0x000c17a0 <-[ViewController checkPass:]+564>:	ldr	r0, [sp, #48]

0x000c17a2 <-[ViewController checkPass:]+566>:	ldr	r1, [sp, #52]

0x000c17a4 <-[ViewController checkPass:]+568>:	blx	0xc2fec <dyld_stub_objc_storeStrong>

0x000c17a8 <-[ViewController checkPass:]+572>:	add	r0, sp, #124

0x000c17aa <-[ViewController checkPass:]+574>:	movs	r1, #0

0x000c17ac <-[ViewController checkPass:]+576>:	movt	r1, #0	; 0x0

0x000c17b0 <-[ViewController checkPass:]+580>:	blx	0xc2fec <dyld_stub_objc_storeStrong>

0x000c17b4 <-[ViewController checkPass:]+584>:	add	sp, #136

0x000c17b6 <-[ViewController checkPass:]+586>:	ldmia.w	sp!, {r8, r10}

0x000c17ba <-[ViewController checkPass:]+590>:	pop	{r4, r5, r6, r7, pc}

End of assembler dump.

(gdb) b *0x000c1606

Breakpoint 2 at 0xc1606

(gdb) c

Continuing.

Breakpoint 2, 0x000c1606 in -[ViewController checkPass:] ()

(gdb) po $r0

123456

(gdb) po $r1

0x3226c9af does not appear to point to a valid object.

(gdb) po $r2

<object returned empty description>

(gdb) po $r3

0x39baf621 does not appear to point to a valid object.

(gdb)

 在 0x000c1606下断点继续跑,断下之后可以看到r0寄存器中存放的是password

IOS CrackMe 破解学习的更多相关文章

  1. iOS开发如何学习前端(2)

    iOS开发如何学习前端(2) 上一篇成果如下. 实现的效果如下. 实现了一个横放的<ul>,也既iOS中的UITableView. 实现了当鼠标移动到列表中的某一个<li>,也 ...

  2. iOS开发如何学习前端(1)

    iOS开发如何学习前端(1) 我为何学前端?因为无聊. 概念 前端大概三大块. HTML CSS JavaScript 基本上每个概念在iOS中都有对应的.HTML请想象成只能拉Autolayout或 ...

  3. 移动开发iOS&Android对比学习--异步处理

    在移动开发里很多时候需要用到异步处理.Android的主线程如果等待超过一定时间的时候直接出现ANR(对不熟悉Android的朋友这里需要解释一下什么叫ANR.ANR就是Application Not ...

  4. 关于iOS开发的学习

    关于iOS开发的学习,打个比方就像把汽车分解:    最底层的原料有塑料,钢铁    再用这些底层的东西造出来发动机,座椅    最后再加上写螺丝,胶水等,把汽车就拼起来了 iOS基本都是英文的资料, ...

  5. iOS核心动画学习整理

    最近利用业余时间终于把iOS核心动画高级技巧(https://zsisme.gitbooks.io/ios-/content/chapter1/the-layer-tree.html)看完,对应其中一 ...

  6. iOS CoreData技术学习资源汇总

    一.CoreData学习指引 1. 苹果官方:Core Data Programming Guide 什么是CoreData? 创建托管对象模型 初始化Core Data堆栈 提取对象 创建和修改自定 ...

  7. IOS内存管理学习笔记

    内存管理作为iOS中非常重要的部分,每一个iOS开发者都应该深入了解iOS内存管理,最近在学习iOS中整理出了一些知识点,先从MRC开始说起. 1.当一个对象在创建之后它的引用计数器为1,当调用这个对 ...

  8. 关于 iOS 的一些学习资料

    iOS.Book.Effective Objective-C 2.0 1. 中文翻译版 (更新中) https://github.com/HagerHu/effective-objective-c-2 ...

  9. ios之runtime学习

    今天学习了一下ios的runtime,看了其他博主的博客写的很不错,自己就不班门弄斧了,仅在此转载: 1.关于oc中类和元类:http://husbandman.diandian.com/post/2 ...

随机推荐

  1. Freeplane中的自动边线颜色功能

    今天我将电脑上的Freeplane从1.3.11升级到了1.5.18.发现新版本已经没有了1.3.11中的菜单选项Format → “Automatic edge color”.搜索了一下才发现,该功 ...

  2. vultr新用户注册享受50美元优惠码,长期有效

    vultr vps服务器,我用了三年多,购买了几十台vps,性价比非常高. 近期,vutlr推出了最新优惠码DOMORE长期有效,新用户注册账号时候,可在付款方式界面输入这个优惠码,享受50美元余额, ...

  3. zabbix 布署实践【2 agent安装】

    客户端的安装相对较为简单,主要是更新它的repo源   以CentOS7为例 rpm -ivh http://repo.zabbix.com/zabbix/3.0/rhel/7/x86_64/zabb ...

  4. PAT乙级1001. 害死人不偿命的(3n+1)猜想 (15)

    卡拉兹(Callatz)猜想: 对任何一个自然数n,如果它是偶数,那么把它砍掉一半:如果它是奇数,那么把(3n+1)砍掉一半.这样一直反复砍下去,最后一定在某一步得到n=1.卡拉兹在1950年的世界数 ...

  5. Openwrt 初始化脚本

    Openwrt 使用自己的初始化脚本系统,所有的初始化脚本位于 /etc/init.d 目录下. 任何一个初始化脚本必须包含基本的 start() 和 stop() 函数.当系统启动或用户拉起对应的进 ...

  6. jetty启动https

    <Configure id="Server" class="org.eclipse.jetty.server.Server"> <!-- if ...

  7. nginx配置限制同一个ip的访问频率

    1.在nginx.conf里的http{}里加上如下代码: limit_conn_zone $binary_remote_addr zone=perip:10m; limit_conn_zone $s ...

  8. 删除和创建ms sql的分区文件

    今天测试ms sql 的表分区的时候,不小心搞错了分区的条件.然后我想重新做一次,操作流程如下(按顺序) 1:删除SCHEME DROP  PARTITION SCHEME TestSPScheme ...

  9. 【Python之路】第五篇--Python基础之杂货铺

    字符串格式化 Python的字符串格式化有两种方式: 百分号方式.format方式 百分号的方式相对来说比较老,而format方式则是比较先进的方式,企图替换古老的方式,目前两者并存. 1.百分号方式 ...

  10. 一个JQuery发送ajax请求

    环境: 1.jQuery v2.1.1 2.ThinkPHP 3.2.3 HTML页面: <button type="button" id="cat" o ...