一直在看别人如何破解一个app,下面自己也尝试着学习怎么去破解一个app的密码,下面是完整的过程。

准备工作:

  一台mac或者pc安装了ssh客户端

  一台越狱的iphone

  iphone上安装了openSSH

  iphone上安装了gdb,请注意是这个:https://code.google.com/p/apiexplorer/downloads/list

  iphone上安装了adv-cmds

1、编写CrackMe,并且编译到真机上面,因为我是越狱手机,所以不需要证书就能够真机调试,CrackMe的关键代码如下:

  

//

//  ViewController.m

//  CrackMe_1

//

//  Created by test on 15-4-8.

//  Copyright (c) 2015年 va. All rights reserved.

//

#import "ViewController.h"

@interface ViewController ()<UIAlertViewDelegate>

@property (nonatomic, strong) NSString *pass;

@property (nonatomic, strong) UITextField *passInputTextField;

@property (nonatomic, strong) UIButton *confirmButton;

@end

@implementation ViewController

- (void)viewDidLoad {

    [super viewDidLoad];

    _pass = @"123456";

    _passInputTextField = [[UITextField alloc] init];

    _passInputTextField.bounds = CGRectMake(0, 0, CGRectGetWidth(self.view.bounds), 30);

    _passInputTextField.center = CGPointMake(self.view.center.x, self.view.center.y - 80);

    _passInputTextField.layer.borderColor = [[UIColor blackColor] CGColor];

    _passInputTextField.layer.borderWidth = 2;

    [self.view addSubview:_passInputTextField];

    _confirmButton = [[UIButton alloc] initWithFrame:CGRectMake(0, CGRectGetMaxY(_passInputTextField.frame) + 20, CGRectGetWidth(self.view.bounds), 30)];

    [_confirmButton setTitle:@"确认" forState:UIControlStateNormal];

    [_confirmButton setTitleColor:[UIColor blackColor] forState:UIControlStateNormal];

    [_confirmButton addTarget:self action:@selector(checkPass:) forControlEvents:UIControlEventTouchUpInside];

    _confirmButton.backgroundColor = [UIColor whiteColor];

    [self.view addSubview:_confirmButton];

    self.view.backgroundColor = [UIColor greenColor];

}

- (void)checkPass:(id)sender

{

    if([_pass isEqualToString:_passInputTextField.text])

    {

        UIAlertView *alertView = [[UIAlertView alloc] initWithTitle:@"tips"

                                                            message:@"right"

                                                           delegate:self

                                                  cancelButtonTitle:nil

                                                  otherButtonTitles:@"确定", nil];

        [alertView show];

    }

    else

    {

        UIAlertView *alertView = [[UIAlertView alloc] initWithTitle:@"tips"

                                                            message:@"wrong"

                                                           delegate:self

                                                  cancelButtonTitle:nil

                                                  otherButtonTitles:@"确定", nil];

        [alertView show];

    }

}

- (void)didReceiveMemoryWarning {

    [super didReceiveMemoryWarning];

    // Dispose of any resources that can be recreated.

}

- (void)alertView:(UIAlertView *)alertView clickedButtonAtIndex:(NSInteger)buttonIndex

{

}

@end

假设写死了密码,123456;用户输入123456弹出right提示,其它弹出wrong提示

界面如下:

  

二、用Hopper反汇编二进制文件

这里使用的是mac,也可以使用windows上面的IDA替代

左边已经能够看到关键的方法,定位到checkPass这个方法,可以看到跳转之前有一个字符串比较的操作,相对的我们可以在GDB找到这一行代码,下上断点

userdeMacBook-Air:machO user$ ssh root@xxx.xxx.xxx.xxx

The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.

RSA key fingerprint is b1:b3:2a:5b:4c:55:7c:0d:4c:fa:7e:ee:b7:27:c0:73.

Are you sure you want to continue connecting (yes/no)? yes

Warning: Permanently added 'xxx.xxx.xxx.xxx' (RSA) to the list of known hosts.

root@xxx.xxx.xxx.xxx's password:

Permission denied, please try again.

root@xxx.xxx.xxx.xxx's password:

userde-iPhone:~ root# ps -ax|grep Crack

 3181 ??         0:00.52 /var/mobile/Applications/62B1E6C6-1AE8-43C7-B159-4D996BD57C49/CrackMe_1.app/CrackMe_1

 3199 ttys001    0:00.01 grep Crack

userde-iPhone:~ root# gdb -p 3181

GNU gdb 6.3.50-20050815 (Apple version gdb-1821) (Fri Jun 29 08:41:41 UTC 2012)

Copyright 2004 Free Software Foundation, Inc.

GDB is free software, covered by the GNU General Public License, and you are

welcome to change it and/or distribute copies of it under certain conditions.

Type "show copying" to see the conditions.

There is absolutely no warranty for GDB.  Type "show warranty" for details.

This GDB was configured as "arm-apple-darwin".

/private/var/root/3181: No such file or directory

Attaching to process 3181.

Reading symbols for shared libraries . done

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

Reading symbols for shared libraries

warning: Could not find object file "/Users/user/Library/Developer/Xcode/DerivedData/CrackMe_1-elcszaunecqvufebksjmisdqgltl/Build/Intermediates/CrackMe_1.build/Debug-iphoneos/CrackMe_1.build/Objects-normal/armv7/ViewController.o" - no debug information available for "ViewController.m".

warning: Could not find object file "/Users/user/Library/Developer/Xcode/DerivedData/CrackMe_1-elcszaunecqvufebksjmisdqgltl/Build/Intermediates/CrackMe_1.build/Debug-iphoneos/CrackMe_1.build/Objects-normal/armv7/AppDelegate.o" - no debug information available for "AppDelegate.m".

warning: Could not find object file "/Users/user/Library/Developer/Xcode/DerivedData/CrackMe_1-elcszaunecqvufebksjmisdqgltl/Build/Intermediates/CrackMe_1.build/Debug-iphoneos/CrackMe_1.build/Objects-normal/armv7/main.o" - no debug information available for "main.m".

............................................................................................................................................................ done

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

bfd_mach_o_scan: unknown architecture 0x100000c/0x0

Reading symbols for shared libraries + done

0x3a147a50 in mach_msg_trap ()

(gdb) b -[ViewController checkPass:]

Breakpoint 1 at 0xc1576

(gdb) c

Continuing.

Breakpoint 1, 0x000c1576 in -[ViewController checkPass:] ()

(gdb) disas

Dump of assembler code for function -[ViewController checkPass:]:

0x000c156c <-[ViewController checkPass:]+0>:	push	{r4, r5, r6, r7, lr}

0x000c156e <-[ViewController checkPass:]+2>:	add	r7, sp, #12

0x000c1570 <-[ViewController checkPass:]+4>:	stmdb	sp!, {r8, r10}

0x000c1574 <-[ViewController checkPass:]+8>:	sub	sp, #136

0x000c1576 <-[ViewController checkPass:]+10>:	add	r3, sp, #124

0x000c1578 <-[ViewController checkPass:]+12>:	movw	r9, #0	; 0x0

0x000c157c <-[ViewController checkPass:]+16>:	movt	r9, #0	; 0x0

0x000c1580 <-[ViewController checkPass:]+20>:	str	r0, [sp, #132]

0x000c1582 <-[ViewController checkPass:]+22>:	str	r1, [sp, #128]

0x000c1584 <-[ViewController checkPass:]+24>:	str.w	r9, [sp, #124]

0x000c1588 <-[ViewController checkPass:]+28>:	mov	r0, r3

0x000c158a <-[ViewController checkPass:]+30>:	mov	r1, r2

0x000c158c <-[ViewController checkPass:]+32>:	blx	0xc2fec <dyld_stub_objc_storeStrong>

0x000c1590 <-[ViewController checkPass:]+36>:	movw	r0, #6816	; 0x1aa0

0x000c1594 <-[ViewController checkPass:]+40>:	movt	r0, #0	; 0x0

0x000c1598 <-[ViewController checkPass:]+44>:	add	r0, pc

0x000c159a <-[ViewController checkPass:]+46>:	ldr	r0, [r0, #0]

0x000c159c <-[ViewController checkPass:]+48>:	movw	r1, #9252	; 0x2424

0x000c15a0 <-[ViewController checkPass:]+52>:	movt	r1, #0	; 0x0

0x000c15a4 <-[ViewController checkPass:]+56>:	add	r1, pc

0x000c15a6 <-[ViewController checkPass:]+58>:	movw	r2, #9294	; 0x244e

0x000c15aa <-[ViewController checkPass:]+62>:	movt	r2, #0	; 0x0

0x000c15ae <-[ViewController checkPass:]+66>:	add	r2, pc

0x000c15b0 <-[ViewController checkPass:]+68>:	movw	r3, #9280	; 0x2440

0x000c15b4 <-[ViewController checkPass:]+72>:	movt	r3, #0	; 0x0

0x000c15b8 <-[ViewController checkPass:]+76>:	add	r3, pc

0x000c15ba <-[ViewController checkPass:]+78>:	ldr.w	r9, [sp, #132]

0x000c15be <-[ViewController checkPass:]+82>:	ldr	r3, [r3, #0]

0x000c15c0 <-[ViewController checkPass:]+84>:	add	r3, r9

0x000c15c2 <-[ViewController checkPass:]+86>:	ldr	r3, [r3, #0]

0x000c15c4 <-[ViewController checkPass:]+88>:	ldr.w	r9, [sp, #132]

0x000c15c8 <-[ViewController checkPass:]+92>:	ldr	r2, [r2, #0]

0x000c15ca <-[ViewController checkPass:]+94>:	add	r2, r9

0x000c15cc <-[ViewController checkPass:]+96>:	ldr	r2, [r2, #0]

0x000c15ce <-[ViewController checkPass:]+98>:	ldr	r1, [r1, #0]

0x000c15d0 <-[ViewController checkPass:]+100>:	str	r0, [sp, #112]

0x000c15d2 <-[ViewController checkPass:]+102>:	mov	r0, r2

0x000c15d4 <-[ViewController checkPass:]+104>:	ldr	r2, [sp, #112]

0x000c15d6 <-[ViewController checkPass:]+106>:	str	r3, [sp, #108]

0x000c15d8 <-[ViewController checkPass:]+108>:	blx	r2

0x000c15da <-[ViewController checkPass:]+110>:	mov	r7, r7

0x000c15dc <-[ViewController checkPass:]+112>:	blx	0xc2fe8 <dyld_stub_objc_retainAutoreleasedReturnValue>

0x000c15e0 <-[ViewController checkPass:]+116>:	movw	r1, #6736	; 0x1a50

0x000c15e4 <-[ViewController checkPass:]+120>:	movt	r1, #0	; 0x0

0x000c15e8 <-[ViewController checkPass:]+124>:	add	r1, pc

0x000c15ea <-[ViewController checkPass:]+126>:	ldr	r1, [r1, #0]

0x000c15ec <-[ViewController checkPass:]+128>:	movw	r2, #9176	; 0x23d8

0x000c15f0 <-[ViewController checkPass:]+132>:	movt	r2, #0	; 0x0

0x000c15f4 <-[ViewController checkPass:]+136>:	add	r2, pc

0x000c15f6 <-[ViewController checkPass:]+138>:	ldr	r2, [r2, #0]

0x000c15f8 <-[ViewController checkPass:]+140>:	ldr	r3, [sp, #108]

0x000c15fa <-[ViewController checkPass:]+142>:	str	r0, [sp, #104]

0x000c15fc <-[ViewController checkPass:]+144>:	mov	r0, r3

0x000c15fe <-[ViewController checkPass:]+146>:	str	r1, [sp, #100]

0x000c1600 <-[ViewController checkPass:]+148>:	mov	r1, r2

0x000c1602 <-[ViewController checkPass:]+150>:	ldr	r2, [sp, #104]

0x000c1604 <-[ViewController checkPass:]+152>:	ldr	r3, [sp, #100]

0x000c1606 <-[ViewController checkPass:]+154>:	blx	r3

0x000c1608 <-[ViewController checkPass:]+156>:	ldr	r1, [sp, #104]

0x000c160a <-[ViewController checkPass:]+158>:	str	r0, [sp, #96]

0x000c160c <-[ViewController checkPass:]+160>:	mov	r0, r1

0x000c160e <-[ViewController checkPass:]+162>:	blx	0xc2fe0 <dyld_stub_objc_release>

0x000c1612 <-[ViewController checkPass:]+166>:	ldr	r0, [sp, #96]

0x000c1614 <-[ViewController checkPass:]+168>:	sxtb	r1, r0

0x000c1616 <-[ViewController checkPass:]+170>:	cmp	r1, #0

0x000c1618 <-[ViewController checkPass:]+172>:	beq.n	0xc16e2 <-[ViewController checkPass:]+374>

0x000c161a <-[ViewController checkPass:]+174>:	movs	r0, #0

0x000c161c <-[ViewController checkPass:]+176>:	movt	r0, #0	; 0x0

0x000c1620 <-[ViewController checkPass:]+180>:	add	r1, sp, #120

0x000c1622 <-[ViewController checkPass:]+182>:	movw	r2, #6670	; 0x1a0e

0x000c1626 <-[ViewController checkPass:]+186>:	movt	r2, #0	; 0x0

0x000c162a <-[ViewController checkPass:]+190>:	add	r2, pc

0x000c162c <-[ViewController checkPass:]+192>:	ldr	r2, [r2, #0]

0x000c162e <-[ViewController checkPass:]+194>:	mov	r3, r2

0x000c1630 <-[ViewController checkPass:]+196>:	movw	r9, #9116	; 0x239c

0x000c1634 <-[ViewController checkPass:]+200>:	movt	r9, #0	; 0x0

0x000c1638 <-[ViewController checkPass:]+204>:	add	r9, pc

0x000c163a <-[ViewController checkPass:]+206>:	movw	r12, #6686	; 0x1a1e

0x000c163e <-[ViewController checkPass:]+210>:	movt	r12, #0	; 0x0

0x000c1642 <-[ViewController checkPass:]+214>:	add	r12, pc

0x000c1644 <-[ViewController checkPass:]+216>:	movw	lr, #6692	; 0x1a24

0x000c1648 <-[ViewController checkPass:]+220>:	movt	lr, #0	; 0x0

0x000c164c <-[ViewController checkPass:]+224>:	add	lr, pc

0x000c164e <-[ViewController checkPass:]+226>:	movw	r4, #6698	; 0x1a2a

0x000c1652 <-[ViewController checkPass:]+230>:	movt	r4, #0	; 0x0

0x000c1656 <-[ViewController checkPass:]+234>:	add	r4, pc

0x000c1658 <-[ViewController checkPass:]+236>:	mov	r5, r2

0x000c165a <-[ViewController checkPass:]+238>:	movw	r6, #9070	; 0x236e

0x000c165e <-[ViewController checkPass:]+242>:	movt	r6, #0	; 0x0

0x000c1662 <-[ViewController checkPass:]+246>:	add	r6, pc

0x000c1664 <-[ViewController checkPass:]+248>:	movw	r8, #8964	; 0x2304

0x000c1668 <-[ViewController checkPass:]+252>:	movt	r8, #0	; 0x0

0x000c166c <-[ViewController checkPass:]+256>:	add	r8, pc

0x000c166e <-[ViewController checkPass:]+258>:	movw	r10, #9078	; 0x2376

0x000c1672 <-[ViewController checkPass:]+262>:	movt	r10, #0	; 0x0

0x000c1676 <-[ViewController checkPass:]+266>:	add	r10, pc

0x000c1678 <-[ViewController checkPass:]+268>:	ldr.w	r10, [r10]

0x000c167c <-[ViewController checkPass:]+272>:	ldr.w	r8, [r8]

0x000c1680 <-[ViewController checkPass:]+276>:	str	r0, [sp, #92]

0x000c1682 <-[ViewController checkPass:]+278>:	mov	r0, r10

0x000c1684 <-[ViewController checkPass:]+280>:	str	r1, [sp, #88]

0x000c1686 <-[ViewController checkPass:]+282>:	mov	r1, r8

0x000c1688 <-[ViewController checkPass:]+284>:	str	r4, [sp, #84]

0x000c168a <-[ViewController checkPass:]+286>:	str	r5, [sp, #80]

0x000c168c <-[ViewController checkPass:]+288>:	str	r6, [sp, #76]

0x000c168e <-[ViewController checkPass:]+290>:	str	r3, [sp, #72]

0x000c1690 <-[ViewController checkPass:]+292>:	str.w	r9, [sp, #68]

0x000c1694 <-[ViewController checkPass:]+296>:	str.w	r12, [sp, #64]

0x000c1698 <-[ViewController checkPass:]+300>:	str.w	lr, [sp, #60]

0x000c169c <-[ViewController checkPass:]+304>:	blx	r2

0x000c169e <-[ViewController checkPass:]+306>:	ldr	r1, [sp, #132]

0x000c16a0 <-[ViewController checkPass:]+308>:	ldr	r2, [sp, #76]

0x000c16a2 <-[ViewController checkPass:]+310>:	ldr	r3, [r2, #0]

0x000c16a4 <-[ViewController checkPass:]+312>:	str	r1, [sp, #56]

0x000c16a6 <-[ViewController checkPass:]+314>:	mov	r1, r3

0x000c16a8 <-[ViewController checkPass:]+316>:	ldr	r2, [sp, #64]

0x000c16aa <-[ViewController checkPass:]+318>:	ldr	r3, [sp, #60]

0x000c16ac <-[ViewController checkPass:]+320>:	ldr.w	r9, [sp, #56]

0x000c16b0 <-[ViewController checkPass:]+324>:	str.w	r9, [sp]

0x000c16b4 <-[ViewController checkPass:]+328>:	ldr.w	r12, [sp, #92]

0x000c16b8 <-[ViewController checkPass:]+332>:	str.w	r12, [sp, #4]

0x000c16bc <-[ViewController checkPass:]+336>:	ldr.w	lr, [sp, #84]

0x000c16c0 <-[ViewController checkPass:]+340>:	str.w	lr, [sp, #8]

0x000c16c4 <-[ViewController checkPass:]+344>:	str.w	r12, [sp, #12]

0x000c16c8 <-[ViewController checkPass:]+348>:	ldr	r4, [sp, #80]

0x000c16ca <-[ViewController checkPass:]+350>:	blx	r4

0x000c16cc <-[ViewController checkPass:]+352>:	str	r0, [sp, #120]

0x000c16ce <-[ViewController checkPass:]+354>:	ldr	r0, [sp, #120]

0x000c16d0 <-[ViewController checkPass:]+356>:	ldr	r1, [sp, #68]

0x000c16d2 <-[ViewController checkPass:]+358>:	ldr	r1, [r1, #0]

0x000c16d4 <-[ViewController checkPass:]+360>:	ldr	r2, [sp, #72]

0x000c16d6 <-[ViewController checkPass:]+362>:	blx	r2

0x000c16d8 <-[ViewController checkPass:]+364>:	ldr	r0, [sp, #88]

0x000c16da <-[ViewController checkPass:]+366>:	ldr	r1, [sp, #92]

0x000c16dc <-[ViewController checkPass:]+368>:	blx	0xc2fec <dyld_stub_objc_storeStrong>

0x000c16e0 <-[ViewController checkPass:]+372>:	b.n	0xc17a8 <-[ViewController checkPass:]+572>

0x000c16e2 <-[ViewController checkPass:]+374>:	movs	r0, #0

0x000c16e4 <-[ViewController checkPass:]+376>:	movt	r0, #0	; 0x0

0x000c16e8 <-[ViewController checkPass:]+380>:	add	r1, sp, #116

0x000c16ea <-[ViewController checkPass:]+382>:	movw	r2, #6470	; 0x1946

0x000c16ee <-[ViewController checkPass:]+386>:	movt	r2, #0	; 0x0

0x000c16f2 <-[ViewController checkPass:]+390>:	add	r2, pc

0x000c16f4 <-[ViewController checkPass:]+392>:	ldr	r2, [r2, #0]

0x000c16f6 <-[ViewController checkPass:]+394>:	mov	r3, r2

0x000c16f8 <-[ViewController checkPass:]+396>:	movw	r9, #8916	; 0x22d4

0x000c16fc <-[ViewController checkPass:]+400>:	movt	r9, #0	; 0x0

0x000c1700 <-[ViewController checkPass:]+404>:	add	r9, pc

0x000c1702 <-[ViewController checkPass:]+406>:	movw	r12, #6486	; 0x1956

0x000c1706 <-[ViewController checkPass:]+410>:	movt	r12, #0	; 0x0

0x000c170a <-[ViewController checkPass:]+414>:	add	r12, pc

0x000c170c <-[ViewController checkPass:]+416>:	movw	lr, #6524	; 0x197c

0x000c1710 <-[ViewController checkPass:]+420>:	movt	lr, #0	; 0x0

0x000c1714 <-[ViewController checkPass:]+424>:	add	lr, pc

0x000c1716 <-[ViewController checkPass:]+426>:	movw	r4, #6498	; 0x1962

0x000c171a <-[ViewController checkPass:]+430>:	movt	r4, #0	; 0x0

0x000c171e <-[ViewController checkPass:]+434>:	add	r4, pc

0x000c1720 <-[ViewController checkPass:]+436>:	mov	r5, r2

0x000c1722 <-[ViewController checkPass:]+438>:	movw	r6, #8870	; 0x22a6

0x000c1726 <-[ViewController checkPass:]+442>:	movt	r6, #0	; 0x0

0x000c172a <-[ViewController checkPass:]+446>:	add	r6, pc

0x000c172c <-[ViewController checkPass:]+448>:	movw	r8, #8764	; 0x223c

0x000c1730 <-[ViewController checkPass:]+452>:	movt	r8, #0	; 0x0

0x000c1734 <-[ViewController checkPass:]+456>:	add	r8, pc

0x000c1736 <-[ViewController checkPass:]+458>:	movw	r10, #8878	; 0x22ae

0x000c173a <-[ViewController checkPass:]+462>:	movt	r10, #0	; 0x0

0x000c173e <-[ViewController checkPass:]+466>:	add	r10, pc

0x000c1740 <-[ViewController checkPass:]+468>:	ldr.w	r10, [r10]

0x000c1744 <-[ViewController checkPass:]+472>:	ldr.w	r8, [r8]

0x000c1748 <-[ViewController checkPass:]+476>:	str	r0, [sp, #52]

0x000c174a <-[ViewController checkPass:]+478>:	mov	r0, r10

0x000c174c <-[ViewController checkPass:]+480>:	str	r1, [sp, #48]

0x000c174e <-[ViewController checkPass:]+482>:	mov	r1, r8

0x000c1750 <-[ViewController checkPass:]+484>:	str	r4, [sp, #44]

0x000c1752 <-[ViewController checkPass:]+486>:	str	r5, [sp, #40]

0x000c1754 <-[ViewController checkPass:]+488>:	str	r6, [sp, #36]

0x000c1756 <-[ViewController checkPass:]+490>:	str	r3, [sp, #32]

0x000c1758 <-[ViewController checkPass:]+492>:	str.w	r9, [sp, #28]

0x000c175c <-[ViewController checkPass:]+496>:	str.w	r12, [sp, #24]

0x000c1760 <-[ViewController checkPass:]+500>:	str.w	lr, [sp, #20]

0x000c1764 <-[ViewController checkPass:]+504>:	blx	r2

0x000c1766 <-[ViewController checkPass:]+506>:	ldr	r1, [sp, #132]

0x000c1768 <-[ViewController checkPass:]+508>:	ldr	r2, [sp, #36]

0x000c176a <-[ViewController checkPass:]+510>:	ldr	r3, [r2, #0]

0x000c176c <-[ViewController checkPass:]+512>:	str	r1, [sp, #16]

0x000c176e <-[ViewController checkPass:]+514>:	mov	r1, r3

0x000c1770 <-[ViewController checkPass:]+516>:	ldr	r2, [sp, #24]

0x000c1772 <-[ViewController checkPass:]+518>:	ldr	r3, [sp, #20]

0x000c1774 <-[ViewController checkPass:]+520>:	ldr.w	r9, [sp, #16]

0x000c1778 <-[ViewController checkPass:]+524>:	str.w	r9, [sp]

0x000c177c <-[ViewController checkPass:]+528>:	ldr.w	r12, [sp, #52]

0x000c1780 <-[ViewController checkPass:]+532>:	str.w	r12, [sp, #4]

0x000c1784 <-[ViewController checkPass:]+536>:	ldr.w	lr, [sp, #44]

0x000c1788 <-[ViewController checkPass:]+540>:	str.w	lr, [sp, #8]

0x000c178c <-[ViewController checkPass:]+544>:	str.w	r12, [sp, #12]

0x000c1790 <-[ViewController checkPass:]+548>:	ldr	r4, [sp, #40]

0x000c1792 <-[ViewController checkPass:]+550>:	blx	r4

0x000c1794 <-[ViewController checkPass:]+552>:	str	r0, [sp, #116]

0x000c1796 <-[ViewController checkPass:]+554>:	ldr	r0, [sp, #116]

0x000c1798 <-[ViewController checkPass:]+556>:	ldr	r1, [sp, #28]

0x000c179a <-[ViewController checkPass:]+558>:	ldr	r1, [r1, #0]

0x000c179c <-[ViewController checkPass:]+560>:	ldr	r2, [sp, #32]

0x000c179e <-[ViewController checkPass:]+562>:	blx	r2

0x000c17a0 <-[ViewController checkPass:]+564>:	ldr	r0, [sp, #48]

0x000c17a2 <-[ViewController checkPass:]+566>:	ldr	r1, [sp, #52]

0x000c17a4 <-[ViewController checkPass:]+568>:	blx	0xc2fec <dyld_stub_objc_storeStrong>

0x000c17a8 <-[ViewController checkPass:]+572>:	add	r0, sp, #124

0x000c17aa <-[ViewController checkPass:]+574>:	movs	r1, #0

0x000c17ac <-[ViewController checkPass:]+576>:	movt	r1, #0	; 0x0

0x000c17b0 <-[ViewController checkPass:]+580>:	blx	0xc2fec <dyld_stub_objc_storeStrong>

0x000c17b4 <-[ViewController checkPass:]+584>:	add	sp, #136

0x000c17b6 <-[ViewController checkPass:]+586>:	ldmia.w	sp!, {r8, r10}

0x000c17ba <-[ViewController checkPass:]+590>:	pop	{r4, r5, r6, r7, pc}

End of assembler dump.

(gdb) b *0x000c1606

Breakpoint 2 at 0xc1606

(gdb) c

Continuing.

Breakpoint 2, 0x000c1606 in -[ViewController checkPass:] ()

(gdb) po $r0

123456

(gdb) po $r1

0x3226c9af does not appear to point to a valid object.

(gdb) po $r2

<object returned empty description>

(gdb) po $r3

0x39baf621 does not appear to point to a valid object.

(gdb)

 在 0x000c1606下断点继续跑,断下之后可以看到r0寄存器中存放的是password

IOS CrackMe 破解学习的更多相关文章

  1. iOS开发如何学习前端(2)

    iOS开发如何学习前端(2) 上一篇成果如下. 实现的效果如下. 实现了一个横放的<ul>,也既iOS中的UITableView. 实现了当鼠标移动到列表中的某一个<li>,也 ...

  2. iOS开发如何学习前端(1)

    iOS开发如何学习前端(1) 我为何学前端?因为无聊. 概念 前端大概三大块. HTML CSS JavaScript 基本上每个概念在iOS中都有对应的.HTML请想象成只能拉Autolayout或 ...

  3. 移动开发iOS&Android对比学习--异步处理

    在移动开发里很多时候需要用到异步处理.Android的主线程如果等待超过一定时间的时候直接出现ANR(对不熟悉Android的朋友这里需要解释一下什么叫ANR.ANR就是Application Not ...

  4. 关于iOS开发的学习

    关于iOS开发的学习,打个比方就像把汽车分解:    最底层的原料有塑料,钢铁    再用这些底层的东西造出来发动机,座椅    最后再加上写螺丝,胶水等,把汽车就拼起来了 iOS基本都是英文的资料, ...

  5. iOS核心动画学习整理

    最近利用业余时间终于把iOS核心动画高级技巧(https://zsisme.gitbooks.io/ios-/content/chapter1/the-layer-tree.html)看完,对应其中一 ...

  6. iOS CoreData技术学习资源汇总

    一.CoreData学习指引 1. 苹果官方:Core Data Programming Guide 什么是CoreData? 创建托管对象模型 初始化Core Data堆栈 提取对象 创建和修改自定 ...

  7. IOS内存管理学习笔记

    内存管理作为iOS中非常重要的部分,每一个iOS开发者都应该深入了解iOS内存管理,最近在学习iOS中整理出了一些知识点,先从MRC开始说起. 1.当一个对象在创建之后它的引用计数器为1,当调用这个对 ...

  8. 关于 iOS 的一些学习资料

    iOS.Book.Effective Objective-C 2.0 1. 中文翻译版 (更新中) https://github.com/HagerHu/effective-objective-c-2 ...

  9. ios之runtime学习

    今天学习了一下ios的runtime,看了其他博主的博客写的很不错,自己就不班门弄斧了,仅在此转载: 1.关于oc中类和元类:http://husbandman.diandian.com/post/2 ...

随机推荐

  1. qsort()函数(C)

    qsort包含在<stdlib.h>头文件中,此函数根据你给的比较条件进行快速排序,通过指针移动实现排序.排序之后的结果仍然放在原数组中.使用qsort函数必须自己写一个比较函数. 函数原 ...

  2. 从源码Build vim以及打包.deb

    How to build vim 1. Build步骤 git clone --depth https://github.com/vim/vim.git # download the source c ...

  3. java 包 修饰符 权限详解

    作用域   当前类    同package   子孙类 其他package  public √   √  √ √  protected √ √ √ ×  friendly(default) √ √ × ...

  4. maven初步入门demo

    Maven是跨平台的项目管理工具.作为Apache组织中的一个颇为成功的开源项目,主要服务于基于java平台的项目构建.依赖管理和项目信息管理. maven本身使用java开发而成,所以使用前确保电脑 ...

  5. SQL总结之增删改查

      SQL语句增删改查(总结) 一.增:有2种方法 1.使用insert插入单行数据: 语法:insert [into] <表名> [列名] values <列值> 例:ins ...

  6. Spring MVC中页面向后台传值的几种方式

    在学习 Spring Mvc 过程中,有必要来先了解几个关键参数:   @Controller:         在类上注解,则此类将编程一个控制器,在项目启动 Spring 将自动扫描此类,并进行对 ...

  7. XTU 1252 Defense Tower

    $2016$长城信息杯中国大学生程序设计竞赛中南邀请赛$J$题 贪心. 优先删除$power$大的点. #pragma comment(linker, "/STACK:1024000000, ...

  8. hdu1031

    #include <cstdio> #include <cstdlib> struct element{ int id; double sa; }e[10000]; int c ...

  9. 相机标定 matlab opencv ROS三种方法标定步骤(3)

    三 ,  ROS 环境下 如何进行相机标定 刚开始做到的时候遇到一些问题没有记录下来,现在回头写的时候都是没有错误的结果了,首先使用ROS标定相机, 要知道如何查看节点之间的流程图  rosrun r ...

  10. 系统自动生成ID(比UUID.radom().tostring()要好看)

    public class test1 { public static void main(String[] args) { char[] para = {'A','B','C','D','E','F' ...