Decrypt &Dump不会对Extension进行解密

Lakr233 / iOSreExtension

A fast and elegant extension for VSCode used for iOSre projects.

Apache License 2.0

153 stars 19 forks source link

Decrypt &Dump不会对Extension进行解密 #1

Closed ljh740 closed 4 years ago

ljh740 commented 4 years ago

在Extension 里面的文件 cryptid 1

Lakr233 commented 4 years ago

会解密的啊脚本是frida-iOS-dump的集成

ljh740 commented 4 years ago

Quantumult.zip 样本 PlugIns/Quantumult Network Extension.appex/Quantumult Network Extension otool -l Quantumult\ Network\ Extension.appex/Quantumult\ Network\ Extension |grep "cmd LC_ENCRYPTION_INFO" -A 4 cmd LC_ENCRYPTION_INFO_64 cmdsize 24 cryptoff 16384 cryptsize 1589248

Lakr233 commented 4 years ago

我瞅瞅

Lakr233 commented 4 years ago

Fixed in b6d314163ae5df1461708d577263ba8a3146c395

make sure to npm install -g bagbak