持续创作,加速成长!这是我参与「掘金日新计划 · 10 月更文挑战」的第20天,点击查看活动详情
前言
usbmuxd的应用场景举例
- 通过USB方式SSH到iOS越狱设备
- 端口转发
I usbmuxd的应用场景举例
应用场景1: 通过USB连接 来使用SSH到iOS设备
把本地2222端口转发到iOS的22端口
alias relay22='python ~/Downloads/kevin-software/ios-Reverse_Engineering/usbmuxd-1.0.8\ 2/python-client/tcprelay.py -t 22:2222'
alias sshusb='ssh root@localhost -p 2222'
应用场景2: debugserver的开启与LLDB的连接]
iPhone:/usr/bin root# debugserver *:12345 -a "WeChat"
debugserver-@(#)PROGRAM:debugserver PROJECT:debugserver-320.2.89
for armv7.
Attaching to process WeChat...
Listening to port 12345 for a connection from *...
把本地12345端口转发到iOS的12345端口
alias relay12345='python ~/Downloads/kevin-software/ios-Reverse_Engineering/usbmuxd-1.0.8\ 2/python-client/tcprelay.py -t 12345:12345'
devzkndeMacBook-Pro:~ devzkn$ lldb
(lldb) process connect connect://localhost:12345
Process 7291 stopped
II 使用步骤
- usbmuxd-1.0.8 :通过USB方式SSH到iOS设备, 使用python-client 目录下的两个文件即可。
/Users/devzkn/Downloads/kevin-software/ios-Reverse_Engineering/usbmuxd-1.0.8 2/python-client
查看tcprelay.py用法
python tcprelay.py –help
2.1 安装
brew install usbmuxd
你也可以下载源码,修改文件的执行权限即可
2.2 修改权限
devzkndeMacBook-Pro:python-client devzkn$ ls -l
total 56
-rw-r--r-- 1 devzkn staff 4192 Apr 8 2012 tcprelay.py
-rw-r--r-- 1 devzkn staff 7974 Apr 8 2012 usbmux.py
-rw-r--r-- 1 devzkn staff 11818 Oct 17 15:52 usbmux.pyc
devzkndeMacBook-Pro:python-client devzkn$ chmod +x tcprelay.py
devzkndeMacBook-Pro:python-client devzkn$ ls -l
total 56
-rwxr-xr-x 1 devzkn staff 4192 Apr 8 2012 tcprelay.py
-rw-r--r-- 1 devzkn staff 7974 Apr 8 2012 usbmux.py
-rw-r--r-- 1 devzkn staff 11818 Oct 17 15:52 usbmux.pyc
2.3 使用tcprelay.py进行端口转发
devzkndeMacBook-Pro:python-client devzkn$ python tcprelay.py -t 22:2222
Forwarding local port 2222 to remote port 22
Incoming connection to 2222
Waiting for devices...
Connecting to device <MuxDevice: ID 30 ProdID 0x12a8 Serial 'fa6770acd2e0625c36a6f2a6c402e454bb0fdd96' Location 0x14220000>
Connection established, relaying data
高版本的usbMuxd是使用iproxy进行端口转发: iproxy 2222 22
2.4 连接iPhone
使用快捷键,control+t 打开新的终端窗口,使用ssh root@localhost -p 2222进行连接即可
Last login: Tue Oct 17 15:59:22 on ttys005
devzkndeMacBook-Pro:python-client devzkn$ ssh root@localhost -p 2222
The authenticity of host '[localhost]:2222 ([127.0.0.1]:2222)' can't be established.
RSA key fingerprint is SHA256:hdg7rpLlaoVG6lTeurZ8Nn+wdCLhA3NXI1vruiotiKc.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '[localhost]:2222' (RSA) to the list of known hosts.
root@localhost's password:
iPhone:~ root#
III 常见问题
socket.gaierror: [Errno 8] nodename nor servname provided, or not known
因为hosts 没有配置
127.0.0.1 localhost
3.1 配置config
devzkndeMacBook-Pro:.ssh devzkn$ ssh localhost -p 2222
# Private localhost
Host localhost
HostName localhost
User root
IdentityFile ~/.ssh/id_rsa_Theos125
3.2 设置命令别名
devzkndeMacBook-Pro:~ devzkn$ open -e .bash_profile
alias relay22='python ~/Downloads/kevin-software/ios-Reverse_Engineering/usbmuxd-1.0.8\ 2/python-client/tcprelay.py -t 22:2222'
alias nic='/opt/theos/bin/nic.pl'
alias sshiphone='ssh localhost -p 2222'
alias sshusb='ssh root@localhost -p 2222'
devzkndeMacBook-Pro:~ devzkn$ source .bash_profile
devzkndeMacBook-Pro:~ devzkn$ sshusb
see also
公众号:iOS逆向
