iOS逆向篇——登录iPhone

Mac登录到iPhone是通过SSH(Secure Shell) 协议进行登录, OpenSSH是SSH协议的免费开源实现，可以通过OpenSSH的方式让Mac利用Terminal终端远程登录到iPhone。越狱后的手机默认是安装了OpenSSH

---

1.Wi-Fi远程登录

ssh密码默认为: alpine

ssh root@192.168.2.126

The authenticity of host '192.168.2.126 (192.168.2.126)' can't be established.
RSA key fingerprint is SHA256:mYEKiLSkAfGOzNJFaX1ueMe2t7N8oLBEPN+Th5A4ElY.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.168.2.126' (RSA) to the list of known hosts.
root@192.168.2.126's password: 
i-57:~ root# 

• SSH免密登录

  • 1.生成SSH秘钥

    首先输入如下命令生成一对密钥，中间要输入保存的路径和设置密码时，都按回车即可

ssh-keygen
Generating public/private rsa key pair.
Enter file in which to save the key (/Users/luckyblue/.ssh/id_rsa): 
Enter passphrase (empty for no passphrase): 
Enter same passphrase again: 
Your identification has been saved in /Users/luckyblue/.ssh/id_rsa.
Your public key has been saved in /Users/luckyblue/.ssh/id_rsa.pub.
The key fingerprint is:
SHA256:+f1BToWWDAYrZ9+CHun+4mG+uYiFWgI+VAFI0nQJRdg luckyblue@LuckydeAir.lan
The key's randomart image is:
+---[RSA 2048]----+
|o=+B=.    ..o    |
|o o.E.     o o o |
|    .   . +   = .|
|   .     = + o . |
|  o     S + o +  |
| o .   . + o =   |
|  o . o . * . o  |
|   . + o =.o . . |
|    . . ..B=. .  |
+----[SHA256]-----+

检查是否生成成功，看到如下即已经得到了私钥、公钥

cd ~/.ssh
ls
id_rsa		id_rsa.pub	known_hosts

• 2.将公钥给Server端（iPhone）

  中间输入的是ssh登录的密码alpine

ssh-copy-id root@192.168.2.126
/usr/bin/ssh-copy-id: INFO: Source of key(s) to be installed: "/Users/luckyblue/.ssh/id_rsa.pub"
/usr/bin/ssh-copy-id: INFO: attempting to log in with the new key(s), to filter out any that are already installed
/usr/bin/ssh-copy-id: INFO: 1 key(s) remain to be installed -- if you are prompted now it is to install the new keys
root@192.168.2.126's password: 

Number of key(s) added:        1

Now try logging into the machine, with:   "ssh 'root@192.168.2.126'"
and check to make sure that only the key(s) you wanted were added.

• 3. 输入SSH登录命令

ssh root@192.168.2.126
Last login: Sun Mar 21 21:25:12 2021 from 192.168.2.125
i-57:~ root# 

此时登录成功，已经不需要再输入密码了 #2.USB登录 利用usbmuxd 这个工具来通过USB连接（手机数据线连接电脑）不需要WiFi，USB连接比 WiFi 响应速度快，且无网络环境的限制。

• Mac安装usbmuxd

brew install usbmuxd

如果界面一直卡在更新中，可以按control+c来跳过，等几秒后就会开始执行安装。

• 使用 usbmuxd 自带工具 iproxy iproxy可以快捷的操作连接iPhone等操作。MacOS上只支持 4 位的端口号，需要把 iPhone 的默认端口 22 映射到 Mac 上面一个 4 位端口号的端口上面，相当于建立一个 Mac 和 iPhone 之间的通道。

iproxy 5757 22
waiting for connection

以上命令就是把当前连接iPhone设备的22 端口(SSH端口)映射到电脑的 5757 端口，那么想和iPhone设备 22 端口通信，直接和本地（Mac电脑）的 5757 端口通信就可以了。

ssh root@localhost -p 5757
Last login: Tue Mar 23 15:56:13 2021 from 192.168.2.1
i-57:~ root#