Shulou(Shulou.com)06/02 Report--

Editor to share with you how to use Cycript to bypass the PIN protection of the application, I believe most people do not know much about it, so share this article for your reference, I hope you can learn a lot after reading this article, let's learn about it!

1) Clutch

We will use 'Clutch 2' (the public iOS decryption tool) to decrypt and extract the application's .ipa file, and we need to dump and check the Objective-C header file of the application class later.

Clutch can be downloaded here: https://github.com/KJCracks/Clutch

Please follow the installation instructions to install Clutch on your device.

If you return a "Permission Denied" error when you run Clutch3, it may be because you do not give the file the correct read and write permissions. You can try to solve the problem by executing the following command:

$chmod axix / usr/bin/Clutch3

Then run the command:

$Clutch3-I

You will see a list of installed applications. Select the application you want to use and copy its bundleID value to run the following command:

$Clutch3-b

At this point you should see a message telling you that the cracked binary has been dumped and the saved path location.

Next, you need to transfer the binaries to Mac for analysis. You can do this in many ways, but I prefer to use CyberDuck. You can use any file transfer software you like, or ssh to your phone and scp .ipa files to your computer.

After you get the .ipa file, you only need to unzip the file to access its contents. (note: you may need to manually change the file type to .zip before doing this.)

2) class-dump

Next we will use a tool called class-dump to dump the application's runtime header file. You can install this tool on your computer through brew:

$brew install class-dump

First, we find the executable file for the application. You can find this file in the .ipa folder and the path location is / Payload/.app/AppName.

Run:

$class-dump / Payload/.app/AppName > dumpedHeaders

The 'dumpedHeaders'' is the file you are going to create the dump.

You should now be able to view "dumpedHeaders" in any text editor (such as Sublime). We opened the file and searched for some keywords. I first searched for the keywords' authorize','login' or 'pin', and quickly located what I was looking for.

You can see that in the DTPinLockController class, there is a NSString * pin attribute. Let's move on to the next step.

3) cycript

First, download the latest version of cycript to your computer: http://www.cycript.org/

Then, transfer the cycript to your device through file transfer software such as CyberDuck,sftp,scp or any tool you like.

Finally, ssh to your device and run the following command to install cycript:

$dpkg-I cycript.deb

Now you can try running cycript and confirm that the # cy prompt appears. (be sure to exit cycript before the next step).

Now we are ready to hook our target app. To find the process ID, make sure that the app is running correctly on your mobile device:

$ps aux

Copy the PID of your target app and run:

$cycript-p

Now that you have successfully hook the process, you can explore the application while it is running.

Since the app needs to enter the PIN code, my application has been opened on the phone and redirected to the PIN input interface, as follows:

To confirm the ViewController name I see, I run it in cycript:

Cy# UIApp.keyWindow.rootViewController

The result returns:

DTPinLockController

Now, looking back at my class-dump, I can see that this is really the interface where I found the 'pin' NSString property, so I should be able to access its value at run time. Check to see if PIN is running without secure storage:

Cy# UIApp.keyWindow.rootViewController.pin

Bingo! At run time, we successfully obtained the PIN code:

Now we can enter the acquired PIN code on app to confirm, and I have successfully obtained the access to the application!

The above is all the content of the article "how to use Cycript to bypass the PIN protection of an application". Thank you for reading! I believe we all have a certain understanding, hope to share the content to help you, if you want to learn more knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.