做个记录 越狱ios设备 获取root权限(测试没通过)
2014-08-04 23:37
465 查看
It is true, the app has to run as root to access non mobile directories. After discussing this with Optimo and Saurik I finally found the right way to get root privileges.
In the main.m add
Build the app normally.
Then copy and paste the executable inside the .app and rename it to anything you want, don't rename the original file.
Open the original executable file and delete its contents (the contents are now stored in the previously copied and renamed binary).
Add this bash script to the empty binary file from 4. :
Springboard will run this file first because its the CFBundleExecutable, then this will launch the actual app's executable. This is done because SpringBoard would fail to directly launch the executable with root permissions
Open terminal and change the directory to the .app (ex.
original executable file to 0755 (ex.
SSH the .app into /Applications on your device, respring and launch it (if its not launching then repeat set 7. but by SSHing into your device via terminal)
In the main.m add
setuid(0);and
setgid(0);
Build the app normally.
Then copy and paste the executable inside the .app and rename it to anything you want, don't rename the original file.
Open the original executable file and delete its contents (the contents are now stored in the previously copied and renamed binary).
Add this bash script to the empty binary file from 4. :
#!/bin/bash dir=$(dirname "$0") exec "${dir}"/<COPIED FILE NAME> "$@"
Springboard will run this file first because its the CFBundleExecutable, then this will launch the actual app's executable. This is done because SpringBoard would fail to directly launch the executable with root permissions
Open terminal and change the directory to the .app (ex.
cd /User/Me/Desktop/MyApp.app)
chmodthe
original executable file to 0755 (ex.
chmod 0755 MyCFBundleExecutable) and the copied file to 6755 (ex.
chmod 6755 CFBundleExecutableRoot)
SSH the .app into /Applications on your device, respring and launch it (if its not launching then repeat set 7. but by SSHing into your device via terminal)
相关文章推荐
- 越狱ios设备上,如何使应用获取root权限
- iOS程序发布测试2-获取Tester设备UDID
- iOS程序发布测试2-获取Tester设备UDID
- iOS 获取当前苹果设备的型号(真机下测试有效,模拟器下只输出显示Simulator)
- IOS 特定于设备的开发:获取和使用设备姿势(通过手机方向控制3d物体显示)
- 获取安卓iOS上的微信聊天记录、通过Metasploit控制安卓
- Android通过蓝牙获取设备的通讯录、通话记录等
- IOS 设备 通过HTML页面在线安装APP配置(面向越狱设备或者有开发者账号调试APP)
- 通过Safari与mobileconfig获取iOS设备UDID(设备唯一标识符)
- 【Unity】中如何通过GPS获取设备经纬度(测试脚本)
- 已经越狱的 iPhone、iPad 设备,当通过其自带的 safari 浏览器访问 ipa 应用下载网站时,利用 itms-services 协议,可以一键安装 ipa 文件的 iOS 应用
- 通过itunes store向iOS设备安装测试版(未上线)的程序
- 获取IOS设备当前地址,已验证使用通过
- iOS 记录之 获取设备网络信息
- iOS程序发布测试之获取Tester设备UDID
- iOS 如何将应用装入开发用的设备中测试 (未越狱)
- 【越狱开发】通过数据线连接使用ssh登陆到iOS 设备
- IOS越狱开发 root权限获取
- (转)获取安卓iOS上的微信聊天记录、通过Metasploit控制安卓
- iOS App开发中通过UIDevice类获取设备信息的方法