1.下載dumpdecrypted
2.make 獲取dumpdecrypted.dylib文件
3.用Cycript找出QQ的Documents目錄路徑
cycript -p QQ
cy# [[NSFileManager defaultManager] URLsForDirectory:NSDocumentDirectory inDomains:NSUserDomainMask][0]
得到:
#"file:///var/mobile/Containers/Data/Application/BA0352C6-AF10-40E3-AE27-4C1B8F6EF18C/Documents/"
4.把dumpdecrypted.dylib復制到剛輸出的Documents目錄中
/var/mobile/Containers/Data/Application/BA0352C6-AF10-40E3-AE27-4C1B8F6EF18C/Documents/
5.cd進去documents目錄后執(zhí)行破殼命令
DYLD_INSERT_LIBRARIES=dumpdecrypted.dylib /var/mobile/Containers/Bundle/Application/A3766CB3-3256-4625-B4F7-4746772B5ABF/QQ.app/QQ
在本目錄會出現(xiàn)QQ.decrypted的破殼后文件
6.使用class-dump導出頭文件
class-dump -H QQ.decrypted -o headers