引言

使用Clutch砸壳，静态砸壳

描述

Clutch是一款高效的iOS解密工具。Clutch支持iPhone，iPod Touch和iPad，以及所有iOS版本，体系结构类型和大多数二进制文件。Clutch仅用于教育目的和安全研究。
Clutch在github上面是开源的地址，感谢！，

下载

$ file Clutch-2.0.4
Clutch-2.0.4: Mach-O universal binary with 3 architectures: [arm_v7:Mach-O executable arm_v7] [arm64:Mach-O 64-bit executable arm64]
Clutch-2.0.4 (for architecture armv7):  Mach-O executable arm_v7
Clutch-2.0.4 (for architecture armv7s): Mach-O executable arm_v7s
Clutch-2.0.4 (for architecture arm64):  Mach-O 64-bit executable arm64

/**首先映射本季的端口3456**/
/**然后Copy 到手机里面**/
$ scp -P 3456 Clutch root@localhost:/usr/bin
/**给这个文件添加权限**/
xxx-iPhone # chmod +x Clutch

使用

• IPhone 输入Clutch命令

xxx-iPhone:~ root# Clutch
Usage: Clutch [OPTIONS]
-b --binary-dump <value> Only dump binary files from specified bundleID
-d --dump <value>        Dump specified bundleID into .ipa file
-i --print-installed     Print installed applications
   --clean               Clean /var/tmp/clutch directory
   --version             Display version and exit
-? --help                Display this help and exit
-n --no-color            Print with colors disabled

• 打印所有已安装、加密、可砸壳的App

xxx-iPhone:~ root# Clutch -i
Installed apps:
1:   xxxx - xxxx <com.xxxx.xxxx>

• 进行砸壳

xxx-iPhone:~ root# Clutch -d com.gotokeep.keep
....
DONE: /private/var/mobile/Documents/Dumped/com.xxxx.xxx-iOS8.0-(Clutch-2.0.4).ipa
Finished dumping com.xxx.xxx in 46.4 seconds

• 将Ipa文件拖出来放入mobile用户目录中的media文件夹下

mv /User/Documents/Dumped/com.xxx.xxx-iOSxx-\(Clutch-2.0.4\).ipa  /User/Media/

用ifunbox将Ipa包拖到桌面上这样，你的砸壳文件就生成好了。
将这个ipa文件解压,得到.app中的MachO文件

 xxxx $ otool -l xxx | grep crypt
     cryptoff 16384
    cryptsize 44007424
      cryptid 0

砸壳完成