IOS 相關工具整理

其他Linux/Unix/BSD/OSX等发行版讨论
回复
头像
torachiyo
帖子: 81
注册时间: 2015-11-29 8:32
系统: Kali Linux

IOS 相關工具整理

#1

帖子 torachiyo » 2016-04-16 19:07

Linux Mint 18 (Ubuntu xenial) / LMDE (Debian sid)

=================
IOS 系統應用工具
=================
Apple iDevices 連接函式庫與工具
$ sudo apt-get install libimobiledevice-utils python-imobiledevice

Apple iDevices USB 連接工具
$ sudo apt-get install libusbmuxd-tools usbmuxd

Apple iDevices 檔案系統掛載工具
$ sudo apt-get install ifuse

Apple plist 檔案格式轉換 xml 工具
$ sudo apt-get install libplist-utils python-plist

iOS 應用程式安裝管理工具
$ sudo apt-get install ideviceinstaller

存取 iDevices 網路上網工具
$ sudo apt-get install ipheth-utils

=================
IOS 刷機修改相關工具
=================
VFDecrypt (iOS image 解密工具)
$ sudo apt-get install dmg2img

---- Debian
XPWN (IOS Firmware 解密修改工具)
$ wget https://github.com/Mint-Fans/linux-pack ... _amd64.deb
$ sudo dpkg -i xpwn_0.5.8-0_amd64.deb
$ sudo apt-get -f install

iDevice Restore (刷機工具)
$ wget https://github.com/Mint-Fans/linux-pack ... _amd64.deb
$ wget https://github.com/Mint-Fans/linux-pack ... _amd64.deb
$ sudo dpkg -i libirecovery_0.2.0-0_amd64.deb
$ sudo dpkg -i idevicerestore_1.0-0_amd64.deb
$ sudo apt-get -f install

iDevice Activation (iDevices 啟用工具)
$ wget https://github.com/Mint-Fans/linux-pack ... _amd64.deb
$ sudo dpkg -i libideviceactivation_1.0.1-0_amd64.deb
$ sudo apt-get -f install

---- Ubuntu
XPWN (IOS Firmware 解密修改工具)
$ wget https://github.com/Mint-Fans/linux-pack ... _amd64.deb
$ sudo dpkg -i xpwn_0.5.8-0_amd64.deb
$ sudo apt-get -f install

iDevice Restore (刷機工具)
$ wget https://github.com/Mint-Fans/linux-pack ... _amd64.deb
$ wget https://github.com/Mint-Fans/linux-pack ... _amd64.deb
$ sudo dpkg -i libirecovery_0.2.0-0_amd64.deb
$ sudo dpkg -i idevicerestore_1.0-0_amd64.deb
$ sudo apt-get -f install

iDevice Activation (iDevices 啟用工具)
$ wget https://github.com/Mint-Fans/linux-pack ... _amd64.deb
$ sudo dpkg -i libideviceactivation_1.0.1-0_amd64.deb
$ sudo apt-get -f install
上次由 torachiyo 在 2016-04-19 16:34,总共编辑 1 次。
头像
torachiyo
帖子: 81
注册时间: 2015-11-29 8:32
系统: Kali Linux

Re: IOS 相關工具整理

#2

帖子 torachiyo » 2016-04-16 19:08

刷機與修改相關的工具官方套件沒有納入, 在這裡順便紀錄編譯與製作套件方式.

基本編譯環境
$ sudo apt-get install build-essential automake autoconf libtool-bin pkg-config gcc

====================
idevicerestore
====================

依賴函式庫
$ sudo apt-get install libreadline-dev libusb-1.0-0-dev

編譯libirecovery並製作套件 (iBoot/iBSS USB 函式庫與工具)
$ git clone https://github.com/libimobiledevice/libirecovery.git
$ cd libirecovery
$ mkdir fakeroot
$ ./autogen.sh
$ ./configure --prefix=/usr
$ make
$ sudo make install DESTDIR=~/libirecovery/fakeroot
$ mkdir fakeroot/DEBIAN
$ leafpad fakeroot/DEBIAN/control

Package: libirecovery
Source: libirecovery
Version: 0.2.0-0
Architecture: amd64
Maintainer: Nikias Bassen
Installed-Size: 34
Depends: libusb-1.0-0 (>= 1.0.3), libreadline6
Section: utils
Priority: optional
Homepage: http://www.libimobiledevice.org/
Description: A library to communicate with iBoot/iBSS on iOS devices via USB

$ sudo dpkg -b fakeroot libirecovery_0.2.0-0_amd64.deb

$ sudo dpkg -i libirecovery_*.deb

依賴函式庫
$ sudo apt-get install libusbmuxd-dev libimobiledevice-dev libplist-dev libplist++-dev libcurl4-openssl-dev libzip-dev libssl-dev

編譯idevicerestore並製作套件
$ git clone https://github.com/libimobiledevice/idevicerestore.git
$ cd idevicerestore
$ mkdir fakeroot
$ ./autogen.sh
$ ./configure --prefix=/usr
$ make
$ sudo make install DESTDIR=~/idevicerestore/fakeroot
$ mkdir fakeroot/DEBIAN
$ leafpad fakeroot/DEBIAN/control

Package: idevicerestore
Source: idevicerestore
Version: 1.0-0
Architecture: amd64
Maintainer: Nikias Bassen
Installed-Size: 479
Depends: libimobiledevice6, libusbmuxd4, libplist3, libzip4, libssl1.0.2 | libssl1.0.0, libcurl3, libirecovery
Section: utils
Priority: optional
Homepage: http://www.libimobiledevice.org/
Description: Restore/upgrade firmware of iOS devices

$ sudo dpkg -b fakeroot idevicerestore_1.0-0_amd64.deb

$ sudo dpkg -i idevicerestore_*.deb

====================
libideviceactivation
====================
依賴函式庫
$ sudo apt-get install libxml2-dev libplist3 libimobiledevice-dev libcurl4-openssl-dev

編譯並製作套件
$ git clone https://github.com/libimobiledevice/lib ... vation.git
$ cd libideviceactivation
$ mkdir fakeroot
$ ./autogen.sh
$ ./configure --prefix=/usr
$ make
$ sudo make install DESTDIR=~/libideviceactivation/fakeroot
$ mkdir fakeroot/DEBIAN
$ leafpad fakeroot/DEBIAN/control

Package: libideviceactivation
Source: libideviceactivation
Version: 1.0.1-0
Architecture: amd64
Maintainer: Martin Szulecki
Installed-Size: 230
Depends: libimobiledevice6, libplist3, libcurl3, libxml2
Section: utils
Priority: optional
Homepage: http://www.libimobiledevice.org/
Description: A library to handle the activation process of iOS devices

$ sudo dpkg -b fakeroot libideviceactivation_1.0.1-0_amd64.deb

$ sudo dpkg -i libideviceactivation_*.deb

====================
xpwn
====================
依賴函式庫
$ sudo apt-get install libssl-dev zlib1g-dev libbz2-dev libusb-dev libpng12-dev

安裝cmake
$ sudo apt-get install cmake

編譯並製作套件
$ git clone https://github.com/planetbeing/xpwn.git
$ mkdir build
$ cd build
$ cmake ~/xpwn -DCMAKE_INSTALL_PREFIX=/usr/bin
$ mkdir fakeroot
$ make
$ sudo make install DESTDIR=~/build/fakeroot
$ sudo mkdir fakeroot/usr/share
$ sudo mkdir fakeroot/usr/share/doc
$ sudo mkdir fakeroot/usr/share/doc/xpwn
$ sudo mkdir fakeroot/usr/share/xpwn
$ sudo mv fakeroot/usr/bin/bundles fakeroot/usr/share/xpwn/
$ sudo mv fakeroot/usr/bin/FirmwareBundles fakeroot/usr/share/xpwn/
$ sudo mv fakeroot/usr/bin/ramdisk.dmg fakeroot/usr/share/xpwn/
$ sudo mv fakeroot/usr/bin/LICENSE.txt fakeroot/usr/share/doc/xpwn/
$ sudo mv fakeroot/usr/bin/README.txt fakeroot/usr/share/doc/xpwn/
$ mkdir fakeroot/DEBIAN
$ leafpad fakeroot/DEBIAN/control

Package: xpwn
Source: xpwn
Version: 0.5.8-0
Architecture: amd64
Maintainer: planetbeing
Installed-Size: 35800
Depends: libssl1.0.2 | libssl1.0.0, zlib1g, libusb-0.1-4, libpng12-0, libbz2-1.0
Section: utils
Priority: optional
Homepage: http://www.libimobiledevice.org/
Description: A cross-platform custom NOR firmware loader and custom IPSW generator for the iOS

$ sudo dpkg -b fakeroot xpwn_0.5.8-0_amd64.deb
$ sudo dpkg -i xpwn_*.deb
上次由 torachiyo 在 2016-04-19 16:35,总共编辑 1 次。
头像
torachiyo
帖子: 81
注册时间: 2015-11-29 8:32
系统: Kali Linux

Re: IOS 相關工具整理

#3

帖子 torachiyo » 2016-04-16 19:09

大概看一下 Linux 版的 IOS 工具功能還蠻多的. 整理一下指令使用方式, 方便參考使用.

========================
libimobiledevice-utils
========================
$ idevice_id
Usage: idevice_id [OPTIONS] [UDID]
Prints device name or a list of attached devices.

The UDID is a 40-digit hexadecimal number of the device
for which the name should be retrieved.

-l, --list list UDID of all attached devices
-d, --debug enable communication debugging
-h, --help prints usage information

$ idevicebackup
No command specified.
Usage: idevicebackup [OPTIONS] CMD [DIRECTORY]
Create or restore backup from the current or specified directory.

commands:
backup Saves a device backup into DIRECTORY
restore Restores a device backup from DIRECTORY.

options:
-d, --debug enable communication debugging
-u, --udid UDID target specific device by its 40-digit device UDID
-h, --help prints usage information

$ idevicebackup2
No command specified.
Usage: idevicebackup2 [OPTIONS] CMD [CMDOPTIONS] DIRECTORY
Create or restore backup from the current or specified directory.

commands:
backup create backup for the device
--full force full backup from device.
restore restore last backup to the device
--system restore system files, too.
--reboot reboot the system when done.
--copy create a copy of backup folder before restoring.
--settings restore device settings from the backup.
--remove remove items which are not being restored
--password PWD supply the password of the source backup
info show details about last completed backup of device
list list files of last completed backup in CSV format
unback unpack a completed backup in DIRECTORY/_unback_/
encryption on|off [PWD] enable or disable backup encryption
NOTE: password will be requested in interactive mode if omitted
changepw [OLD NEW] change backup password on target device
NOTE: passwords will be requested in interactive mode if omitted
cloud on|off enable or disable cloud use (requires iCloud account)

options:
-d, --debug enable communication debugging
-u, --udid UDID target specific device by its 40-digit device UDID
-s, --source UDID use backup data from device specified by UDID
-i, --interactive request passwords interactively
-h, --help prints usage information


$ idevicecrashreport
Usage: idevicecrashreport [OPTIONS] DIRECTORY
Move crash reports from device to a local DIRECTORY.

-e, --extract extract raw crash report into separate '.crash' file
-k, --keep copy but do not remove crash reports from device
-d, --debug enable communication debugging
-u, --udid UDID target specific device by its 40-digit device UDID
-h, --help prints usage information



$ idevicedate
Usage: idevicedate [OPTIONS]
Display the current date or set it on a device.

NOTE: Setting the time on iOS 6 and later is only supported
in the setup wizard screens before device activation.

-d, --debug enable communication debugging
-u, --udid UDID target specific device by its 40-digit device UDID
-s, --set TIMESTAMP set UTC time described by TIMESTAMP
-c, --sync set time of device to current system time
-h, --help prints usage information


$ idevicedebug
Usage: idevicedebug [OPTIONS] COMMAND
Interact with the debugserver service of a device.

Where COMMAND is one of:
run BUNDLEID [ARGS...] run app with BUNDLEID and optional ARGS on device.

The following OPTIONS are accepted:
-e, --env NAME=VALUE set environment variable NAME to VALUE
-u, --udid UDID target specific device by its 40-digit device UDID
-d, --debug enable communication debugging
-h, --help prints usage information


$ idevicedebugserverproxy
Please specify a PORT.
Usage: idevicedebugserverproxy [OPTIONS]
Proxy debugserver connection from device to a local socket at PORT.

-d, --debug enable communication debugging
-u, --udid UDID target specific device by its 40-digit device UDID
-h, --help prints usage information



$ idevicediagnostics
Usage: idevicediagnostics COMMAND [OPTIONS]
Use diagnostics interface of a device running iOS 4 or later.

Where COMMAND is one of:
diagnostics [TYPE] print diagnostics information from device by TYPE (All, WiFi, GasGauge, NAND)
mobilegestalt KEY [...] print mobilegestalt keys passed as arguments seperated by a space.
ioreg [PLANE] print IORegistry of device, optionally by PLANE (IODeviceTree, IOPower, IOService) (iOS 5+ only)
shutdown shutdown device
restart restart device
sleep put device into sleep mode (disconnects from host)

The following OPTIONS are accepted:
-d, --debug enable communication debugging
-u, --udid UDID target specific device by its 40-digit device UDID
-h, --help prints usage information


$ ideviceenterrecovery
Usage: ideviceenterrecovery [OPTIONS] UDID
Makes a device with the supplied 40-digit UDID enter recovery mode immediately.

-d, --debug enable communication debugging
-h, --help prints usage information


$ ideviceimagemounter
Usage: ideviceimagemounter [OPTIONS] IMAGE_FILE IMAGE_SIGNATURE_FILE

Mounts the specified disk image on the device.

-u, --udid UDID target specific device by its 40-digit device UDID
-l, --list List mount information
-t, --imagetype Image type to use, default is 'Developer'
-x, --xml Use XML output
-d, --debug enable communication debugging
-h, --help prints usage information


$ ideviceinfo
Usage: ideviceinfo [OPTIONS]
Show information about a connected device.

-d, --debug enable communication debugging
-s, --simple use a simple connection to avoid auto-pairing with the device
-u, --udid UDID target specific device by its 40-digit device UDID
-q, --domain NAME set domain of query to NAME. Default: None
-k, --key NAME only query key specified by NAME. Default: All keys.
-x, --xml output information as xml plist instead of key/value pairs
-h, --help prints usage information


$ idevicename
Usage: idevicename [OPTIONS] [NAME]
Display the device name or set it to NAME if specified.

-d, --debug enable communication debugging
-u, --udid UDID use UDID to target a specific device
-h, --help print usage information

$ idevicenotificationproxy
Usage: idevicenotificationproxy [OPTIONS] COMMAND
Post or observe notifications on a device.

Where COMMAND is one of:
post ID [...] post notification IDs to device and exit
observe ID [...] observe notification IDs in the foreground until CTRL+C or signal is received

The following OPTIONS are accepted:
-d, --debug enable communication debugging
-u, --udid UDID target specific device by its 40-digit device UDID
-h, --help prints usage information



$ idevicepair
idevicepair - Manage host pairings with devices and usbmuxd.

Usage: idevicepair [OPTIONS] COMMAND

Where COMMAND is one of:
systembuid print the system buid of the usbmuxd host
hostid print the host id for target device
pair pair device with this host
validate validate if device is paired with this host
unpair unpair device with this host
list list devices paired with this host

The following OPTIONS are accepted:
-d, --debug enable communication debugging
-u, --udid UDID target specific device by its 40-digit device UDID
-h, --help prints usage information


$ ideviceprovision
Usage: ideviceprovision [OPTIONS] COMMAND
Manage provisioning profiles on a device.

Where COMMAND is one of:
install FILE Installs the provisioning profile specified by FILE.
A valid .mobileprovision file is expected.
list Get a list of all provisioning profiles on the device.
copy PATH Retrieves all provisioning profiles from the device and
stores them into the existing directory specified by PATH.
The files will be stored as UUID.mobileprovision
remove UUID Removes the provisioning profile identified by UUID.
dump FILE Prints detailed information about the provisioning profile
specified by FILE.

The following OPTIONS are accepted:
-d, --debug enable communication debugging
-u, --udid UDID target specific device by its 40-digit device UDID
-x, --xml print XML output when using the 'dump' command
-h, --help prints usage information


$ idevicescreenshot
Usage: idevicescreenshot [OPTIONS] [FILE]
Gets a screenshot from a device.
The screenshot is saved as a TIFF image with the given FILE name,
where the default name is "screenshot-DATE.tiff", e.g.:
./screenshot-2013-12-31-23-59-59.tiff

NOTE: A mounted developer disk image is required on the device, otherwise
the screenshotr service is not available.

-d, --debug enable communication debugging
-u, --udid UDID target specific device by its 40-digit device UDID
-h, --help prints usage information


$ idevicesyslog
Usage: idevicesyslog [OPTIONS]
Relay syslog of a connected device.

-d, --debug enable communication debugging
-u, --udid UDID target specific device by its 40-digit device UDID
-h, --help prints usage information


========================
libusbmuxd-tools
========================
$ iproxy
iproxy LOCAL_TCP_PORT DEVICE_TCP_PORT [UDID]

usbmuxd
$ /usr/sbin/usbmuxd
Usage: usbmuxd [OPTIONS]
Expose a socket to multiplex connections from and to iOS devices.

-h, --help Print this message.
-v, --verbose Be verbose (use twice or more to increase).
-f, --foreground Do not daemonize (implies one -v).
-U, --user USER Change to this user after startup (needs USB privileges).
-n, --disable-hotplug Disables automatic discovery of devices on hotplug.
Starting another instance will trigger discovery instead.
-z, --enable-exit Enable "--exit" request from other instances and exit
automatically if no device is attached.
-u, --udev Run in udev operation mode (implies -n and -z).
-s, --systemd Run in systemd operation mode (implies -z and -f).
-x, --exit Notify a running instance to exit if there are no devices
connected (sends SIGUSR1 to running instance) and exit.
-X, --force-exit Notify a running instance to exit even if there are still
devices connected (always works) and exit.
-V, --version Print version information and exit.

========================
ideviceinstaller
========================
$ ideviceinstaller
Usage: ideviceinstaller OPTIONS
Manage apps on an iDevice.

-U, --uuid UUID Target specific device by its 40-digit device UUID.
-l, --list-apps List apps, possible options:
-o list_user - list user apps only (this is the default)
-o list_system - list system apps only
-o list_all - list all types of apps
-o xml - print full output as xml plist
-i, --install ARCHIVE Install app from package file specified by ARCHIVE.
-u, --uninstall APPID Uninstall app specified by APPID.
-g, --upgrade APPID Upgrade app specified by APPID.
-L, --list-archives List archived applications, possible options:
-o xml - print full output as xml plist
-a, --archive APPID Archive app specified by APPID, possible options:
-o uninstall - uninstall the package after making an archive
-o app_only - archive application data only
-o copy=PATH - copy the app archive to directory PATH when done
-o remove - only valid when copy=PATH is used: remove after copy
-r, --restore APPID Restore archived app specified by APPID
-R, --remove-archive APPID Remove app archive specified by APPID
-o, --options Pass additional options to the specified command.
-h, --help prints usage information
-d, --debug enable communication debugging

========================
libplist-utils
========================
$ plistutil
Usage: plistutil -i|--infile in_file.plist -o|--outfile out_file.plist [--debug]

-i or --infile: The file to read in.
-o or --outfile: The file to convert to.
-d, -v or --debug: Provide extended debug information.


========================
ifuse
========================
Usage: ifuse [OPTIONS]
Mount filesystem of an iPhone, iPod Touch, iPad or Apple TV.

-o opt,[opt...] mount options
-u, --udid UDID mount specific device by its 40-digit device UDID
-h, --help print usage information
-V, --version print version
--appid APPID mount 'Documents' folder of app identified by APPID
--root mount root file system (jailbroken device required)
--debug enable libimobiledevice communication debugging


IOS 修改刷機相關工具指令

========================
dmg2img
========================
$ dmg2img

dmg2img v1.6.5 (c) vu1tur (to@vu1tur.eu.org)

Usage: dmg2img [-l] [-p N] [-s] [-v] [-V] [-d] <input.dmg> [<output.img>]
or dmg2img [-l] [-p N] [-s] [-v] [-V] [-d] -i <input.dmg> -o <output.img>

Options: -s (silent) -v (verbose) -V (extremely verbose) -d (debug)
-l (list partitions) -p N (extract only partition N)


$ vfdecrypt
Usage: vfdecrypt [-e] [-p password] [-k key] -i in-file -o out-file
Option -e attempts to extract key from <in-file>

========================
xpwn
========================
$ dfu-util
usage: dfu-util <custom.ipsw> <n82ap|m68ap|n45ap>
advanced usage: dfu-util -f <file>
n82ap = 3G iPhone, m68ap = First-generation iPhone, n45ap = iPod touch

$ dmg
usage: dmg [extract|build|build2048|res|iso|dmg] <in> <out> (-k <key>) (partition)

$ dripwn
usage: dripwn <ipsw> <key>

$ hdutil
hdutil <image-file> (-k <key>) <ls|cat|mv|mkdir|add|rm|chmod|extract|extractall|rmall|addall|grow|untar> <arguments>

$ hfsplus
usage: hfsplus <image-file> <ls|cat|mv|mkdir|add|rm|chmod|extract|extractall|rmall|addall|debug> <arguments>

$ ipsw
usage ipsw <input.ipsw> <target.ipsw> [-b <bootimage.png>] [-r <recoveryimage.png>] [-s <system partition size>] [-memory] [-bbupdate] [-nowipe] [-e "<action to exclude>"] [[-unlock] [-use39] [-use46] [-cleanup] -3 <bootloader 3.9 file> -4 <bootloader 4.6 file>] <package1.tar> <package2.tar>...

$ xpwn
usage: xpwn <input ipsw> [-b <bootimage.png>] [-r <recoveryimage.png>]

$ xpwntool
usage: xpwntool <infile> <outfile> [-x24k] [-t <template> [-c <certificate>]] [-k <key>] [-iv <key>] [-decrypt]


========================
idevicerestore
========================
$ idevicerestore
Usage: idevicerestore [OPTIONS] FILE
Restore IPSW firmware FILE to an iOS device.

-i, --ecid ECID target specific device by its hexadecimal ECID
e.g. 0xaabb123456 or 00000012AABBCCDD
-u, --udid UDID target specific device by its 40-digit device UDID
NOTE: only works with devices in normal mode.
-d, --debug enable communication debugging
-h, --help prints usage information
-e, --erase perform a full restore, erasing all data (defaults to update)
-c, --custom restore with a custom firmware
-l, --latest use latest available firmware (with download on demand)
DO NOT USE if you need to preserve the baseband (unlock)!
USE WITH CARE if you want to keep a jailbreakable firmware!
The FILE argument is ignored when using this option.
-s, --cydia use Cydia's signature service instead of Apple's
-x, --exclude exclude nor/baseband upgrade
-t, --shsh fetch TSS record and save to .shsh file, then exit
-p, --pwn Put device in pwned DFU mode and exit (limera1n devices only)
-n, --no-action Do not perform any restore action. If combined with -l option
the on demand ipsw download is performed before exiting.
-C, --cache-path DIR Use specified directory for caching extracted
or other reused files.


========================
libideviceactivation
========================
$ ideviceactivation
Usage: ideviceactivation COMMAND [OPTIONS]
Activate or deactivate a device.

Where COMMAND is one of:
activate attempt to activate the device
deactivate deactivate the device

The following OPTIONS are accepted:
-d, --debug enable communication debugging
-u, --udid UDID target specific device by its 40-digit device UDID
-s, --service URL use activation webservice at URL instead of default
-v, --version print version information and exit
-h, --help prints usage information


========================
libirecovery
========================
$ irecovery
Usage: irecovery [OPTIONS]
Interact with an iOS device in DFU or recovery mode.

options:
-i ECID connect to specific device by its hexadecimal ECID
-c CMD run CMD on device
-m print current device mode
-f FILE send file to device
-k FILE send limera1n usb exploit payload from FILE
-r reset client
-n reboot device into normal mode (exit recovery loop)
-e FILE executes recovery script from FILE
-s start an interactive shell
-v enable verbose output, repeat for higher verbosity
-h prints this usage information
头像
442449076
帖子: 388
注册时间: 2009-07-01 16:34

Re: IOS 相關工具整理

#4

帖子 442449076 » 2016-04-16 20:41

很复杂
回复