既然M1 MacBooks 可以直接运行iOS 应用程序,我想知道有没有办法直接运行iOS 二进制文件,而不是只能从App Store 运行它们?
我正在使用 C 语言而不使用 Xcode 开发 iOS 应用程序,我当前的工作流程是:
xcrun -sdk iphonesimulator clang 构建.app 包xcrun simctl 命令在模拟器上复制和运行效果很好,但如果我能以某种方式直接运行构建的二进制文件,那就太好了,如果我直接运行它,它只会说
% file app
app: Mach-O universal binary with 2 architectures: [arm_v7:Mach-O executable arm_v7] [arm64:Mach-O 64-bit executable arm64]
app (for architecture armv7): Mach-O executable arm_v7
app (for architecture arm64): Mach-O 64-bit executable arm64
% ./app
zsh: killed ./app
老实说我不知道这是怎么回事
来自 App Store 的可运行 iOS .app 似乎具有以下结构:
iOSapp.app
├── WrappedBundle -> Wrapper/iOSapp.app
└── Wrapper
├── BundleMetadata.plist
├── iTunesMetadata.plist
└── iOSapp.app
但我不知道这些是否有助于它的运行,并且找不到关于这些的文档
答案 0 :(得分:4)
是的,Google P0 刚刚找到了一种方法:
因此,在 macOS 上启动 iOS 二进制文件所需的完整步骤是:
Use the posix_spawnattr_set_platform_np API to set the target platform to PLATFORM_IOS
Execute the new process via posix_spawn(2) and start it suspended
Patch dyld to allow library interposing
In the interposed library, claim to possess the com.apple.security.cs.debugger entitlement by replacing xpc_copy_entitlements_for_self
Continue the process by sending it SIGCONT
完整链接是https://googleprojectzero.blogspot.com/2021/05/fuzzing-ios-code-on-macos-at-native.html