[原创]iOS免越狱hook与越狱hook整合，附IMGUI

#1 楼主 2026-06-01 21:09:16

来自H5GG的免越狱Hook方案，具体实现方式是在已经越狱的设备上对可执行文件采用dobbyhook进行修改，硬编码指令到新的区段，控制寄存器动态跳转开关hook与patch，来规避代码签名检测。H5GG的代码来自这里e0eK9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6t1y4f1N6s2i4K6u0r3d9o6g2s2c8#2)9J5c8X3u0D9L8$3u0Q4x3V1k6T1y4o6N6T1y4e0j5$3y4K6k6U0z5o6V1I4x3U0b7K6y4U0u0T1k6o6p5I4j5h3p5K6j5h3q4X3z5e0g2T1x3o6u0U0x3o6N6U0j5e0t1J5i4K6u0r3M7r3I4#2k6$3W2F1c8r3g2E0L8#2)9J5c8X3R3#2k6Y4u0A6k6r3p5I4y4g2)9J5k6e0q4Q4x3X3f1J5y4q4)9J5c8V1c8G2j5X3u0&6i4K6u0V1k6X3W2^5k6h3c8Q4x3V1k6K6L8%4g2J5j5$3g2Q4x3V1k6u0L8Y4c8W2M7X3y4W2M7s2c8d9L8%4g2@1K9h3&6Y4i4K6u0r3f1X3!0#2N6r3W2F1k6#2)9J5c8W2y4@1j5i4c8A6j5@1W2F1L8r3W2F1k6f1S2G2L8$3E0Q4x3V1k6K6N6r3q4@1K9h3y4Q4x3X3c8A6L8X3I4A6L8X3g2Q4x3X3c8Z5L8$3!0C8i4K6u0W2j5$3y4Q4x3U0y4x3x3e0M7`.
在原仓库的基础上，修复了若干bug，同时整合了非越狱与越狱的hook和patch控制，通过宏定义一键切换。仓库地址：460K9s2c8@1M7s2y4Q4x3@1q4Q4x3V1k6Q4x3V1k6Y4K9i4c8Z5N6h3u0Q4x3X3g2U0L8$3#2Q4x3V1k6x3P5h3&6F1k6i4c8@1k6e0p5%4y4#2)9J5c8X3A6T1L8X3A6T1i4K6u0V1K9r3!0G2K9#2)9J5k6r3k6J5j5h3#2W2N6$3!0J5K9H3`.`.

回复或点赞可查看完整内容

---
来源: 看雪论坛
原文链接: https://bbs.kanxue.com/thread-287425.htm

#2 2026-06-01 21:09:16

感谢分享

#3 2026-06-01 21:09:16

感谢分享

#4 2026-06-01 21:09:16

感谢分享

#5 2026-06-01 21:09:16

厉害，不过还是越狱好玩点。

#6 2026-06-01 21:09:16

免越狱咋hook的？

#7 2026-06-01 21:09:16

mark

#8 2026-06-01 21:09:16

感谢分享

#9 2026-06-01 21:09:16

ggggg

免越狱咋hook的？

必须在越狱手机上用这个提前做好新的可执行文件

#10 2026-06-01 21:09:16

看看

#11 2026-06-01 21:09:16

这个可以看看

#12 2026-06-01 21:09:16

支持svc 指令hook 么？

#13 2026-06-01 21:09:16

为你点赞！

#14 2026-06-01 21:09:16

看看

#15 2026-06-01 21:09:16

看看