{"id":13531314,"url":"https://github.com/hack0z/itrace","last_synced_at":"2025-04-01T19:31:58.082Z","repository":{"id":20188956,"uuid":"23460053","full_name":"hack0z/itrace","owner":"hack0z","description":"🍰 Trace objc method call for ios and mac","archived":false,"fork":false,"pushed_at":"2019-04-13T12:56:41.000Z","size":57906,"stargazers_count":201,"open_issues_count":1,"forks_count":42,"subscribers_count":19,"default_branch":"master","last_synced_at":"2024-07-11T13:59:11.048Z","etag":null,"topics":["hacking","ios","jailbreak","method","objc","trace"],"latest_commit_sha":null,"homepage":"https://tboox.org","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/hack0z.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.md","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-08-29T09:56:53.000Z","updated_at":"2024-07-04T01:43:27.000Z","dependencies_parsed_at":"2022-08-02T10:37:18.684Z","dependency_job_id":null,"html_url":"https://github.com/hack0z/itrace","commit_stats":null,"previous_names":["tboox/itrace"],"tags_count":5,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hack0z%2Fitrace","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hack0z%2Fitrace/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hack0z%2Fitrace/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/hack0z%2Fitrace/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/hack0z","download_url":"https://codeload.github.com/hack0z/itrace/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":246700541,"owners_count":20819891,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["hacking","ios","jailbreak","method","objc","trace"],"created_at":"2024-08-01T07:01:01.971Z","updated_at":"2025-04-01T19:31:53.074Z","avatar_url":"https://github.com/hack0z.png","language":"C","funding_links":[],"categories":["Projects"],"sub_categories":[],"readme":"\u003cp\u003e\n\u003cdiv align=\"center\"\u003e\n  \u003ch1\u003eitrace\u003c/h1\u003e\n\n  \u003cdiv\u003e\n    \u003ca href=\"https://github.com/tboox/itrace/blob/master/LICENSE.md\"\u003e\n      \u003cimg src=\"https://img.shields.io/github/license/tboox/vm86.svg?colorB=f48041\u0026style=flat-square\" alt=\"license\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://gitter.im/tboox/tboox?utm_source=badge\u0026utm_medium=badge\u0026utm_campaign=pr-badge\u0026utm_content=badge\"\u003e\n      \u003cimg src=\"https://img.shields.io/gitter/room/tboox/tboox.svg?style=flat-square\u0026colorB=96c312\" alt=\"Gitter\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://t.me/joinchat/F2dIAw5iTkDUMwCQ_8CStw\"\u003e\n      \u003cimg src=\"https://img.shields.io/badge/chat-on%20telegram-blue.svg?style=flat-square\" alt=\"Telegram\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://tboox.bearychat.com/signup/98bf6970b9f889d6ae3fbc3d50ee8a36\"\u003e\n      \u003cimg src=\"https://img.shields.io/badge/chat-on%20bearychat-brightgreen.svg?style=flat-square\" alt=\"Bearychat\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"https://jq.qq.com/?_wv=1027\u0026k=5hpwWFv\"\u003e\n      \u003cimg src=\"https://img.shields.io/badge/chat-on%20QQ-ff69b4.svg?style=flat-square\" alt=\"QQ\" /\u003e\n    \u003c/a\u003e\n    \u003ca href=\"http://tboox.org/donation/\"\u003e\n      \u003cimg src=\"https://img.shields.io/badge/donate-us-orange.svg?style=flat-square\" alt=\"Donate\" /\u003e\n    \u003c/a\u003e\n  \u003c/div\u003e\n\n  \u003cp\u003eTrace objc method call for ios and mac\u003c/p\u003e\n\u003c/div\u003e\n\u003c/p\u003e\n\n如果你想逆向 某些app的调用流程 或者 系统app的一些功能的 私有 framework class api 调用流程， 可以试试此工具\n\n只需要 配置需要挂接的 类名和app名， 就可以实时追踪 相关功能的 调用流程。 支持批量 hook n多个类名\n\n#### 特性\n\n* 批量跟踪ios下指定class对象的所有调用流程\n* 支持ios for armv6,armv7,arm64 以及mac for x86, x64\n* 自动探测参数类型，并且打印所有参数的详细信息\n\n#### 更新内容\n\n* 增加对arm64的支持，刚调通稳定性有待测试。\n   arm64进程注入没时间做了，暂时用了substrate的hookprocess， 所以大家需要先装下libsubstrate.dylib\n   armv7的版本是完全不依赖substrate的。\n \n* arm64的版本对参数的信息打印稍微做了些增强。\n\n注：此项目已不再维护，仅供参考。\n\n1. 配置需要挂接的class\n\n    ```\n    修改itrace.xml配置文件，增加需要hook的类名：\n    \u003c?xml version=\"1.0\" encoding=\"utf-8\"?\u003e\n    \u003citrace\u003e\n      \u003cclass\u003e\n        \u003cSSDevice/\u003e\n        \u003cSSDownload/\u003e\n        \u003cSSDownloadManager/\u003e\n        \u003cSSDownloadQueue/\u003e\n        \u003cCPDistributedMessagingCenter/\u003e\n        \u003cCPDistributedNotificationCenter/\u003e\n        \u003cNSString args=\"0\"/\u003e\n      \u003c/class\u003e\n    \u003c/itrace\u003e\n    ```\n\n    注： 尽量不要去hook， 频繁调用的class， 比如 UIView NSString， 否则会很卡，操作就不方便了。\n    注： 如果挂接某个class， 中途打印参数信息挂了， 可以在对应的类名后面 加上 args=\"0\" 属性， 来禁止打印参数信息， 这样会稳定点。 \n         如果要让所有类都不打印参数信息， 可以直接设置： \u003cclass args=\"0\"\u003e\n\n\n2. 安装文件\n\n    将整个itracer目录下的所有文件用手机助手工具，上传到ios系统上的 /tmp 下面：\n    ```\n    /tmp/itracer\n    /tmp/itrace.dylib\n    /tmp/itrace.xml\n    ```\n\n3. 进行trace\n\n    进入itracer所在目录：\n    ```\n      cd /tmp\n      ```\n\n    修改执行权限：\n    ```\n      chmod 777 ./itracer\n    ```\n\n    运行程序: \n\n    ```\n      ./itracer springboard (spingboard 为需要挂接的进程名， 支持简单的模糊匹配)\n    ```\n\n4. 使用substrate进行注入`itrace.dylib`来trace\n\n    在ios arm64的新设备上，使用`itracer`注入`itrace.dylib`已经失效，最近一直没怎么去维护，如果要在在arm64上注入进行trace，可以借用substrate，将`itrace.dylib`作为substrate插件进行注入\n    再配置下`itrace.plist`指定需要注入到那个进程中就行了，具体可以看下substrate的插件相关文档。\n\n    放置`itrace.dylib`和`itrace.plist`到substrate插件目录`/Library/MobileSubstrate/DynamicLibraries`，放好后使用`ldid -S itrace.dylib`处理一下，然后重启需要trace的进程即可, `itrace.xml`的配置文件路径变为`/var/root/itrace/itrace.xml`。\n    \n    ios arm64设备的`itrace.dylib` 编译时使用 `xmake f -p iphoneos -a arm64`命令。\n\n5. 查看 trace log， 注： log 的实际输出在： 控制台-设备log 中：\n\n    ```\n    Jan 21 11:12:58 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [3edc9d98]: [SSDownloadQueue downloads]\n    Jan 21 11:12:58 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [3edc9d98]: [SSDownloadManager downloads]\n    Jan 21 11:12:58 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [3edc9d98]: [SSDownloadManager _copyDownloads]\n    Jan 21 11:12:58 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [3edc9d98]: [SSDownloadQueue _sendDownloadStatusChangedAtIndex:]: 0\n    Jan 21 11:12:58 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [3edc9d98]: [SSDownloadQueue _messageObserversWithFunction:context:]: 0x334c5d51: 0x2fe89de0\n    Jan 21 11:12:58 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [3edc9d98]: [SSDownloadQueue downloads]\n    Jan 21 11:12:58 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [3edc9d98]: [SSDownloadManager downloads]\n    Jan 21 11:12:58 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [3edc9d98]: [SSDownloadManager _copyDownloads]\n    Jan 21 11:12:58 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [3edc9d98]: [SSDownload cachedApplicationIdentifier]\n    Jan 21 11:12:58 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [3edc9d98]: [SSDownload status]\n    Jan 21 11:12:58 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [3edc9d98]: [SSDownload cachedApplicationIdentifier]\n    Jan 21 11:12:58 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [3edc9d98]: [CPDistributedNotificationCenter postNotificationName:userInfo:]: SBApplicationNotificationStateChanged: {\n          SBApplicationStateDisplayIDKey = \"com.apple.AppStore\";\n          SBApplicationStateKey = 2;\n          SBApplicationStateProcessIDKey = 5868;\n          SBMostElevatedStateForProcessID = 2;\n      }\n    Jan 21 11:12:58 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [3edc9d98]: [CPDistributedNotificationCenter postNotificationName:userInfo:toBundleIdentifier:]: SBApplicationNotificationStateChanged: {\n          SBApplicationStateDisplayIDKey = \"com.apple.AppStore\";\n          SBApplicationStateKey = 2;\n          SBApplicationStateProcessIDKey = 5868;\n          SBMostElevatedStateForProcessID = 2;\n      }: null\n    Jan 21 11:12:59 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [105d7000]: [SSDownloadManager _handleMessage:fromServerConnection:]: 0xe6920b0: 0xe007040\n    Jan 21 11:12:59 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [105d7000]: [SSDownloadManager _handleDownloadStatesChanged:]: 0xe6920b0\n    Jan 21 11:12:59 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [105d7000]: [SSDownloadManager _copyDownloads]\n    Jan 21 11:12:59 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [105d7000]: [SSDownload persistentIdentifier]\n    Jan 21 11:12:59 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [105d7000]: [SSDownload _addCachedPropertyValues:]: {\n          I = SSDownloadPhaseDownloading;\n      }\n    Jan 21 11:12:59 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [105d7000]: [SSDownload _applyPhase:toStatus:]: SSDownloadPhaseDownloading: \u003cSSDownloadStatus: 0xe6b8e80\u003e\n    Jan 21 11:12:59 unknown SpringBoard[5706] \u003cWarning\u003e: [itrace]: [105d7000]: [SSDownloadQueue downloadManager:downloadStatesDidChange:]: \u003cSSDownloadManager: 0x41ea60\u003e: (\n          \"\u003cSSDownload: 0xe6bd970\u003e: -4085275246093726486\"\n      )\n    ```\n\n####如何编译\n\n1. 编译ios版本：\n\n```bash\nxmake f -p iphoneos\nxmake \n```\n```bash\nxmake f -p iphoneos -a arm64\nxmake \n```\n\n2. 编译macosx版本：\n\n```bash\nxmake f -p macosx\nxmake \n```\n\n更详细的xmake使用，请参考：[xmake文档](http://xmake.io/#/zh/)\n\n依赖库介绍：[tbox](https://github.com/tboox/tbox/wiki)\n\n#### 联系方式\n\n* 邮箱：[waruqi@gmail.com](mailto:waruqi@gmail.com)\n* 主页：[TBOOX开源工程](http://www.tboox.org/cn)\n* QQ群：343118190(TBOOX开源工程), 260215194 (ihacker ios逆向分析)\n* 微信公众号：tboox-os\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhack0z%2Fitrace","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fhack0z%2Fitrace","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fhack0z%2Fitrace/lists"}