I. Reveal use steps
1. Start Reveal---help--Show Reveal Library in Finder, drag to add reveal.framework to the project.
Select Copy items into Destination Group's folder (if needed) and the current targets.
Expand View Reveal.framework all H files are correctly added to the project;
Ensure that the summary--> Linked frameworks and libraries directory contains the following three frameworks
Reveal.framework
Cfnetwork.framework
Quartzcore.framework
Coregraphics.framework
Set command in 2.TARGETS
TARGETS--Settings--and other Linker Flags--Add Commands-OBJC
3. Since reveal only supports IOS6, the minimum version of the program should be selected as iOS6.1
Bulid Setting--IOS Deployment Target-->ios6.1
4. Run the program, switch to reveal, the upper left section drop-down box to select the currently running program can be operated.
If not yet go directly to the Crossing Web Tutorial!
Http://support.revealapp.com/kb/getting-started/integrating-reveal-with-your-ios-app
Crack Revealapp's trial time limit
Original address: http://jingwei6.me/2014/02/28/reveal_crack.html
Revealapp is a powerful tool for analyzing the UI structure of iOS apps, and the 89-knife price is also worth it. This article analyzes its trial version of the time limit, just for learning, if always use, or buy a licence support it.
The trial version has a 30-day time limit, and since it is a 30-day time limit, it is sure to read the current time each time it is started. So the simplest way to hack is to modify the system time. If this method is acceptable, you don't have to look down.
If your work relies heavily on calendar, the way to modify system time is unacceptable. The following tracing process includes a discussion of the representation of double-precision floating-point numbers in memory, the OBJC object model, and, if not interested, jumping directly to the end of the article to see the Final solution.
The beginning of the attempt
Using Dtruss to see the start of the call Syscall, there is no network communication, the installation time of the app can not be read from the network, then this time is certainly written in the local file system.
Opensnoop looked at the start of the reveal read all the files, there is no place to pay attention to. The final findings confirm that this idea ignores the problem that an app reading a file is not necessarily open by itself, it can be interprocess communication.
After these simple attempts fail, you can only honestly analyze the code.
Start with the keyword
The trial version of reveal has a reminder to try the remaining time information in the upper right corner of the window "free trial ends in xx days" (I think this is not a good design, this sentence seems to provoke the user at all times: "Come on, you come to hack Me"). "Trial" is a keyword that I am interested in, except in the data section can certainly find this keyword, perhaps in the OBJC runtime type system can also have unexpected harvest. Indeed, reveal did not obfuscate the type information and found it in the Class-dump generated header file:
-[ibaregistrationpreferencesviewcontroller messagefortrialdaysremaining: (Long Long) arg1]
From the function name it should be the generation of a trial time remaining string.
On GDB, single-step tracking,
0X000000010008BD34 Push RBP
0x000000010008bd3f move RBX, RDX; RDX is the remaining trial days, which is the function parameter arg1
Take this as a breach, find the following small snippet of code.
0X00000001000872CD Call 0X100086EC2
0X00000001000872D2 mov rcx, Rax; The number of days that the previous function returned in Rax
0X00000001000872D7 mov eax, 0x1e; 0x1e=30 30-Day limit
0X00000001000872DC Sub Rax, RCX; 30 minus the number of days that have elapsed, minus is the number of days left.
Further down, the data that needs to be analyzed is no longer like an integer such as "days", but rather an object such as the software installation date NSDate, the feature is not obvious. So it is necessary to be clear nsdate the date representation of this object.
In-Memory NSDate objects
The NSDate object should have two fields, and the first "IsA" is a type pointer for all OBJC objects, pointing to the NSDate type object. The second is a double-precision floating-point number that represents the time interval from January 1, 2001 to the present, in seconds.
Pointer:isa |
Double: _timeintervalsincereferencedate |
In fact, the ISA pointer is the feature of the NSDate object, and all NSDate objects start with the same 8 bytes. The second field is a floating-point number, which is converted to a date in two steps.
The first step is to convert the hexadecimal floating-point number to decimal
Double-precision floating-point numbers are made up of 8 bytes, 1 bits represent symbols, 11 bits represent exponents, and the remaining 52 bits are used to represent the base.
Python makes it easy to convert 8-byte hexadecimal floating-point numbers to decimal numbers:
Struct.unpack (' <d ', ' c3b72c7a9ebfb841 '. Decode (' hex ')) [0]
In GDB, you can use the command directly
P * (double*) (nsdate pointer address +8)
Second step, the number of seconds converted to a date
NSDate *date = [NSDate datewithtimeintervalsincereferencedate:415285808.20822901];
NSLog (@ "\n%@", date);
Using the method above, you can check the NSDate object in memory and the date it represents when you are tracking the assembly code. (It takes a bit of patience)
Finally, the first time the installation of reveal is found in memory, the function in which it is located is clearly responsible for converting a magic number somewhere in the file to the Software installation date.
But unexpectedly, this imaginary magic number is not magic, it is only one of the plist files that exist in user default, and is the hexadecimal representation of the double-precision floating-point number of the installation date.
Conclusion
So, to try reveal permanently, just open
~/library/preferences/com.ittybittyapps.reveal.plist
Just remove the ibaapplicationpersistencedata.
iOS Development journal 23-reveal use steps