一直在看别人如何破解一个app,下面自己也尝试着学习怎么去破解一个app的密码,下面是完整的过程。
准备工作:
一台mac或者pc安装了ssh客户端
一台越狱的iphone
iphone上安装了openSSH
iphone上安装了gdb,请注意是这个:https://code.google.com/p/apiexplorer/downloads/list
iphone上安装了adv-cmds
1、编写CrackMe,并且编译到真机上面,因为我是越狱手机,所以不需要证书就能够真机调试,CrackMe的关键代码如下:
//
// ViewController.m
// CrackMe_1
//
// Created by test on 15-4-8.
// Copyright (c) 2015年 va. All rights reserved.
//
#import "ViewController.h"
@interface ViewController ()<UIAlertViewDelegate>
@property (nonatomic, strong) NSString *pass;
@property (nonatomic, strong) UITextField *passInputTextField;
@property (nonatomic, strong) UIButton *confirmButton;
@end
@implementation ViewController
- (void)viewDidLoad {
[super viewDidLoad];
_pass = @"123456";
_passInputTextField = [[UITextField alloc] init];
_passInputTextField.bounds = CGRectMake(0, 0, CGRectGetWidth(self.view.bounds), 30);
_passInputTextField.center = CGPointMake(self.view.center.x, self.view.center.y - 80);
_passInputTextField.layer.borderColor = [[UIColor blackColor] CGColor];
_passInputTextField.layer.borderWidth = 2;
[self.view addSubview:_passInputTextField];
_confirmButton = [[UIButton alloc] initWithFrame:CGRectMake(0, CGRectGetMaxY(_passInputTextField.frame) + 20, CGRectGetWidth(self.view.bounds), 30)];
[_confirmButton setTitle:@"确认" forState:UIControlStateNormal];
[_confirmButton setTitleColor:[UIColor blackColor] forState:UIControlStateNormal];
[_confirmButton addTarget:self action:@selector(checkPass:) forControlEvents:UIControlEventTouchUpInside];
_confirmButton.backgroundColor = [UIColor whiteColor];
[self.view addSubview:_confirmButton];
self.view.backgroundColor = [UIColor greenColor];
}
- (void)checkPass:(id)sender
{
if([_pass isEqualToString:_passInputTextField.text])
{
UIAlertView *alertView = [[UIAlertView alloc] initWithTitle:@"tips"
message:@"right"
delegate:self
cancelButtonTitle:nil
otherButtonTitles:@"确定", nil];
[alertView show];
}
else
{
UIAlertView *alertView = [[UIAlertView alloc] initWithTitle:@"tips"
message:@"wrong"
delegate:self
cancelButtonTitle:nil
otherButtonTitles:@"确定", nil];
[alertView show];
}
}
- (void)didReceiveMemoryWarning {
[super didReceiveMemoryWarning];
// Dispose of any resources that can be recreated.
}
- (void)alertView:(UIAlertView *)alertView clickedButtonAtIndex:(NSInteger)buttonIndex
{
}
@end
假设写死了密码,123456;用户输入123456弹出right提示,其它弹出wrong提示
界面如下:
二、用Hopper反汇编二进制文件
这里使用的是mac,也可以使用windows上面的IDA替代
左边已经能够看到关键的方法,定位到checkPass这个方法,可以看到跳转之前有一个字符串比较的操作,相对的我们可以在GDB找到这一行代码,下上断点
userdeMacBook-Air:machO user$ ssh root@xxx.xxx.xxx.xxx
The authenticity of host 'xxx.xxx.xxx.xxx (xxx.xxx.xxx.xxx)' can't be established.
RSA key fingerprint is b1:b3:2a:5b:4c:55:7c:0d:4c:fa:7e:ee:b7:27:c0:73.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added 'xxx.xxx.xxx.xxx' (RSA) to the list of known hosts.
root@xxx.xxx.xxx.xxx's password:
Permission denied, please try again.
root@xxx.xxx.xxx.xxx's password:
userde-iPhone:~ root# ps -ax|grep Crack
3181 ?? 0:00.52 /var/mobile/Applications/62B1E6C6-1AE8-43C7-B159-4D996BD57C49/CrackMe_1.app/CrackMe_1
3199 ttys001 0:00.01 grep Crack
userde-iPhone:~ root# gdb -p 3181
GNU gdb 6.3.50-20050815 (Apple version gdb-1821) (Fri Jun 29 08:41:41 UTC 2012)
Copyright 2004 Free Software Foundation, Inc.
GDB is free software, covered by the GNU General Public License, and you are
welcome to change it and/or distribute copies of it under certain conditions.
Type "show copying" to see the conditions.
There is absolutely no warranty for GDB. Type "show warranty" for details.
This GDB was configured as "arm-apple-darwin".
/private/var/root/3181: No such file or directory
Attaching to process 3181.
Reading symbols for shared libraries . done
bfd_mach_o_scan: unknown architecture 0x100000c/0x0
bfd_mach_o_scan: unknown architecture 0x100000c/0x0
bfd_mach_o_scan: unknown architecture 0x100000c/0x0
bfd_mach_o_scan: unknown architecture 0x100000c/0x0
bfd_mach_o_scan: unknown architecture 0x100000c/0x0
Reading symbols for shared libraries
warning: Could not find object file "/Users/user/Library/Developer/Xcode/DerivedData/CrackMe_1-elcszaunecqvufebksjmisdqgltl/Build/Intermediates/CrackMe_1.build/Debug-iphoneos/CrackMe_1.build/Objects-normal/armv7/ViewController.o" - no debug information available for "ViewController.m".
warning: Could not find object file "/Users/user/Library/Developer/Xcode/DerivedData/CrackMe_1-elcszaunecqvufebksjmisdqgltl/Build/Intermediates/CrackMe_1.build/Debug-iphoneos/CrackMe_1.build/Objects-normal/armv7/AppDelegate.o" - no debug information available for "AppDelegate.m".
warning: Could not find object file "/Users/user/Library/Developer/Xcode/DerivedData/CrackMe_1-elcszaunecqvufebksjmisdqgltl/Build/Intermediates/CrackMe_1.build/Debug-iphoneos/CrackMe_1.build/Objects-normal/armv7/main.o" - no debug information available for "main.m".
............................................................................................................................................................ done
bfd_mach_o_scan: unknown architecture 0x100000c/0x0
bfd_mach_o_scan: unknown architecture 0x100000c/0x0
bfd_mach_o_scan: unknown architecture 0x100000c/0x0
bfd_mach_o_scan: unknown architecture 0x100000c/0x0
bfd_mach_o_scan: unknown architecture 0x100000c/0x0
Reading symbols for shared libraries + done
0x3a147a50 in mach_msg_trap ()
(gdb) b -[ViewController checkPass:]
Breakpoint 1 at 0xc1576
(gdb) c
Continuing.
Breakpoint 1, 0x000c1576 in -[ViewController checkPass:] ()
(gdb) disas
Dump of assembler code for function -[ViewController checkPass:]:
0x000c156c <-[ViewController checkPass:]+0>: push {r4, r5, r6, r7, lr}
0x000c156e <-[ViewController checkPass:]+2>: add r7, sp, #12
0x000c1570 <-[ViewController checkPass:]+4>: stmdb sp!, {r8, r10}
0x000c1574 <-[ViewController checkPass:]+8>: sub sp, #136
0x000c1576 <-[ViewController checkPass:]+10>: add r3, sp, #124
0x000c1578 <-[ViewController checkPass:]+12>: movw r9, #0 ; 0x0
0x000c157c <-[ViewController checkPass:]+16>: movt r9, #0 ; 0x0
0x000c1580 <-[ViewController checkPass:]+20>: str r0, [sp, #132]
0x000c1582 <-[ViewController checkPass:]+22>: str r1, [sp, #128]
0x000c1584 <-[ViewController checkPass:]+24>: str.w r9, [sp, #124]
0x000c1588 <-[ViewController checkPass:]+28>: mov r0, r3
0x000c158a <-[ViewController checkPass:]+30>: mov r1, r2
0x000c158c <-[ViewController checkPass:]+32>: blx 0xc2fec <dyld_stub_objc_storeStrong>
0x000c1590 <-[ViewController checkPass:]+36>: movw r0, #6816 ; 0x1aa0
0x000c1594 <-[ViewController checkPass:]+40>: movt r0, #0 ; 0x0
0x000c1598 <-[ViewController checkPass:]+44>: add r0, pc
0x000c159a <-[ViewController checkPass:]+46>: ldr r0, [r0, #0]
0x000c159c <-[ViewController checkPass:]+48>: movw r1, #9252 ; 0x2424
0x000c15a0 <-[ViewController checkPass:]+52>: movt r1, #0 ; 0x0
0x000c15a4 <-[ViewController checkPass:]+56>: add r1, pc
0x000c15a6 <-[ViewController checkPass:]+58>: movw r2, #9294 ; 0x244e
0x000c15aa <-[ViewController checkPass:]+62>: movt r2, #0 ; 0x0
0x000c15ae <-[ViewController checkPass:]+66>: add r2, pc
0x000c15b0 <-[ViewController checkPass:]+68>: movw r3, #9280 ; 0x2440
0x000c15b4 <-[ViewController checkPass:]+72>: movt r3, #0 ; 0x0
0x000c15b8 <-[ViewController checkPass:]+76>: add r3, pc
0x000c15ba <-[ViewController checkPass:]+78>: ldr.w r9, [sp, #132]
0x000c15be <-[ViewController checkPass:]+82>: ldr r3, [r3, #0]
0x000c15c0 <-[ViewController checkPass:]+84>: add r3, r9
0x000c15c2 <-[ViewController checkPass:]+86>: ldr r3, [r3, #0]
0x000c15c4 <-[ViewController checkPass:]+88>: ldr.w r9, [sp, #132]
0x000c15c8 <-[ViewController checkPass:]+92>: ldr r2, [r2, #0]
0x000c15ca <-[ViewController checkPass:]+94>: add r2, r9
0x000c15cc <-[ViewController checkPass:]+96>: ldr r2, [r2, #0]
0x000c15ce <-[ViewController checkPass:]+98>: ldr r1, [r1, #0]
0x000c15d0 <-[ViewController checkPass:]+100>: str r0, [sp, #112]
0x000c15d2 <-[ViewController checkPass:]+102>: mov r0, r2
0x000c15d4 <-[ViewController checkPass:]+104>: ldr r2, [sp, #112]
0x000c15d6 <-[ViewController checkPass:]+106>: str r3, [sp, #108]
0x000c15d8 <-[ViewController checkPass:]+108>: blx r2
0x000c15da <-[ViewController checkPass:]+110>: mov r7, r7
0x000c15dc <-[ViewController checkPass:]+112>: blx 0xc2fe8 <dyld_stub_objc_retainAutoreleasedReturnValue>
0x000c15e0 <-[ViewController checkPass:]+116>: movw r1, #6736 ; 0x1a50
0x000c15e4 <-[ViewController checkPass:]+120>: movt r1, #0 ; 0x0
0x000c15e8 <-[ViewController checkPass:]+124>: add r1, pc
0x000c15ea <-[ViewController checkPass:]+126>: ldr r1, [r1, #0]
0x000c15ec <-[ViewController checkPass:]+128>: movw r2, #9176 ; 0x23d8
0x000c15f0 <-[ViewController checkPass:]+132>: movt r2, #0 ; 0x0
0x000c15f4 <-[ViewController checkPass:]+136>: add r2, pc
0x000c15f6 <-[ViewController checkPass:]+138>: ldr r2, [r2, #0]
0x000c15f8 <-[ViewController checkPass:]+140>: ldr r3, [sp, #108]
0x000c15fa <-[ViewController checkPass:]+142>: str r0, [sp, #104]
0x000c15fc <-[ViewController checkPass:]+144>: mov r0, r3
0x000c15fe <-[ViewController checkPass:]+146>: str r1, [sp, #100]
0x000c1600 <-[ViewController checkPass:]+148>: mov r1, r2
0x000c1602 <-[ViewController checkPass:]+150>: ldr r2, [sp, #104]
0x000c1604 <-[ViewController checkPass:]+152>: ldr r3, [sp, #100]
0x000c1606 <-[ViewController checkPass:]+154>: blx r3
0x000c1608 <-[ViewController checkPass:]+156>: ldr r1, [sp, #104]
0x000c160a <-[ViewController checkPass:]+158>: str r0, [sp, #96]
0x000c160c <-[ViewController checkPass:]+160>: mov r0, r1
0x000c160e <-[ViewController checkPass:]+162>: blx 0xc2fe0 <dyld_stub_objc_release>
0x000c1612 <-[ViewController checkPass:]+166>: ldr r0, [sp, #96]
0x000c1614 <-[ViewController checkPass:]+168>: sxtb r1, r0
0x000c1616 <-[ViewController checkPass:]+170>: cmp r1, #0
0x000c1618 <-[ViewController checkPass:]+172>: beq.n 0xc16e2 <-[ViewController checkPass:]+374>
0x000c161a <-[ViewController checkPass:]+174>: movs r0, #0
0x000c161c <-[ViewController checkPass:]+176>: movt r0, #0 ; 0x0
0x000c1620 <-[ViewController checkPass:]+180>: add r1, sp, #120
0x000c1622 <-[ViewController checkPass:]+182>: movw r2, #6670 ; 0x1a0e
0x000c1626 <-[ViewController checkPass:]+186>: movt r2, #0 ; 0x0
0x000c162a <-[ViewController checkPass:]+190>: add r2, pc
0x000c162c <-[ViewController checkPass:]+192>: ldr r2, [r2, #0]
0x000c162e <-[ViewController checkPass:]+194>: mov r3, r2
0x000c1630 <-[ViewController checkPass:]+196>: movw r9, #9116 ; 0x239c
0x000c1634 <-[ViewController checkPass:]+200>: movt r9, #0 ; 0x0
0x000c1638 <-[ViewController checkPass:]+204>: add r9, pc
0x000c163a <-[ViewController checkPass:]+206>: movw r12, #6686 ; 0x1a1e
0x000c163e <-[ViewController checkPass:]+210>: movt r12, #0 ; 0x0
0x000c1642 <-[ViewController checkPass:]+214>: add r12, pc
0x000c1644 <-[ViewController checkPass:]+216>: movw lr, #6692 ; 0x1a24
0x000c1648 <-[ViewController checkPass:]+220>: movt lr, #0 ; 0x0
0x000c164c <-[ViewController checkPass:]+224>: add lr, pc
0x000c164e <-[ViewController checkPass:]+226>: movw r4, #6698 ; 0x1a2a
0x000c1652 <-[ViewController checkPass:]+230>: movt r4, #0 ; 0x0
0x000c1656 <-[ViewController checkPass:]+234>: add r4, pc
0x000c1658 <-[ViewController checkPass:]+236>: mov r5, r2
0x000c165a <-[ViewController checkPass:]+238>: movw r6, #9070 ; 0x236e
0x000c165e <-[ViewController checkPass:]+242>: movt r6, #0 ; 0x0
0x000c1662 <-[ViewController checkPass:]+246>: add r6, pc
0x000c1664 <-[ViewController checkPass:]+248>: movw r8, #8964 ; 0x2304
0x000c1668 <-[ViewController checkPass:]+252>: movt r8, #0 ; 0x0
0x000c166c <-[ViewController checkPass:]+256>: add r8, pc
0x000c166e <-[ViewController checkPass:]+258>: movw r10, #9078 ; 0x2376
0x000c1672 <-[ViewController checkPass:]+262>: movt r10, #0 ; 0x0
0x000c1676 <-[ViewController checkPass:]+266>: add r10, pc
0x000c1678 <-[ViewController checkPass:]+268>: ldr.w r10, [r10]
0x000c167c <-[ViewController checkPass:]+272>: ldr.w r8, [r8]
0x000c1680 <-[ViewController checkPass:]+276>: str r0, [sp, #92]
0x000c1682 <-[ViewController checkPass:]+278>: mov r0, r10
0x000c1684 <-[ViewController checkPass:]+280>: str r1, [sp, #88]
0x000c1686 <-[ViewController checkPass:]+282>: mov r1, r8
0x000c1688 <-[ViewController checkPass:]+284>: str r4, [sp, #84]
0x000c168a <-[ViewController checkPass:]+286>: str r5, [sp, #80]
0x000c168c <-[ViewController checkPass:]+288>: str r6, [sp, #76]
0x000c168e <-[ViewController checkPass:]+290>: str r3, [sp, #72]
0x000c1690 <-[ViewController checkPass:]+292>: str.w r9, [sp, #68]
0x000c1694 <-[ViewController checkPass:]+296>: str.w r12, [sp, #64]
0x000c1698 <-[ViewController checkPass:]+300>: str.w lr, [sp, #60]
0x000c169c <-[ViewController checkPass:]+304>: blx r2
0x000c169e <-[ViewController checkPass:]+306>: ldr r1, [sp, #132]
0x000c16a0 <-[ViewController checkPass:]+308>: ldr r2, [sp, #76]
0x000c16a2 <-[ViewController checkPass:]+310>: ldr r3, [r2, #0]
0x000c16a4 <-[ViewController checkPass:]+312>: str r1, [sp, #56]
0x000c16a6 <-[ViewController checkPass:]+314>: mov r1, r3
0x000c16a8 <-[ViewController checkPass:]+316>: ldr r2, [sp, #64]
0x000c16aa <-[ViewController checkPass:]+318>: ldr r3, [sp, #60]
0x000c16ac <-[ViewController checkPass:]+320>: ldr.w r9, [sp, #56]
0x000c16b0 <-[ViewController checkPass:]+324>: str.w r9, [sp]
0x000c16b4 <-[ViewController checkPass:]+328>: ldr.w r12, [sp, #92]
0x000c16b8 <-[ViewController checkPass:]+332>: str.w r12, [sp, #4]
0x000c16bc <-[ViewController checkPass:]+336>: ldr.w lr, [sp, #84]
0x000c16c0 <-[ViewController checkPass:]+340>: str.w lr, [sp, #8]
0x000c16c4 <-[ViewController checkPass:]+344>: str.w r12, [sp, #12]
0x000c16c8 <-[ViewController checkPass:]+348>: ldr r4, [sp, #80]
0x000c16ca <-[ViewController checkPass:]+350>: blx r4
0x000c16cc <-[ViewController checkPass:]+352>: str r0, [sp, #120]
0x000c16ce <-[ViewController checkPass:]+354>: ldr r0, [sp, #120]
0x000c16d0 <-[ViewController checkPass:]+356>: ldr r1, [sp, #68]
0x000c16d2 <-[ViewController checkPass:]+358>: ldr r1, [r1, #0]
0x000c16d4 <-[ViewController checkPass:]+360>: ldr r2, [sp, #72]
0x000c16d6 <-[ViewController checkPass:]+362>: blx r2
0x000c16d8 <-[ViewController checkPass:]+364>: ldr r0, [sp, #88]
0x000c16da <-[ViewController checkPass:]+366>: ldr r1, [sp, #92]
0x000c16dc <-[ViewController checkPass:]+368>: blx 0xc2fec <dyld_stub_objc_storeStrong>
0x000c16e0 <-[ViewController checkPass:]+372>: b.n 0xc17a8 <-[ViewController checkPass:]+572>
0x000c16e2 <-[ViewController checkPass:]+374>: movs r0, #0
0x000c16e4 <-[ViewController checkPass:]+376>: movt r0, #0 ; 0x0
0x000c16e8 <-[ViewController checkPass:]+380>: add r1, sp, #116
0x000c16ea <-[ViewController checkPass:]+382>: movw r2, #6470 ; 0x1946
0x000c16ee <-[ViewController checkPass:]+386>: movt r2, #0 ; 0x0
0x000c16f2 <-[ViewController checkPass:]+390>: add r2, pc
0x000c16f4 <-[ViewController checkPass:]+392>: ldr r2, [r2, #0]
0x000c16f6 <-[ViewController checkPass:]+394>: mov r3, r2
0x000c16f8 <-[ViewController checkPass:]+396>: movw r9, #8916 ; 0x22d4
0x000c16fc <-[ViewController checkPass:]+400>: movt r9, #0 ; 0x0
0x000c1700 <-[ViewController checkPass:]+404>: add r9, pc
0x000c1702 <-[ViewController checkPass:]+406>: movw r12, #6486 ; 0x1956
0x000c1706 <-[ViewController checkPass:]+410>: movt r12, #0 ; 0x0
0x000c170a <-[ViewController checkPass:]+414>: add r12, pc
0x000c170c <-[ViewController checkPass:]+416>: movw lr, #6524 ; 0x197c
0x000c1710 <-[ViewController checkPass:]+420>: movt lr, #0 ; 0x0
0x000c1714 <-[ViewController checkPass:]+424>: add lr, pc
0x000c1716 <-[ViewController checkPass:]+426>: movw r4, #6498 ; 0x1962
0x000c171a <-[ViewController checkPass:]+430>: movt r4, #0 ; 0x0
0x000c171e <-[ViewController checkPass:]+434>: add r4, pc
0x000c1720 <-[ViewController checkPass:]+436>: mov r5, r2
0x000c1722 <-[ViewController checkPass:]+438>: movw r6, #8870 ; 0x22a6
0x000c1726 <-[ViewController checkPass:]+442>: movt r6, #0 ; 0x0
0x000c172a <-[ViewController checkPass:]+446>: add r6, pc
0x000c172c <-[ViewController checkPass:]+448>: movw r8, #8764 ; 0x223c
0x000c1730 <-[ViewController checkPass:]+452>: movt r8, #0 ; 0x0
0x000c1734 <-[ViewController checkPass:]+456>: add r8, pc
0x000c1736 <-[ViewController checkPass:]+458>: movw r10, #8878 ; 0x22ae
0x000c173a <-[ViewController checkPass:]+462>: movt r10, #0 ; 0x0
0x000c173e <-[ViewController checkPass:]+466>: add r10, pc
0x000c1740 <-[ViewController checkPass:]+468>: ldr.w r10, [r10]
0x000c1744 <-[ViewController checkPass:]+472>: ldr.w r8, [r8]
0x000c1748 <-[ViewController checkPass:]+476>: str r0, [sp, #52]
0x000c174a <-[ViewController checkPass:]+478>: mov r0, r10
0x000c174c <-[ViewController checkPass:]+480>: str r1, [sp, #48]
0x000c174e <-[ViewController checkPass:]+482>: mov r1, r8
0x000c1750 <-[ViewController checkPass:]+484>: str r4, [sp, #44]
0x000c1752 <-[ViewController checkPass:]+486>: str r5, [sp, #40]
0x000c1754 <-[ViewController checkPass:]+488>: str r6, [sp, #36]
0x000c1756 <-[ViewController checkPass:]+490>: str r3, [sp, #32]
0x000c1758 <-[ViewController checkPass:]+492>: str.w r9, [sp, #28]
0x000c175c <-[ViewController checkPass:]+496>: str.w r12, [sp, #24]
0x000c1760 <-[ViewController checkPass:]+500>: str.w lr, [sp, #20]
0x000c1764 <-[ViewController checkPass:]+504>: blx r2
0x000c1766 <-[ViewController checkPass:]+506>: ldr r1, [sp, #132]
0x000c1768 <-[ViewController checkPass:]+508>: ldr r2, [sp, #36]
0x000c176a <-[ViewController checkPass:]+510>: ldr r3, [r2, #0]
0x000c176c <-[ViewController checkPass:]+512>: str r1, [sp, #16]
0x000c176e <-[ViewController checkPass:]+514>: mov r1, r3
0x000c1770 <-[ViewController checkPass:]+516>: ldr r2, [sp, #24]
0x000c1772 <-[ViewController checkPass:]+518>: ldr r3, [sp, #20]
0x000c1774 <-[ViewController checkPass:]+520>: ldr.w r9, [sp, #16]
0x000c1778 <-[ViewController checkPass:]+524>: str.w r9, [sp]
0x000c177c <-[ViewController checkPass:]+528>: ldr.w r12, [sp, #52]
0x000c1780 <-[ViewController checkPass:]+532>: str.w r12, [sp, #4]
0x000c1784 <-[ViewController checkPass:]+536>: ldr.w lr, [sp, #44]
0x000c1788 <-[ViewController checkPass:]+540>: str.w lr, [sp, #8]
0x000c178c <-[ViewController checkPass:]+544>: str.w r12, [sp, #12]
0x000c1790 <-[ViewController checkPass:]+548>: ldr r4, [sp, #40]
0x000c1792 <-[ViewController checkPass:]+550>: blx r4
0x000c1794 <-[ViewController checkPass:]+552>: str r0, [sp, #116]
0x000c1796 <-[ViewController checkPass:]+554>: ldr r0, [sp, #116]
0x000c1798 <-[ViewController checkPass:]+556>: ldr r1, [sp, #28]
0x000c179a <-[ViewController checkPass:]+558>: ldr r1, [r1, #0]
0x000c179c <-[ViewController checkPass:]+560>: ldr r2, [sp, #32]
0x000c179e <-[ViewController checkPass:]+562>: blx r2
0x000c17a0 <-[ViewController checkPass:]+564>: ldr r0, [sp, #48]
0x000c17a2 <-[ViewController checkPass:]+566>: ldr r1, [sp, #52]
0x000c17a4 <-[ViewController checkPass:]+568>: blx 0xc2fec <dyld_stub_objc_storeStrong>
0x000c17a8 <-[ViewController checkPass:]+572>: add r0, sp, #124
0x000c17aa <-[ViewController checkPass:]+574>: movs r1, #0
0x000c17ac <-[ViewController checkPass:]+576>: movt r1, #0 ; 0x0
0x000c17b0 <-[ViewController checkPass:]+580>: blx 0xc2fec <dyld_stub_objc_storeStrong>
0x000c17b4 <-[ViewController checkPass:]+584>: add sp, #136
0x000c17b6 <-[ViewController checkPass:]+586>: ldmia.w sp!, {r8, r10}
0x000c17ba <-[ViewController checkPass:]+590>: pop {r4, r5, r6, r7, pc}
End of assembler dump.
(gdb) b *0x000c1606
Breakpoint 2 at 0xc1606
(gdb) c
Continuing.
Breakpoint 2, 0x000c1606 in -[ViewController checkPass:] ()
(gdb) po $r0
123456
(gdb) po $r1
0x3226c9af does not appear to point to a valid object.
(gdb) po $r2
<object returned empty description>
(gdb) po $r3
0x39baf621 does not appear to point to a valid object.
(gdb)
在 0x000c1606下断点继续跑,断下之后可以看到r0寄存器中存放的是password