1.打开终端,运行
hdiutil attach /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/7.0/DeveloperDiskImage.dmg
2.拷贝debugserver
cp /Volumes/DeveloperDiskImage/usr/bin/debugserver ~/Desktop
3.切换到桌面
4.新建一个plist文件保存为e.plist
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>com.apple.springboard.debugapplications</key>
<true/>
<key>run-unsigned-code</key>
<true/>
<key>get-task-allow</key>
<true/>
<key>task_for_pid-allow</key>
<true/>
</dict>
</plist>
5.签名
codesign -s - --entitlements e.plist -f debugserver
6.拷贝debugserver到越狱iOS设备
scp debugserver root@192.168.2.112:~
7.ssh到ios设备
ssh -l root 192.168.2.112
8.运行debugserver,1245为线程id
./debugserver *:1234 -a 1245
9.在mac终端运行lldb
10.在lldb中运行命令
platform select remote-ios
process connect connect://192.168.2.112:1234