ykus4/shirayuki

# ❄️ Shirayuki

适用于越狱 iOS 的应用内内存工具包悬浮窗

## 这是什么？ Shirayuki 会将一个**悬浮面板**注入到越狱 iPhone 上的任何应用中。每次会话无需 respring —— 只需点击雪花按钮即可开始 hack。 ``` ┌─────────────────────────────────────────────┐ │ Target App │ │ │ │ ┌──────────────────────┐ │ │ │ ❄️ Shirayuki Panel │ │ │ │ ┌──┬──┬──┬──┬──┬──┐│ │ │ │ │🔍│🔧│🔒│👁│🌿│💾││ │ │ │ └──┴──┴──┴──┴──┴──┘│ │ │ │ [Search tab shown] │ │ │ │ > int32 [ Scan ] │ │ │ │ 0x1A2B3C4D = 100 │ │ │ │ 0x1A2B3C50 = 100 │ │ │ └──────────────────────┘ │ │ ❄️ ←drag │ └─────────────────────────────────────────────┘ ``` ## 功能特性 ### 🔍 搜索与缩小范围 ``` First scan → Narrow: Changed → Narrow: Exact 42 ────────────── ────────────────── ──────────────── 2000 results 87 results 3 results 0x1A001234 0x1A001234 0x1A001234 ✓ 0x1A001238 0x1A001238 0x1A005580 ✓ 0x1A001240 ... 0x1B000020 ✓ ... ``` | 类型 | 输入示例 | |---|---| | `int32` `int16` `int64` | `100` | | `float` `double` | `3.14` | | `hex` (IDA 模式) | `FF 43 01 D1 ?? ?? ??` | | `string` | `PlayerName` | | `regex` | `HP:[0-9]+` | ### 🔧 修改 + 撤销/重做 ``` Address Original Patched State ──────────── ────────────── ────────────── ────── 0x1A001234 FF 43 01 D1 1F 20 03 D5 ✅ ON 0x1A005580 E0 03 00 AA 1F 20 03 D5 ⏸ OFF ↑ auto backup ↑ toggle [Undo] → restore last patch [Redo] → reapply ``` ### 🔒 锁定 + 自增 ``` 0x1A001234 = 99999 (float) [FROZEN] ← tap to pause 0x1A001238 = 1 (int32) [INC +1] ← auto-increment each tick 0x1A00123C = 100 (int32) [PAUSED] ← frozen but inactive ``` ### 👁 监视 (实时差异) ``` 0x1A001234 float 42.0 → 43.0 ▲ (changed 7x) 0x1A001238 int32 99 → 99 · (unchanged) 0x1A00123C int32 0 → 255 ▲ (changed 1x) ``` ### 🌂 指针扫描 ``` Target: 0x1A001234 Chain 1: [UnityFramework + 0x1234AB] → +0x10 → +0x28 → +0x00 ✓ Chain 2: [GameLib + 0xABCD00] → +0x08 → +0x00 ✓ Chain 3: [GameLib + 0xABCD10] → +0x08 → +0x00 ?? ``` ### 💾 十六进制转储与反汇编 ``` 0xADDR len → hex dump 0xADDR asm → ARM64 disassembly 0x1A001234 FF 43 01 D1 STP x29, x30, [sp, #-0x10]! 0x1A001238 FD 03 00 91 MOV x29, sp 0x1A00123C 1F 20 03 D5 NOP ← long-press to NOP ``` ## 快速入门 ``` # 设置设备 IP export THEOS_DEVICE_IP=192.168.x.x # Build + install + respring make package install ``` 要限制 Shirayuki 注入到哪些应用，请编辑 `Shirayuki.plist`： ``` Bundles com.example.targetapp ``` ## 编程 API ``` using namespace Shirayuki; // Pattern scan auto img = Image::find("UnityFramework"); auto hits = Scanner::findPatternInImage(img, "FF 43 01 D1 ?? ?? ??"); // Patch (NOP 2 instructions) Patch::createNop(Image::absoluteAddress(img, 0x123456), 2).apply(); // Value search auto results = Scanner::findValue(region.start, region.size, 99.0f); // Freeze FreezeManager::shared().addValue(addr, 99999.0f); FreezeManager::shared().start(16); // 16ms tick // Watch WatchManager::shared().add(addr, ValueType::Float32); WatchManager::shared().setCallback([](const WatchEntry &e) { // e.previousValue, e.currentValue, e.changeCount }); // Pointer scan PointerScanConfig cfg{ .targetAddress = addr, .maxDepth = 3 }; auto chains = PointerScanner::scan(cfg); // Session SessionManager::save(session, SessionManager::autoSavePath("com.example.app")); ``` ## 项目结构 ``` shirayuki/ ├── Tweak/Tweak.xm ← injection entry (Logos) ├── ShirayukiMemory/ │ ├── ShirayukiMemory.hpp/cpp ← Mach VM, scan, patch, disasm │ ├── Freeze.hpp/cpp ← value locker + auto-increment │ ├── Watchpoint.hpp/cpp ← polling monitor │ ├── PointerScan.hpp/cpp ← chain finder │ └── Session.hpp/mm ← JSON persistence └── GUI/ ├── ShirayukiViewController.mm ← main panel + tab routing ├── SYTheme / SYToast / SYDragButton └── Handlers/ ├── SYScanHelper.cpp ← C++ isolation layer ├── SYSearchHandler.mm ← search + narrow + batch ├── SYPatchHandler.mm ← patch + undo/redo ├── SYFreezeHandler.mm ← freeze + auto-increment ├── SYWatchHandler.mm ← watchpoints ├── SYPointerHandler.mm ← pointer chains └── SYDumpHandler.mm ← hex dump + disassembly ``` ## CI / 发布 | 工作流 | 触发条件 | 产物 | |---|---|---| | **Build** | push / PR → `main`, `dev` | 产物 `.deb` + PR 评论 | | **Format** | push / PR | clang-format 检查 | | **Release** | `git tag v*` | 附带 `.deb` 的 GitHub Release | ``` # 发布 release git tag v0.2.0 && git push origin v0.2.0 ``` 开发构建会自动以 `0.1.0-dev.N+sha7` 格式进行版本控制。 ## 环境要求 - 越狱的 iOS 15.0+ arm64 - [Theos](https://theos.dev) - Substrate 或 Substitute

标签：APP调试, Arm64, Homebrew安装, Hook注入, iOS越狱, iOS越狱插件, Objective-C++, 二进制补丁, 云资产清单, 内存修改器, 内存修改器开源, 内存冻结, 内存工具包, 内存扫描, 内存搜索, 内存补丁, 悬浮窗GUI, 指针扫描, 游戏破解, 游戏辅助, 运行时修改, 进程内存读写, 逆向工程