Curtain

you are the One of most willing to help others,thx

support 64bit？

i`ve found this,but without "MOVS R1, #0x1F", and is it must me the same as "MOVS R1, #0x1F" ADD R7, SP, #0xC STMFD SP!, {R8,R10} SUB SP, SP, #0x20C BIC SP, SP, #7 MOV R5, R1 MOV R1, #0x1EC------->is this correct one?? MOV R6, R0 STR R1, [sP,#0x220+var_28] MOV R0, R5 ; void * MOV R1, #0 ; int MOV R4, R2 BL _memset MOV R0, #1 MOV R1, #0xE STR R0, [sP,#0x220+var_24] MOV R8, #0 STR R1, [sP,#0x220+var_20] MOV R1, #4 ; u_int STR R0, [sP,#0x220+var_1C] ADD R0, SP, #0x220+var_24 ; int * STR R6, [sP,#0x220+var_18] ADD R6, SP, #0x220+var_218 ADD R3, SP, #0x220+var_28 ; size_t * STR R8, [sP,#0x220+var_220] ; void * MOV R2, R6 ; void * STR R8, [sP,#0x220+var_21C] ; size_t BL _sysctl CMP R0, #0 BLT loc_19531E4

@@DiDA i got address "0x31b68e78" of ptrace follow your way.and i load binary to IDA,then i try to search for it.but there isnt the address which i found.any ideas ? "Breakpoint 1 at 0x31b68e78 Pending breakpoint 1 - "ptrace" resolved warning: Unrecognized osabi 0 in arm_set_osabi_from_host_info"

@@Valeschi have u solved it？ @@Valeschi

thx

The answer turned out here again. Thanks@DiDA thanks @DiDAthanks@DiDA Lock has been resolved

i use iphone`s templates copy into mac,its work ,but modify again ,still errors so can u teach me how to modify ，little tutorial is best .thanks

http://prntscr.com/73pawo no ,its here always

MacBook-Pro:~ zzmutu$ ssh [email protected] [email protected]'s password: Fruit:~ root# cd /var/mobile/projects Fruit:/var/mobile/projects root# /var/theos/bin/nic.pl NIC 2.0 - New Instance Creator ------------------------------ [1.] iphone/application [2.] iphone/library [3.] iphone/tool ------------------------------------------------------------ MacBook-Pro:projects zzmutu$ ssh [email protected] [email protected]'s password: Fruit:~ root# cd /var/mobile/projects Fruit:/var/mobile/projects root# /var/theos/bin/nicify.pl ./ [error] No control file found at NIC/control. Fruit:/var/mobile/projects root#

yes.i have installed theos in my iphone and ipad

MacBook-Pro:projects zzmutu$ /opt/theos/bin/nicify.pl ./ Use of my $_ is experimental at /opt/theos/bin/nicify.pl line 76. Use of my $_ is experimental at /opt/theos/bin/nicify.pl line 77. Use of my $_ is experimental at /opt/theos/bin/nicify.pl line 88. [error] No control file found at NIC/control. MacBook-Pro:projects zzmutu$

give me another errors MacBook-Pro:~ zzmutu$ cd /Users/zzmutu/projects MacBook-Pro:projects zzmutu$ /opt/theos/bin/nicify.pl Use of my $_ is experimental at /opt/theos/bin/nicify.pl line 76. Use of my $_ is experimental at /opt/theos/bin/nicify.pl line 77. Use of my $_ is experimental at /opt/theos/bin/nicify.pl line 88. [error] Syntax: nicify.pl <directory> MacBook-Pro:projects zzmutu$

i know your means but i am on MAC ,run this cd /Users/zzmutu/projects /opt/theos/bin/nic.pl then appear that: MacBook-Pro:~ zzmutu$ cd /Users/zzmutu/projects MacBook-Pro:projects zzmutu$ /opt/theos/bin/nic.pl NIC 2.0 - New Instance Creator ------------------------------ [1.] iphone/application [2.] iphone/library [3.] iphone/tool btw ,it is work fine before i modified

use instructions "tar zcvf tweak.nic.tar tweak.nic"

still not work

yes,all of contrl http://prntscr.com/73opea

i follow u ,but useless name “zzmutu/tweak" constrain file "control" to package constrain "theos" to link_theos

this is my modified contrl : name "iphone/tweak" constrain file "control" to package constrain "theos" to link_theos is it right ?

I modified "tweak.nic.tar"the template, when i create a project not displayed “tweak”option. http://prntscr.com/73o76qhttp://prntscr.com/73o7n5 @DiDA

ye. but today i try to debug arm64 binary. i found both instruction and register are different from armv7. when i attaching it with GDB ,it give me errors. hope you make a tut for this.

@ “send thinned bin to user then it works” you say is only one way to do this for 64bit device ?

If i use this tool, the problem should still exist，so i think this tool does not solve my problem. you mean original bin offset is different from the thinned one but original one cannt debug,is any way to debug orig bin ?

Still not clear I was hoping to use the original binary users can still work Can you detail? Thanks @

We know now the game is mostly arm64, armv7, then I thin binaries to armv7, debugging compiler patches. After testing, it can properly work on a thin patch over the device but does not work in the original binary patch. The person who can help me, I would be very grateful. My question is whether I can work on original（no thin） tweak binary？