Jump to content

18 posts in this topic

Recommended Posts

Posted

Hi everyone,

 

first of all I wish you an happy hacking year !  (y)

I'm very new in reverse engineering / debugging / iOS so excuse me for my newbie's questions. 

 

 

Context:
[everything was tried on iOS 9.3.2 AND iOS 8.2]

I need to understand how an application generates its tokens passed through http headers. So, I disassembled it using Hopper I dumped all .header files and I then logged a lot of informations during runtime by hooking some functions to understand the process of 'how an authenticated http request is generated'. Now I almost know which function exactly generates which token, I need to go ahead and understand the way of a particular token is generated to be able to reproduce it. It seems that using lldb to set breakpoints and then dump the register's value at some step of the runtime could be the best way to achieve my goals, right ? 

The steps I followed in order to use lldb are : 

- decrypt the app using Clutch2 and download it on my desktop
- install debug server and all stuff
- thin the binary
- set the thinned binary as lldb target
- install the decrypted binary.ipa in the iPhone (I tried both with a decrypted version and the normal app store version)
- set breakpoint: fail

 

My problem:

After having followed a lot of tutorials on it, I still don't get it to work.
It's impossible to set breakpoint using a method name like: 

(lldb): b -[ClassName methodCalled:]
// found on this tuts : http://highaltitudehacks.com/2015/05/17/ios-application-security-part-43-fat-binaries-and-lldb-usage-continued/
// does not work for me

lldb says that the breakpoint can't be set, exactly as I've not "targeted" the binary.
Plus, I don't really understand how to set a breakpoint using the memory address. Removing ASLR, finding memory addresses offset are just notions that brainf**ked me!

Could someone help me by sending me a precise routine and more informations about ASLR, memory offset or other useful stuff? 

PS: I read a lot of article on the web and also on this forum and some of them are just impossible to understand for a beginner like me... Please try to be "clear" :) 

Thank you a lot guys ! :)

 

Posted (edited)

attach process?

that and have you set permissions? (chmod 777)

 

Thank you for your answer. I'm note sure about the meaning of your question but I'll try to answer: 

- of course I attach the process on iPhone side when I run debug server and then I do the following commands: 

// iphone side
debugserver *:6666 -a <processNameOrId>


// desktop side
$ lldb
(lldb) platform select remote-ios
(lldb) target create --arch arm /path/to/my/decrypted/bin
(lldb) process connect connect://myIp:port

--> everything is going fine here : debug server starts etc...

 

Could you precise your idea about "permissions" ? 

- debug server has the good permissions

- my local decrypted binaries has read permissions 

 

Any idea ? 

Updated by babbunatale
Posted (edited)

Binary needs read write and execute on all 3. Thats why we use chmod 777 to give it those permissions.

 

Usually if its saying that it cant choose binary i think it must be some problem with attach process but cant say for sure

Thank you for your answer. I'm note sure about the meaning of your question but I'll try to answer:

- of course I attach the process on iPhone side when I run debug server and then I do the following commands:

 

// iphone sidedebugserver *:6666 -a <processNameOrId>// desktop side$ lldb(lldb) platform select remote-ios(lldb) target create --arch arm /path/to/my/decrypted/bin(lldb) process connect connect://myIp:port
--> everything is going fine here : debug server starts etc...

Could you precise your idea about "permissions" ?

- debug server has the good permissions

- my local decrypted binaries has read permissions

Any idea ?

Did you attack the process id of the GAME on your computer?

Use this tutorial https://iosgods.com/topic/5380-working-on-ios-9-how-to-get-lldb-working-on-windows/

Updated by Archangel04
Posted

Usually if its saying that it cant choose binary i think it must be some problem with attach process but cant say for sure

Did you attack the process id of the GAME on your computer?

Use this tutorial https://iosgods.com/topic/5380-working-on-ios-9-how-to-get-lldb-working-on-windows/

 

Ok, I'll give a shot with the rwx permissions as you said above. I'll let your know :)

About the tutorial, I do exactly the same thing and it works. But the problem happens when I try to set a breakpoint.

Posted

Kay. Also when you start it, the game is running right?

Ok, I'll give a shot with the rwx permissions as you said above. I'll let your know :)

About the tutorial, I do exactly the same thing and it works. But the problem happens when I try to set a breakpoint.

Posted (edited)

Have you done this

 

Step 4: Open PuTTY or iFunBox and type in this command:

debugserver 127.0.0.1:23 --attach=PID or BINARYNAME
PID is the Process ID of the app and Binary Name is the Binary Name of the app. You can get PID & Binary Name from iGameGuardian or Binary Name from iFile/Filza.

 

Sorry tag error the step 4 in the other one. IF the app has attached (i know that debug server did, but im asking regarding app not the server itself)

Updated by Archangel04
Posted (edited)

Have you done this

 

Step 4: Open PuTTY or iFunBox and type in this command:

debugserver 127.0.0.1:23 --attach=PID or BINARYNAME
PID is the Process ID of the app and Binary Name is the Binary Name of the app. You can get PID & Binary Name from iGameGuardian or Binary Name from iFile/Filza.

 

Sorry tag error the step 4 in the other one. IF the app has attached (i know that debug server did, but im asking regarding app not the server itself)

 

 

 

OK so, here are the steps I followed : 

 

 

 

Desktop side

 

//1: thin the decypted with Clutch2 binary and set permissions :

 

MacBook-Pro:Desktop $ lipo -thin armv7 -output snapchat-armv7 Snapchat
MacBook-Pro:Desktop $ chmod 777 snapchat-armv7 && ls -l snapchat-armv7
-rwxrwxrwx  1 kevinpiacentini  staff  49819344  3 jan 19:03 snapchat-armv7

 

 

 

// 2: start lldb

(lldb) process connect connect://192.168.0.28:23
Process 564 stopped
* thread #1: tid = 0x0c9e, 0x38034474 libsystem_kernel.dylib`mach_msg_trap + 20, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x38034474 libsystem_kernel.dylib`mach_msg_trap + 20
libsystem_kernel.dylib`mach_msg_trap:
->  0x38034474 <+20>: pop    {r4, r5, r6, r8}
    0x38034478 <+24>: bx     lr

libsystem_kernel.dylib`mach_msg_overwrite_trap:
    0x3803447c <+0>:  mov    r12, sp
    0x38034480 <+4>:  push   {r4, r5, r6, r8}
(lldb) platform select remote-ios
  Platform: remote-ios
 Connected: no
  SDK Path: "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"
 SDK Roots: [ 0] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"
 SDK Roots: [ 1] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/8.2 (12D508)"
 SDK Roots: [ 2] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.1 (13B143)"
 SDK Roots: [ 3] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.1 (13E238)"
 SDK Roots: [ 4] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.2 (13F69)"
 SDK Roots: [ 5] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.5 (13G36)"



(lldb) target create --arch arm ~/Desktop/snapchat-armv7
Current executable set to '~/Desktop/snapchat-armv7' (armv7).

(lldb) b -[LoginV2ViewController viewDidLoad]
Breakpoint 1: no locations (pending).
WARNING:  Unable to resolve breakpoint to any actual locations.

 

iPhone Side

 

iPhone:~ root# 
./debugserver *:23 --attach=Snapchat
debugserver-@(#)PROGRAM:debugserver  PROJECT:debugserver-320.2.89
 for armv7.
Attaching to process Snapchat...
Listening to port 23 for a connection from *...
Waiting for debugger instructions for process 0.

Here you can see all my steps... Maybe I misunderstood something ?

Updated by babbunatale
Posted

(lldb) platform select remote-ios
  Platform: remote-ios
 Connected: no
  SDK Path: "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"

 

"Connected: No" ??

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Our picks

    • Galaxiga - Classic 80s Arcade v10.90 [ +7 Jailed ] Energy Max
      Modded/Hacked App: Galaxiga - Classic 80s Arcade By ONESOFT GLOBAL PTE. LTD.
      Bundle ID: com.os.space.force.galaxy.alien
      iTunes Store Link: https://apps.apple.com/us/app/galaxiga-classic-80s-arcade/id1519367184?uo=4


      Hack Features:

      - Premium Pass [ Rewards Only ]

      - Energy Unlimited [ Linked Premium Pass ]

      - Plane Unlocked [ Tire 1 Tire 2 ] 

      - Drone Unlocked [ Tire 1 Tire 2 ]

      - Stone Unlocked [ Tire 1 Tire 2 ] 

      - Unlock Gem Cost 0 [ Plane Drone Stone ]

      - Easy Kill [ Only SP - No PVP ] 

      - Win PvP Select Higher Rank [ Plane Drone Stone ] Easy To Win PvP NO Bannnn


      Jailbreak required hack(s): https://iosgods.com/forum/5-game-cheats-hack-requests/
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 48 replies
    • Galaxiga - Classic 80s Arcade v10.90 [ +7 Cheats ] Energy Max
      Modded/Hacked App: Galaxiga - Classic 80s Arcade By ONESOFT GLOBAL PTE. LTD.
      Bundle ID: com.os.space.force.galaxy.alien
      iTunes Store Link: https://apps.apple.com/us/app/galaxiga-classic-80s-arcade/id1519367184?uo=4


      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iGameGod / Filza / iMazing or any other file managers for iOS.
      - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak.
      - PreferenceLoader (from Cydia, Sileo or Zebra).


      Hack Features:
      - Premium Pass [ Rewards Only ]

      - Energy Unlimited [ Linked Premium Pass ]

      - Plane Unlocked [ Tire 1 Tire 2 ] 

      - Drone Unlocked [ Tire 1 Tire 2 ]

      - Stone Unlocked [ Tire 1 Tire 2 ] 

      - Unlock Gem Cost 0 [ Plane Drone Stone ] Maybe Effect PvP 

      - Easy Kill [ Only SP - No PVP ] 

      - Win PvP Select Higher Rank [ Plane Drone Stone ]

      Not3:- Don't Abuse The Hack Incase Banned Lower Chances Maybe


      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/


      iOS Hack Download Link:

      Hidden Content

      Download Hack
      • 79 replies
    • Galaxy Attack: Alien Shooter v5.12.13 [ +30++ Cheats ] Currency Max
      Modded/Hacked App: Galaxy Attack: Alien Shooter By DINO GAME LIMITED
      Bundle ID: com.alien.shooter.galaxy.attack
      iTunes Store Link: https://apps.apple.com/us/app/galaxy-attack-alien-shooter/id1176011642?uo=4
       

      🚀 Hack Features

      - ADS NO [ Rewards Free ]

      - Gems [ Linked With Battle Pass ]

      - Gold [ Linked With Battle Pass ]

      - Chest [ Linked With Battle Pass ]

      - Monthly Card Normal

      - Monthly Card Super

      - Monthly Card Premium

      - Energy NO Need [ When 0 Play Unlimited ]

      - Evolve Stone

      - Unlimited Ship [ Select Any Ship Before The Battle ]

      - Drone Ticket

      - Terminator Point

      - Tech Point

      - Overload Ball

      - Matrix Max

      - Golden Revive Max

      - Revive Unlimited

      - Campain Revive Cost Gold [ Earn With Gold ]

      - Gems Revive  [Earn With Gems ]

      - Endless Revive Cost Gold [Earn With Gold ]

      - Talent Upgrade Cost  [Earn With Gold ]

      - Battle Pass Premium Active

      - BP Free [ Claim Unlimited ]

      - BP Premium [ Claim Unlimited ]

      - BP Free Rewards Unlimited [ Gold Gems Chest Stone + More ]

      - BP Premium Rewards Unlimited [ Gold Gems Chest Stone + More ]

      - Bullet Max

      - Life Max

      - Damage

      Warning 


      Don"t Abuse The Hack In Case Banned Any Data Lose I'M Not Responsible  

       

      🍏 For Non-Jailbroken & No Jailbreak required hacks: https://iosgods.com/forum/79-no-jailbreak-section/
      🤖 Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      • 77 replies
    • Galaxy Attack: Alien Shooter v5.12.13 [ +30++ Jailed ] Currency Max
      Modded/Hacked App: Galaxy Attack: Alien Shooter By DINO GAME LIMITED
      Bundle ID: com.alien.shooter.galaxy.attack
      iTunes Store Link: https://apps.apple.com/us/app/galaxy-attack-alien-shooter/id1176011642?uo=4

       

       

      🔧 Mod Requirements

      - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
      - Sideloadly or alternatives.
      - Computer running Windows/macOS/Linux with iTunes installed.

       

      🚀 Hack Features

      - ADS NO [ Rewards Free ]

      - Gems [ Linked With Battle Pass ]

      - Gold [ Linked With Battle Pass ]

      - Chest [ Linked With Battle Pass ]

      - Monthly Card Normal

      - Monthly Card Super

      - Monthly Card Premium

      - Energy NO Need [ When 0 Play Unlimited ]

      - Evolve Stone

      - Unlimited Ship [ Select Any Ship Before The Battle ]

      - Drone Ticket

      - Terminator Point

      - Tech Point

      - Overload Ball

      - Matrix Max

      - Golden Revive Max

      - Revive Unlimited

      - Campain Revive Cost Gold [ Earn With Gold ]

      - Gems Revive  [Earn With Gems ]

      - Endless Revive Cost Gold [Earn With Gold ]

      - Talent Upgrade Cost  [Earn With Gold ]

      - Battle Pass Premium Active

      - BP Free [ Claim Unlimited ]

      - BP Premium [ Claim Unlimited ]

      - BP Free Rewards Unlimited [ Gold Gems Chest Stone + More ]

      - BP Premium Rewards Unlimited [ Gold Gems Chest Stone + More ]

      - Bullet Max

      - Life Max

      - Damage

      Warning 


      Don"t Abuse The Hack In Case Banned Any Data Lose I'M Not Responsible 


      🍏 Jailbreak iOS hacks: https://iosgods.com/forum/5-game-cheats-hack-requests/
      🤖 Modded Android APKs: https://iosgods.com/forum/68-android-section/

       

      📥 iOS Hack Download IPA Link


      Hidden Content

      Download via the iOSGods App
      • 61 replies
    • Galaxy Attack Alien Shooter v5.12.13 [ +3 Jailed ] Never Die
      Modded/Hacked App: Galaxy Attack: Alien Shooter By DINO GAME LIMITED
      Bundle ID: com.alien.shooter.galaxy.attack
      iTunes Store Link: https://apps.apple.com/us/app/galaxy-attack-alien-shooter/id1176011642?uo=4


      Hack Features:
      - Max Bullet
      - Max Life
      - DMG



      Jailbreak required hack(s): https://iosgods.com/forum/5-game-cheats-hack-requests/
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/
      • 58 replies
    • Galaxy Attack Alien Shooter v5.12.13 [ +3 Cheats ] Never Die
      Modded/Hacked App: Galaxy Attack: Alien Shooter By ABIGAMES PTE. LTD
      Bundle ID: com.alien.shooter.galaxy.attack
      iTunes Store Link: https://apps.apple.com/us/app/galaxy-attack-alien-shooter/id1176011642?uo=4


      Mod Requirements:
      - Jailbroken iPhone/iPad/iPod Touch.
      - iGameGod / Filza / iMazing or any other file managers for iOS.
      - Cydia Substrate, Substitute or libhooker depending on your jailbreak.
      - PreferenceLoader (from Cydia, Sileo or Zebra).


      Hack Features:
      - Max Life 
      - Damage Multi [PvP Use Only Boss ] 
      - Max Bullet



      Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
      Modded Android APK(s): https://iosgods.com/forum/68-android-section/
      For more fun, check out the Club(s): https://iosgods.com/clubs/


      iOS Hack Download Link:

      Hidden Content

      Download Hack
      • 208 replies
    • [ GrandChase TW] 永恆冒險 Cheats v1.91.2 +3
      Modded/Hacked App: 永恆冒險 By HaoPlay Limited
      Bundle ID: tw.txwy.ios.grandchase
      iTunes Store Link: https://apps.apple.com/tw/app/%E6%B0%B8%E6%81%86%E5%86%92%E9%9A%AA/id1434266148?uo=4


      Hack Features:
      - Multiply Attack
      - Multiply Defense
      - Instant Skills
      - Weak Enemies


      ViP Non-Jailbroken Hack: https://iosgods.com/topic/167594-grandchase-tw-%E6%B0%B8%E6%81%86%E5%86%92%E9%9A%AA-v1744-jailed-cheats-2/


      iOS Hack Download Link: https://iosgods.com/topic/144913-grandchase-tw-%E6%B0%B8%E6%81%86%E5%86%92%E9%9A%AA-cheats-v1812-3/
      • 150 replies
    • [Grandchase KR] 그랜드체이스 Cheats v1.92.3 +3
      Modded/Hacked App: 그랜드체이스 By KOG co., Ltd
      Bundle ID: com.kakaogames.grdchase
      iTunes Store Link: https://apps.apple.com/kr/app/%EA%B7%B8%EB%9E%9C%EB%93%9C%EC%B2%B4%EC%9D%B4%EC%8A%A4/id1312734855?uo=4

       

      📌 Mod Requirements

      - Jailbroken iPhone or iPad.
      - iGameGod / Filza / iMazing.
      - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak (from Sileo, Cydia or Zebra).

       

      🤩 Hack Features

      - Multiply Attack
      - Multiply Defense
      - Instant Skills

       

      Non-Jailbroken Hack: https://iosgods.com/topic/106254-grandchase-kr-%EA%B7%B8%EB%9E%9C%EB%93%9C%EC%B2%B4%EC%9D%B4%EC%8A%A4-v1872-weak-enemies-more/

       

      ⬇️ iOS Hack Download Link: https://iosgods.com/topic/132809-grandchase-kr-%EA%B7%B8%EB%9E%9C%EB%93%9C%EC%B2%B4%EC%9D%B4%EC%8A%A4-cheats-v1882-3/
      • 145 replies
    • Groove Journey v5.0.0 Jailed Mod +1
      Modded/Hacked App: Groove Journey By Somtochukwu Mbala
      Bundle ID: com.kaipha.groovejourney
      iTunes Store Link: https://apps.apple.com/us/app/groove-journey/id6736345547?uo=4


      Hack Features:
      - PREMIUM


      iOS Hack Download IPA Link: https://iosgods.com/topic/190862-groove-journey-v311-jailed-mod-1/
      • 107 replies
    • MARVEL Contest of Champions v51.1.1 +11++ Amazing Cheats!
      Modded/Hacked App: MARVEL Contest of Champions By Kabam
      Bundle ID: com.kabam.marvelbattle
      iTunes Link: https://itunes.apple.com/us/app/marvel-contest-of-champions/id896112560?mt=8&uo=4&at=1010lce4


      Hack Features
      - Enemy/AI Doesn't Attack
      - Special Attack/Skill Always Available
      - No Knockbacks When Hit
      - No Knockdowns When Hit
      - Enemy Doesn't Block
      - Auto Win - Whoever Attacks first, loses. Disable AI Doesn't Attack for this to work.
      - One Hit Kill / High Damage - Linked. Attack first or use with Enemy Doesn't Attack.

      Non-Jailbroken version of this hack: https://iosgods.com/topic/44075-marvel-contest-of-champions-v1311-2-cheats-for-jailed-devices/
      • 3,510 replies
    • Caveman Life v1.0.2 Cheat Menu [+5 Cheats]
      Modded/Hacked App: Caveman Life By 24 HIT Riga SIA
      Bundle ID: com.prehistoric.dude
      iTunes Store Link: https://apps.apple.com/us/app/caveman-life/id6739502478?uo=4


       

      🤩 Hack Features

      - Cheat Menu (Enable and hold setting button until cheat menu appear. Password is : 2424)
       
      • 4 replies
    • Caveman Life v1.0.2 Cheat Menu [+5 Jailed Cheats]
      Modded/Hacked App: Caveman Life By 24 HIT Riga SIA
      Bundle ID: com.prehistoric.dude
      iTunes Store Link: https://apps.apple.com/us/app/caveman-life/id6739502478?uo=4



      🤩 Hack Features

      - Cheat Menu (Enable and hold setting button until cheat menu appear. Password is : 2424)

       
      • 3 replies
×
  • Create New...

Important Information

We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines