Jump to content
Community Announcements, Giveaways & More!

Debug iOS8.2 or iOS9.3.2 AppStore app using lldb.

babbunatale

By babbunatale
in Help & Support

 Share

18 posts in this topic

Recommended Posts

babbunatale Newbie

babbunatale 0
  •   9 

    • Posted
    Posted

    Hi everyone,

     

    first of all I wish you an happy hacking year !  (y)

    I'm very new in reverse engineering / debugging / iOS so excuse me for my newbie's questions. 

     

     

    Context:
    [everything was tried on iOS 9.3.2 AND iOS 8.2]

    I need to understand how an application generates its tokens passed through http headers. So, I disassembled it using Hopper I dumped all .header files and I then logged a lot of informations during runtime by hooking some functions to understand the process of 'how an authenticated http request is generated'. Now I almost know which function exactly generates which token, I need to go ahead and understand the way of a particular token is generated to be able to reproduce it. It seems that using lldb to set breakpoints and then dump the register's value at some step of the runtime could be the best way to achieve my goals, right ? 

    The steps I followed in order to use lldb are : 

    - decrypt the app using Clutch2 and download it on my desktop
    - install debug server and all stuff
    - thin the binary
    - set the thinned binary as lldb target
    - install the decrypted binary.ipa in the iPhone (I tried both with a decrypted version and the normal app store version)
    - set breakpoint: fail

     

    My problem:

    After having followed a lot of tutorials on it, I still don't get it to work.
    It's impossible to set breakpoint using a method name like: 

    (lldb): b -[ClassName methodCalled:]
// found on this tuts : http://highaltitudehacks.com/2015/05/17/ios-application-security-part-43-fat-binaries-and-lldb-usage-continued/
// does not work for me

    lldb says that the breakpoint can't be set, exactly as I've not "targeted" the binary.
    Plus, I don't really understand how to set a breakpoint using the memory address. Removing ASLR, finding memory addresses offset are just notions that brainf**ked me!

    Could someone help me by sending me a precise routine and more informations about ASLR, memory offset or other useful stuff? 

    PS: I read a lot of article on the web and also on this forum and some of them are just impossible to understand for a beginner like me... Please try to be "clear" :) 

    Thank you a lot guys ! :)

     

    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted (edited)

    attach process?

    that and have you set permissions? (chmod 777)

     

    Thank you for your answer. I'm note sure about the meaning of your question but I'll try to answer: 

    - of course I attach the process on iPhone side when I run debug server and then I do the following commands: 

    // iphone side
debugserver *:6666 -a <processNameOrId>


// desktop side
$ lldb
(lldb) platform select remote-ios
(lldb) target create --arch arm /path/to/my/decrypted/bin
(lldb) process connect connect://myIp:port

    --> everything is going fine here : debug server starts etc...

     

    Could you precise your idea about "permissions" ? 

    - debug server has the good permissions

    - my local decrypted binaries has read permissions 

     

    Any idea ? 

    Updated by babbunatale
    Archangel04 Rookie

    Archangel04 32.9k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted (edited)

    Binary needs read write and execute on all 3. Thats why we use chmod 777 to give it those permissions.

     

    Usually if its saying that it cant choose binary i think it must be some problem with attach process but cant say for sure

    Thank you for your answer. I'm note sure about the meaning of your question but I'll try to answer:

    - of course I attach the process on iPhone side when I run debug server and then I do the following commands:

     

    // iphone sidedebugserver *:6666 -a <processNameOrId>// desktop side$ lldb(lldb) platform select remote-ios(lldb) target create --arch arm /path/to/my/decrypted/bin(lldb) process connect connect://myIp:port
    --> everything is going fine here : debug server starts etc...

    Could you precise your idea about "permissions" ?

    - debug server has the good permissions

    - my local decrypted binaries has read permissions

    Any idea ?

    Did you attack the process id of the GAME on your computer?

    Use this tutorial https://iosgods.com/topic/5380-working-on-ios-9-how-to-get-lldb-working-on-windows/

    Updated by Archangel04
    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted

    Usually if its saying that it cant choose binary i think it must be some problem with attach process but cant say for sure

    Did you attack the process id of the GAME on your computer?

    Use this tutorial https://iosgods.com/topic/5380-working-on-ios-9-how-to-get-lldb-working-on-windows/

     

    Ok, I'll give a shot with the rwx permissions as you said above. I'll let your know :)

    About the tutorial, I do exactly the same thing and it works. But the problem happens when I try to set a breakpoint.

    Archangel04 Rookie

    Archangel04 32.9k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted

    Kay. Also when you start it, the game is running right?

    Ok, I'll give a shot with the rwx permissions as you said above. I'll let your know :)

    About the tutorial, I do exactly the same thing and it works. But the problem happens when I try to set a breakpoint.

    Archangel04 Rookie

    Archangel04 32.9k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted (edited)

    Have you done this

     

    Step 4: Open PuTTY or iFunBox and type in this command:

    debugserver 127.0.0.1:23 --attach=PID or BINARYNAME
    PID is the Process ID of the app and Binary Name is the Binary Name of the app. You can get PID & Binary Name from iGameGuardian or Binary Name from iFile/Filza.

     

    Sorry tag error the step 4 in the other one. IF the app has attached (i know that debug server did, but im asking regarding app not the server itself)

    Updated by Archangel04
    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted (edited)

    Have you done this

     

    Step 4: Open PuTTY or iFunBox and type in this command:

    debugserver 127.0.0.1:23 --attach=PID or BINARYNAME
    PID is the Process ID of the app and Binary Name is the Binary Name of the app. You can get PID & Binary Name from iGameGuardian or Binary Name from iFile/Filza.

     

    Sorry tag error the step 4 in the other one. IF the app has attached (i know that debug server did, but im asking regarding app not the server itself)

     

     

     

    OK so, here are the steps I followed : 

     

     

     

    Desktop side

     

    //1: thin the decypted with Clutch2 binary and set permissions :

     

    MacBook-Pro:Desktop $ lipo -thin armv7 -output snapchat-armv7 Snapchat

    MacBook-Pro:Desktop $ chmod 777 snapchat-armv7 && ls -l snapchat-armv7
-rwxrwxrwx  1 kevinpiacentini  staff  49819344  3 jan 19:03 snapchat-armv7

     

     

     

    // 2: start lldb

    (lldb) process connect connect://192.168.0.28:23
Process 564 stopped
* thread #1: tid = 0x0c9e, 0x38034474 libsystem_kernel.dylib`mach_msg_trap + 20, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x38034474 libsystem_kernel.dylib`mach_msg_trap + 20
libsystem_kernel.dylib`mach_msg_trap:
->  0x38034474 <+20>: pop    {r4, r5, r6, r8}
    0x38034478 <+24>: bx     lr

libsystem_kernel.dylib`mach_msg_overwrite_trap:
    0x3803447c <+0>:  mov    r12, sp
    0x38034480 <+4>:  push   {r4, r5, r6, r8}
(lldb) platform select remote-ios
  Platform: remote-ios
 Connected: no
  SDK Path: "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"
 SDK Roots: [ 0] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"
 SDK Roots: [ 1] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/8.2 (12D508)"
 SDK Roots: [ 2] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.1 (13B143)"
 SDK Roots: [ 3] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.1 (13E238)"
 SDK Roots: [ 4] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.2 (13F69)"
 SDK Roots: [ 5] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.5 (13G36)"




    (lldb) target create --arch arm ~/Desktop/snapchat-armv7
Current executable set to '~/Desktop/snapchat-armv7' (armv7).

(lldb) b -[LoginV2ViewController viewDidLoad]
Breakpoint 1: no locations (pending).
WARNING:  Unable to resolve breakpoint to any actual locations.

     

    iPhone Side

     

    iPhone:~ root# 
./debugserver *:23 --attach=Snapchat
debugserver-@(#)PROGRAM:debugserver  PROJECT:debugserver-320.2.89
 for armv7.
Attaching to process Snapchat...
Listening to port 23 for a connection from *...
Waiting for debugger instructions for process 0.

    Here you can see all my steps... Maybe I misunderstood something ?

    Updated by babbunatale
    Archangel04 Rookie

    Archangel04 32.9k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted 

    (lldb) platform select remote-ios
  Platform: remote-ios
 Connected: no
  SDK Path: "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"

     

    "Connected: No" ??

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing

    • Our picks

      • Kritika: The White Knights v5.18.3 +12 Cheats

        Kritika: The White Knights v5.18.3 +12 Cheats

        Rook posted a topic in ViP Cheats,

        Hacked App: Kritika: The White Knights By GAMEVIL Inc.
        iTunes Link: https://itunes.apple.com/us/app/kritika-the-white-knights/id865958296
        Bundle ID: com.gamevil.kritikam.ios.apple.global.normal


        Hack Features
        - Infinite Potions (Increase instead of decrease)
        - Infinite Mana
        - No Potion Cooldown
        - Instant EX Gauge Fill
        - God Mode in Stage Mode
        - God Mode in Tower & Monster Wave
        - God Mode in Arena & PvP (Untested)
        - Timer Hack*
        - Mao Support Always Active
        - 1 Hit Kill in Monster -> One Hit Kill was Replaced with "Monster Level 1"
        - Enemy Doesn't Attack
        - Boss Doesn't Attack
        - Enemy Doesn't Move
        - Boss Doesn't Move
        - Monster Level 1 -> Easy kills
        • 3,104 replies
        Laxus

        Picked By

        Laxus ,
      • Westland Survival - Cowboy RPG v10.4.0 +7 [ Items Cheat ]

        Westland Survival - Cowboy RPG v10.4.0 +7 [ Items Cheat ]

        Rook posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Westland Survival - Cowboy RPG By HELIO LTD
        Bundle ID: com.heliogames.a1
        iTunes Store Link: https://apps.apple.com/us/app/westland-survival-cowboy-rpg/id1339238576?uo=4


        Hack Features:
        - Unlimited Energy / Instant Energy Refills
        - Unlock All Blueprints
        - Items Duplicate When Split / Items Hack
        - Unlimited Consumable Items
        - Unlimited Item Durability
        - God Mode / Never Die -> Linked with enemies. Useful for looting.
        - One Hit Kill / High Damage -> Linked with enemies. Use with caution.


        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 448 replies
        Laxus

        Picked By

        Laxus ,
      • Chef & Friends: Cooking Game Cheats v1.35.5 +1

        Chef & Friends: Cooking Game Cheats v1.35.5 +1

        Laxus posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Chef & Friends: Cooking Game By MYTONA Ltd.
        Bundle ID: com.mytona.cheftales
        iTunes Store Link: https://apps.apple.com/us/app/chef-friends-cooking-game/id1586951898?uo=4


        Hack Features:
        - Infinite Currencies (Hats, Coins, Gems)

        NOTE: May bug out the game so better try on your throw away account first 


        iOS Hack Download Link: https://iosgods.com/topic/178904-chef-friends-cooking-game-cheats-v141-1/
        • 32 replies
        Laxus

        Picked By

        Laxus ,
      • Cooking Diary Restaurant Game v2.44.2 Jailed Cheats +3

        Cooking Diary Restaurant Game v2.44.2 Jailed Cheats +3

        Laxus posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Cooking Diary® Restaurant Game by MyTona Pte Ltd
        Bundle ID: com.mytonallc.cookingdiary
        iTunes Store Link: https://apps.apple.com/us/app/cooking-diary-restaurant-game/id1214763610?uo=4&at=1010lce4


        Hack Features:
        - Infinite Currencies (Get some)
        - Freeze Boosters


        iOS Hack Download Link: https://iosgods.com/topic/110310-arm64-cooking-diary-restaurant-game-v1160-3/
        • 697 replies
        Laxus

        Picked By

        Laxus ,
      • [ViP Hack] WarFriends v6.0.0 +6 Cheats

        [ViP Hack] WarFriends v6.0.0 +6 Cheats

        Rook posted a topic in ViP Cheats,

        Modded/Hacked App: WarFriends: PvP Shooter Game By Chillingo Ltd
        Bundle ID: com.chillingo.warfriends
        iTunes Link: https://itunes.apple.com/us/app/warfriends-pvp-shooter-game/id979873043


        Hack Features:
        - Debug Menu -> Most/Everything from previous hack has been patched/removed. However, it will still show you some in-game stuff.
        - Free Weapon Upgrades. Instant Weapon Upgrade Delivery Times!
        - Unlimited Clips/Ammo -> Works online & offline
        - No Weapon Reload / Unlimited Ammo in Clip -> Works online & offline
        - One Hit Kill Enemies / High Damage -> Buggy Online, works well offline. Linked with enemy, so hit them first.
        - Gun Fire Rate x1000 -> Shoot bullets really, really fast. Works online too, linked to enemy. One Hit Kill Alternative if you can aim.
        This hack is an In-Game Mod Menu (iGMM). In order to activate the Mod Menu, tap your screen with 3 fingers simultaneously.

         

        Non-Jailbroken Version of this hack: https://iosgods.com/topic/44193-warfriends-v140-3-cheats-ios-10/
        • 1,771 replies
        Rook

        Picked By

        Rook,
      • Towerlands - tower defense TD v3.7.5 +2 Cheats

        Towerlands - tower defense TD v3.7.5 +2 Cheats

        Zahir posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Towerlands - tower defense TD By CHERNYE MEDVEDI, OOO
        Bundle ID: mobi.blackbears.ios.towerlands
        iTunes Store Link: https://apps.apple.com/us/app/towerlands-tower-defense-td/id1491901979?uo=4



        Hack Features:
        - Unlimited Gold
        - Unlimited Gems


        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 349 replies
        Rook

        Picked By

        Rook,
      • Fishing Clash v1.0.398 +3 Cheats

        Fishing Clash v1.0.398 +3 Cheats

        Zahir posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Fishing Clash: Fish Game 2019 by Ten Square Games S.A.
        Bundle ID: com.tensquaregames.letsfish2
        iTunes Store Link: https://apps.apple.com/us/app/fishing-clash-fish-game-2019/id1151811380


        Hack Features:
        - Combo Always Active
        - Centered Line -> The line is always in the center zone. I didn't test enough but worked for 20 games. Duels too.
        - Line Never Breaks
        • 1,345 replies
        Rook

        Picked By

        Rook,
      • Legend of Solgard v2.53.0 - [ x Player Damage & More ]

        Legend of Solgard v2.53.0 - [ x Player Damage & More ]

        Rook posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Legend of Solgard By King
        Bundle ID: com.midasplayer.apps.solgard
        iTunes Store Link: https://apps.apple.com/us/app/legend-of-solgard/id1281263906

        Mod Requirements:
        - Jailbroken iPhone/iPad/iPod Touch.
        - iFile / Filza / iFunBox / iTools or any other file managers for iOS.
        - Cydia Substrate or Substitute.
        - PreferenceLoader (from Cydia).


        Hack Features:
        - x Player Damage - x1 - 30
        - God Mode

        All features are unlinked and only for player, you!
        • 587 replies
        Rook

        Picked By

        Rook,
      • Legend of Solgard v2.53.0 +3 Cheat [God Mode & Damage]

        Legend of Solgard v2.53.0 +3 Cheat [God Mode & Damage]

        Rook posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Legend of Solgard By King
        Bundle ID: com.midasplayer.apps.solgard
        iTunes Store Link: https://itunes.apple.com/us/app/legend-of-solgard/id1281263906?mt=8&uo=4&at=1010lce4


        Mod Requirements:
        - Jailbroken or Non-Jailbroken iPhone/iPad/iPod Touch.
        - Sideloadly.
        - A Computer Running Windows/Mac/Linux.


        Hack Features:
        - x Player Damage - x1 - 30
        - God Mode / Never Die
        - Auto Kill Enemies

        All features are unlinked and only for player, you!
        • 200 replies
        Rook

        Picked By

        Rook,
      • Hempire - Weed Growing Game [ Auto Updating ] - Unlimited Everything!

        Hempire - Weed Growing Game [ Auto Updating ] - Unlimited Everything!

        Rook posted a topic in ViP Cheats,

        Modded/Hacked App: Hempire - Weed Growing Game By LBC Studios Inc.
        Bundle ID: ca.lbcstudios.hempire
        iTunes Store Link: https://itunes.apple.com/us/app/hempire-weed-growing-game/id1139379843


        Hack Features:
        - Unlimited Currency - Currency Hack
        - Unlimited Storage
        -- Buy anything
        -- Free Rushing/Skipping

        This hack is an In-Game Mod Menu (iGMM). In order to activate the Mod Menu, tap on the iOSGods button found inside the app.
        This hack is using the new iOSGods Auto Updater. The hack will automatically update itself to the current app version you have installed on your iDevice.
        • 1,047 replies
        Rook

        Picked By

        Rook,
      • We Are Warriors! v1.55.0 Cheats +3

        We Are Warriors! v1.55.0 Cheats +3

        Theo1357 posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: We Are Warriors! By Lessmore UG haftungsbeschraenkt
        Bundle ID: com.vjsjlqvlmp.wearewarriors
        iTunes Store Link: https://apps.apple.com/us/app/we-are-warriors/id6466648550?uo=4

         

        Mod Requirements:
        - Non-Jailbroken/Jailed or Jailbroken iPhone/iPad/iPod Touch.
        - Sideloadly / Cydia Impactor or alternatives.
        - A Computer Running Windows/macOS/Linux with iTunes installed.


        Hack Features:
        - Unlimited everything
        - Auto complete task
        • 164 replies
        Rook

        Picked By

        Rook,
      • We Are Warriors! v1.55.0 Cheats +3

        We Are Warriors! v1.55.0 Cheats +3

        Theo1357 posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: We Are Warriors! By Lessmore UG haftungsbeschraenkt
        Bundle ID: com.vjsjlqvlmp.wearewarriors
        iTunes Store Link: https://apps.apple.com/us/app/we-are-warriors/id6466648550?uo=4


        Mod Requirements:
        - Jailbroken iPhone/iPad/iPod Touch.
        - iGameGod / Filza / iMazing or any other file managers for iOS.
        - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak.
        - PreferenceLoader (from Cydia, Sileo or Zebra).


        Hack Features:
        - Unlimited everything
        - Auto complete task
        • 93 replies
        Rook

        Picked By

        Rook,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines