Jump to content
Community Announcements, Giveaways & More!

Debug iOS8.2 or iOS9.3.2 AppStore app using lldb.

babbunatale

By babbunatale
in Help & Support

 Share

18 posts in this topic

Recommended Posts

babbunatale Newbie

babbunatale 0
  •   9 

    • Posted
    Posted

    Hi everyone,

     

    first of all I wish you an happy hacking year !  (y)

    I'm very new in reverse engineering / debugging / iOS so excuse me for my newbie's questions. 

     

     

    Context:
    [everything was tried on iOS 9.3.2 AND iOS 8.2]

    I need to understand how an application generates its tokens passed through http headers. So, I disassembled it using Hopper I dumped all .header files and I then logged a lot of informations during runtime by hooking some functions to understand the process of 'how an authenticated http request is generated'. Now I almost know which function exactly generates which token, I need to go ahead and understand the way of a particular token is generated to be able to reproduce it. It seems that using lldb to set breakpoints and then dump the register's value at some step of the runtime could be the best way to achieve my goals, right ? 

    The steps I followed in order to use lldb are : 

    - decrypt the app using Clutch2 and download it on my desktop
    - install debug server and all stuff
    - thin the binary
    - set the thinned binary as lldb target
    - install the decrypted binary.ipa in the iPhone (I tried both with a decrypted version and the normal app store version)
    - set breakpoint: fail

     

    My problem:

    After having followed a lot of tutorials on it, I still don't get it to work.
    It's impossible to set breakpoint using a method name like: 

    (lldb): b -[ClassName methodCalled:]
// found on this tuts : http://highaltitudehacks.com/2015/05/17/ios-application-security-part-43-fat-binaries-and-lldb-usage-continued/
// does not work for me

    lldb says that the breakpoint can't be set, exactly as I've not "targeted" the binary.
    Plus, I don't really understand how to set a breakpoint using the memory address. Removing ASLR, finding memory addresses offset are just notions that brainf**ked me!

    Could someone help me by sending me a precise routine and more informations about ASLR, memory offset or other useful stuff? 

    PS: I read a lot of article on the web and also on this forum and some of them are just impossible to understand for a beginner like me... Please try to be "clear" :) 

    Thank you a lot guys ! :)

     

    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted (edited)

    attach process?

    that and have you set permissions? (chmod 777)

     

    Thank you for your answer. I'm note sure about the meaning of your question but I'll try to answer: 

    - of course I attach the process on iPhone side when I run debug server and then I do the following commands: 

    // iphone side
debugserver *:6666 -a <processNameOrId>


// desktop side
$ lldb
(lldb) platform select remote-ios
(lldb) target create --arch arm /path/to/my/decrypted/bin
(lldb) process connect connect://myIp:port

    --> everything is going fine here : debug server starts etc...

     

    Could you precise your idea about "permissions" ? 

    - debug server has the good permissions

    - my local decrypted binaries has read permissions 

     

    Any idea ? 

    Updated by babbunatale
    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted (edited)

    Binary needs read write and execute on all 3. Thats why we use chmod 777 to give it those permissions.

     

    Usually if its saying that it cant choose binary i think it must be some problem with attach process but cant say for sure

    Thank you for your answer. I'm note sure about the meaning of your question but I'll try to answer:

    - of course I attach the process on iPhone side when I run debug server and then I do the following commands:

     

    // iphone sidedebugserver *:6666 -a <processNameOrId>// desktop side$ lldb(lldb) platform select remote-ios(lldb) target create --arch arm /path/to/my/decrypted/bin(lldb) process connect connect://myIp:port
    --> everything is going fine here : debug server starts etc...

    Could you precise your idea about "permissions" ?

    - debug server has the good permissions

    - my local decrypted binaries has read permissions

    Any idea ?

    Did you attack the process id of the GAME on your computer?

    Use this tutorial https://iosgods.com/topic/5380-working-on-ios-9-how-to-get-lldb-working-on-windows/

    Updated by Archangel04
    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted

    Usually if its saying that it cant choose binary i think it must be some problem with attach process but cant say for sure

    Did you attack the process id of the GAME on your computer?

    Use this tutorial https://iosgods.com/topic/5380-working-on-ios-9-how-to-get-lldb-working-on-windows/

     

    Ok, I'll give a shot with the rwx permissions as you said above. I'll let your know :)

    About the tutorial, I do exactly the same thing and it works. But the problem happens when I try to set a breakpoint.

    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted

    Kay. Also when you start it, the game is running right?

    Ok, I'll give a shot with the rwx permissions as you said above. I'll let your know :)

    About the tutorial, I do exactly the same thing and it works. But the problem happens when I try to set a breakpoint.

    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted (edited)

    Have you done this

     

    Step 4: Open PuTTY or iFunBox and type in this command:

    debugserver 127.0.0.1:23 --attach=PID or BINARYNAME
    PID is the Process ID of the app and Binary Name is the Binary Name of the app. You can get PID & Binary Name from iGameGuardian or Binary Name from iFile/Filza.

     

    Sorry tag error the step 4 in the other one. IF the app has attached (i know that debug server did, but im asking regarding app not the server itself)

    Updated by Archangel04
    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted (edited)

    Have you done this

     

    Step 4: Open PuTTY or iFunBox and type in this command:

    debugserver 127.0.0.1:23 --attach=PID or BINARYNAME
    PID is the Process ID of the app and Binary Name is the Binary Name of the app. You can get PID & Binary Name from iGameGuardian or Binary Name from iFile/Filza.

     

    Sorry tag error the step 4 in the other one. IF the app has attached (i know that debug server did, but im asking regarding app not the server itself)

     

     

     

    OK so, here are the steps I followed : 

     

     

     

    Desktop side

     

    //1: thin the decypted with Clutch2 binary and set permissions :

     

    MacBook-Pro:Desktop $ lipo -thin armv7 -output snapchat-armv7 Snapchat

    MacBook-Pro:Desktop $ chmod 777 snapchat-armv7 && ls -l snapchat-armv7
-rwxrwxrwx  1 kevinpiacentini  staff  49819344  3 jan 19:03 snapchat-armv7

     

     

     

    // 2: start lldb

    (lldb) process connect connect://192.168.0.28:23
Process 564 stopped
* thread #1: tid = 0x0c9e, 0x38034474 libsystem_kernel.dylib`mach_msg_trap + 20, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x38034474 libsystem_kernel.dylib`mach_msg_trap + 20
libsystem_kernel.dylib`mach_msg_trap:
->  0x38034474 <+20>: pop    {r4, r5, r6, r8}
    0x38034478 <+24>: bx     lr

libsystem_kernel.dylib`mach_msg_overwrite_trap:
    0x3803447c <+0>:  mov    r12, sp
    0x38034480 <+4>:  push   {r4, r5, r6, r8}
(lldb) platform select remote-ios
  Platform: remote-ios
 Connected: no
  SDK Path: "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"
 SDK Roots: [ 0] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"
 SDK Roots: [ 1] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/8.2 (12D508)"
 SDK Roots: [ 2] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.1 (13B143)"
 SDK Roots: [ 3] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.1 (13E238)"
 SDK Roots: [ 4] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.2 (13F69)"
 SDK Roots: [ 5] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.5 (13G36)"




    (lldb) target create --arch arm ~/Desktop/snapchat-armv7
Current executable set to '~/Desktop/snapchat-armv7' (armv7).

(lldb) b -[LoginV2ViewController viewDidLoad]
Breakpoint 1: no locations (pending).
WARNING:  Unable to resolve breakpoint to any actual locations.

     

    iPhone Side

     

    iPhone:~ root# 
./debugserver *:23 --attach=Snapchat
debugserver-@(#)PROGRAM:debugserver  PROJECT:debugserver-320.2.89
 for armv7.
Attaching to process Snapchat...
Listening to port 23 for a connection from *...
Waiting for debugger instructions for process 0.

    Here you can see all my steps... Maybe I misunderstood something ?

    Updated by babbunatale
    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted 

    (lldb) platform select remote-ios
  Platform: remote-ios
 Connected: no
  SDK Path: "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"

     

    "Connected: No" ??

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing

    • Our picks

      • Avabel Online -Tower of Bonds- v12.6.0 Jailed Cheats +7

        Avabel Online -Tower of Bonds- v12.6.0 Jailed Cheats +7

        Laxus posted a topic in ViP Non-Jailbroken Hacks & Cheats,

        Modded/Hacked App: Avabel Online -Tower of Bonds- By ASOBIMO,Inc.
        Bundle ID: com.asobimo.AvabelOnline
        iTunes Store Link: https://apps.apple.com/us/app/avabel-online-tower-of-bonds/id606800657?uo=4


        Mod Requirements:
        - Non-Jailbroken/Jailed or Jailbroken iPhone/iPad/iPod Touch.
        - Sideloadly / Cydia Impactor or alternatives.
        - A Computer Running Windows/macOS/Linux with iTunes installed.


        Hack Features:
        - Collision Range - x1 - 10
        - God Mode 
        - Cast Speed Multiplier
        - Charge Speed Multiplier
        - Approach Speed Multiplier
        - No Roll CoolDown
        - No Skills CoolDown

        NOTE: DO NOT BUY VIP FOR JUST THIS CHEAT. THIS IS A TEST VERSION


        iOS Hack Download IPA Link: https://iosgods.com/topic/187184-avabel-online-tower-of-bonds-v1230-jailed-cheats-7/
        • 123 replies
        Laxus

        Picked By

        Laxus ,
      • Fortress Saga: AFK RPG v2.0.30 Jailed Cheats +3

        Fortress Saga: AFK RPG v2.0.30 Jailed Cheats +3

        AlyssaX64 posted a topic in ViP Non-Jailbroken Hacks & Cheats,

        Modded/Hacked App: Fortress Saga: AFK RPG By cookapps
        Bundle ID: com.cookapps.bm.fortresssaga
        App Store Link: https://apps.apple.com/us/app/fortress-saga-afk-rpg/id6446308106?uo=4

         


        Mod Requirements:
        - Non-Jailbroken/Jailed or Jailbroken iPhone/iPad/iPod Touch.
        - Sideloadly / Cydia Impactor or alternatives.
        - A Computer Running Windows/macOS/Linux with iTunes installed.


        Hack Features:
        - Damage Multiplier
        - Defense Multiplier
        - Freeze Currencies



        iOS Hack Download IPA Link: https://iosgods.com/topic/184193-fortress-saga-afk-rpg-v2013-jailed-cheats-3/
        • 214 replies
        Laxus

        Picked By

        Laxus ,
      • +99 Reinforced Wooden Stick v99.1.40 Jailed Cheats +2

        +99 Reinforced Wooden Stick v99.1.40 Jailed Cheats +2

        Laxus posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: 99강화 나무몽둥이 : 키우기 By STUDIO LICO Corp.
        Bundle ID: com.studiolico.woodenstick
        App Store Link: https://apps.apple.com/kr/app/99%EA%B0%95%ED%99%94-%EB%82%98%EB%AC%B4%EB%AA%BD%EB%91%A5%EC%9D%B4-%ED%82%A4%EC%9A%B0%EA%B8%B0/id6737379268?uo=4

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - God Mode
        - Multiply Attack

         


        ⬇️ iOS Hack Download IPA Link: https://iosgods.com/topic/193094-99-reinforced-wooden-stick-v99135-jailed-cheats-2/
        • 45 replies
        Laxus

        Picked By

        Laxus ,
      • Episode - Choose Your Story v26.70 +3 Cheats for Jailed iDevices!

        Episode - Choose Your Story v26.70 +3 Cheats for Jailed iDevices!

        Laxus posted a topic in ViP Non-Jailbroken Hacks & Cheats,

        Modded/Hacked App: Episode - Choose Your Story By Episode Interactive, LLC
        Bundle ID: com.neonfun.catalog
        App Store Link: https://apps.apple.com/us/app/episode-choose-your-story/id656971078?uo=4

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - Free Premium Choices
        - Freeze Passes
        - Debug Menu

         

        ⬇️ iOS Hack Download IPA Link: https://iosgods.com/topic/193903-episode-choose-your-story-v2660-3-cheats-for-jailed-idevices/
        • 92 replies
        Laxus

        Picked By

        Laxus ,
      • MARVEL Future Fight v11.6.0 Jailed Cheats +11

        MARVEL Future Fight v11.6.0 Jailed Cheats +11

        Laxus posted a topic in ViP Non-Jailbroken Hacks & Cheats,

        Modded/Hacked App: MARVEL Future Fight By Netmarble Corporation
        Bundle ID: com.netmarble.mheros
        App Store Link: https://apps.apple.com/us/app/marvel-future-fight/id955705796?uo=4


        Mod Requirements:
        - Non-Jailbroken/Jailed or Jailbroken iPhone/iPad/iPod Touch.
        - Sideloadly / Cydia Impactor or alternatives.
        - A Computer Running Windows/macOS/Linux with iTunes installed.


        Hack Features:
        - Instant Skill
        - No Assistant Cooldown
        - No Swap Cooldown
        - No Special Cooldown
        - Hero Level 60
        - Infinite Buff Time / God Mode
        - Freeze Enemies
        - Infinite HP / God Mode
        - Attack Multiplier
        - Defense Multiplier
        - Cooldown is 5X Faster



        iOS Hack Download IPA Link: https://iosgods.com/topic/186083-marvel-future-fight-v1151-jailed-cheats-11/
        • 167 replies
        Laxus

        Picked By

        Laxus ,
      • SuperStar STARSHIP Cheats v3.29.2 +3

        SuperStar STARSHIP Cheats v3.29.2 +3

        Laxus posted a topic in ViP Jailbreak Cheats,

        Modded/Hacked App: SuperStar STARSHIP By Dalcomsoft Inc.
        Bundle ID: com.dalcomsoft.sss
        iTunes Store Link: https://apps.apple.com/us/app/superstar-starship/id1480181152?uo=4


        Hack Features:
        - Never Lose
        - Auto Dance
        - Always S.Perfect


        iOS Hack Download Link: https://iosgods.com/topic/164185-superstar-starship-cheats-v378-3/
        • 160 replies
        Laxus

        Picked By

        Laxus ,
      • Jetpack Joyride Cheats (Auto Update) +8

        Jetpack Joyride Cheats (Auto Update) +8

        Laxus posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Jetpack Joyride By Halfbrick
        Bundle ID: com.halfbrick.jetpack
        iTunes Store Link: https://apps.apple.com/us/app/jetpack-joyride/id457446957?uo=4

         

        📌 Mod Requirements

        - Jailbroken iPhone or iPad.
        - iGameGod / Filza / iMazing.
        - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak (from Sileo, Cydia or Zebra).

         

        🤩 Hack Features

        - Infinite Coins
        - High Score
        - God Mode
        - Free Shopping
        - Coin Magnet Enabled
        - Increased Magnet Range
        - All Items Owned
        - All Gadgets Unlocked

         

        Non-Jailbroken Hack: https://iosgods.com/topic/119791-jetpack-joyride-v1971-jailed-cheats-8/

         

        ⬇️ iOS Hack Download Link: https://iosgods.com/topic/119788-jetpack-joyride-cheats-v1972-8/
        • 515 replies
        Laxus

        Picked By

        Laxus ,
      • BitLife - Life Simulator v3.22.3 Jailed Cheats +2

        BitLife - Life Simulator v3.22.3 Jailed Cheats +2

        Laxus posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: BitLife - Life Simulator by Candywriter, LLC
        Bundle ID: com.wtfapps.apollo16
        iTunes Store Link: https://itunes.apple.com/us/app/bitlife-life-simulator/id1374403536?mt=8&uo=4&at=1010lce4



        Hack Features:
        - Infinite Cash



        Hack Download Link: https://iosgods.com/topic/84167-arm64-bitlife-life-simulator-v16-jailed-cheats-1/
        • 6,318 replies
        Laxus

        Picked By

        Laxus ,
      • Dice Dreams Cheats (Auto Update) +2

        Dice Dreams Cheats (Auto Update) +2

        0xygen posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Dice Dreams™ By SuperPlay LTD
        Bundle ID: com.superplaystudios.dicedreams
        iTunes Store Link: https://apps.apple.com/us/app/dice-dreams/id1484468651?uo=4


        Hack Features:
        - Custom Rolls
        - Unlimited Coins - afford regardless of if you have enough


        iOS Hack Download Link: https://iosgods.com/topic/138011-dice-dreams%E2%84%A2-v1692-2-cheats/
        • 666 replies
        Laxus

        Picked By

        Laxus ,
      • Monster Super League Cheats (Auto Update) +4

        Monster Super League Cheats (Auto Update) +4

        Rook posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Monster Super League By Smart Study Games Co., Ltd.
        Bundle ID: com.ftt.msleague
        iTunes Store Link: https://apps.apple.com/us/app/monster-super-league/id1092463295?uo=4

         

        📌 Mod Requirements

        - Jailbroken iPhone or iPad.
        - iGameGod / Filza / iMazing.
        - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak (from Sileo, Cydia or Zebra).

         

        🤩 Hack Features

        - x Player Damage - x1 - 100
        - x Player Defense - x1 - 100
        - Infinite Skills
        - 100% Capture Rate

         

        Non-Jailbroken Hack: https://iosgods.com/topic/73458-monster-super-league-v390-new-mod-menu/

         

        ⬇️ iOS Hack Download Link: https://iosgods.com/topic/73355-monster-super-league-by-four-thirty-three-v393-x-player-damage-more/
        • 1,308 replies
        Laxus

        Picked By

        Laxus ,
      • Lost Sword v1.5.0 +1 Jailed Cheat [ Auto Win ]

        Lost Sword v1.5.0 +1 Jailed Cheat [ Auto Win ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Lost Sword By Wemade Connect Co., Ltd.
        Bundle ID: com.wemadeconnect.ios.lostdgl
        App Store Link: https://apps.apple.com/us/app/lost-sword/id6482099823?uo=4

         
         

        🤩 Hack Features

        - Auto Win
        • 29 replies
        Puddin

        Picked By

        Puddin,
      • Hunter Raid : Idle RPG +5 Jailed Cheats

        Hunter Raid : Idle RPG +5 Jailed Cheats

        AlyssaX64 posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Hunter Raid : Idle RPG By Gameberry Studio Inc
        Bundle ID: studio.gameberry.idlehunter
        iTunes Store Link: https://apps.apple.com/us/app/hunter-raid-idle-rpg/id1668807323?uo=4


        Mod Requirements:
        - Non-Jailbroken/Jailed or Jailbroken iPhone/iPad/iPod Touch.
        - Sideloadly / Cydia Impactor or alternatives.
        - A Computer Running Windows/macOS/Linux with iTunes installed.


        Hack Features:
        - Damage Multiplier
        - Defense Multiplier
        - Unlimited MP
        - Freeze Currencies
        - Unlimited Currencies → Spend/Gain


        Jailbreak required hack(s): 


        iOS Hack Download IPA Link:

        Hidden Content

        Download via the iOSGods App








        PC Installation Instructions:
        STEP 1: If necessary, uninstall the app if you have it installed on your iDevice. Some hacked IPAs will install as a duplicate app. Make sure to back it up so you don't lose your progress.
        STEP 2: Download the pre-hacked .IPA file from the link above to your computer. To download from the iOSGods App, see this tutorial topic.
        STEP 3: Download Sideloadly and install it on your PC.
        STEP 4: Open/Run Sideloadly on your computer, connect your iOS Device, and wait until your device name shows up.
        STEP 5: Once your iDevice appears, drag the modded .IPA file you downloaded and drop it inside the Sideloadly application.
        STEP 6: You will now have to enter your iTunes/Apple ID email login, press "Start" & then you will be asked to enter your password. Go ahead and enter the required information.
        STEP 7: Wait for Sideloadly to finish sideloading/installing the hacked IPA. If there are issues during installation, please read the note below.
        STEP 8: Once the installation is complete and you see the app on your Home Screen, you will need to go to Settings -> General -> Profiles/VPN & Device Management. Once there, tap on the email you entered from step 6, and then tap on 'Trust [email protected]'.
        STEP 9: Now go to your Home Screen and open the newly installed app and everything should work fine. You may need to follow further per app instructions inside the hack's popup in-game.

        NOTE: iOS/iPadOS 16 and later, you must enable Developer Mode. For free Apple Developer accounts, you will need to repeat this process every 7 days. Jailbroken iDevices can also use Sideloadly/Filza/IPA Installer to normally install the IPA with AppSync. If you have any questions or problems, read our Sideloadly FAQ section of the topic and if you don't find a solution, please post your issue down below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.


        Credits:
        - AlyssaX64


        Cheat Video/Screenshots:

        N/A
        • 227 replies
        AlyssaX64

        Picked By

        AlyssaX64,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines