Jump to content
Community Announcements, Giveaways & More!

Debug iOS8.2 or iOS9.3.2 AppStore app using lldb.

babbunatale

By babbunatale
in Help & Support

 Share

18 posts in this topic

Recommended Posts

babbunatale Newbie

babbunatale 0
  •   9 

    • Posted
    Posted

    Hi everyone,

     

    first of all I wish you an happy hacking year !  (y)

    I'm very new in reverse engineering / debugging / iOS so excuse me for my newbie's questions. 

     

     

    Context:
    [everything was tried on iOS 9.3.2 AND iOS 8.2]

    I need to understand how an application generates its tokens passed through http headers. So, I disassembled it using Hopper I dumped all .header files and I then logged a lot of informations during runtime by hooking some functions to understand the process of 'how an authenticated http request is generated'. Now I almost know which function exactly generates which token, I need to go ahead and understand the way of a particular token is generated to be able to reproduce it. It seems that using lldb to set breakpoints and then dump the register's value at some step of the runtime could be the best way to achieve my goals, right ? 

    The steps I followed in order to use lldb are : 

    - decrypt the app using Clutch2 and download it on my desktop
    - install debug server and all stuff
    - thin the binary
    - set the thinned binary as lldb target
    - install the decrypted binary.ipa in the iPhone (I tried both with a decrypted version and the normal app store version)
    - set breakpoint: fail

     

    My problem:

    After having followed a lot of tutorials on it, I still don't get it to work.
    It's impossible to set breakpoint using a method name like: 

    (lldb): b -[ClassName methodCalled:]
// found on this tuts : http://highaltitudehacks.com/2015/05/17/ios-application-security-part-43-fat-binaries-and-lldb-usage-continued/
// does not work for me

    lldb says that the breakpoint can't be set, exactly as I've not "targeted" the binary.
    Plus, I don't really understand how to set a breakpoint using the memory address. Removing ASLR, finding memory addresses offset are just notions that brainf**ked me!

    Could someone help me by sending me a precise routine and more informations about ASLR, memory offset or other useful stuff? 

    PS: I read a lot of article on the web and also on this forum and some of them are just impossible to understand for a beginner like me... Please try to be "clear" :) 

    Thank you a lot guys ! :)

     

    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted (edited)

    attach process?

    that and have you set permissions? (chmod 777)

     

    Thank you for your answer. I'm note sure about the meaning of your question but I'll try to answer: 

    - of course I attach the process on iPhone side when I run debug server and then I do the following commands: 

    // iphone side
debugserver *:6666 -a <processNameOrId>


// desktop side
$ lldb
(lldb) platform select remote-ios
(lldb) target create --arch arm /path/to/my/decrypted/bin
(lldb) process connect connect://myIp:port

    --> everything is going fine here : debug server starts etc...

     

    Could you precise your idea about "permissions" ? 

    - debug server has the good permissions

    - my local decrypted binaries has read permissions 

     

    Any idea ? 

    Updated by babbunatale
    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted (edited)

    Binary needs read write and execute on all 3. Thats why we use chmod 777 to give it those permissions.

     

    Usually if its saying that it cant choose binary i think it must be some problem with attach process but cant say for sure

    Thank you for your answer. I'm note sure about the meaning of your question but I'll try to answer:

    - of course I attach the process on iPhone side when I run debug server and then I do the following commands:

     

    // iphone sidedebugserver *:6666 -a <processNameOrId>// desktop side$ lldb(lldb) platform select remote-ios(lldb) target create --arch arm /path/to/my/decrypted/bin(lldb) process connect connect://myIp:port
    --> everything is going fine here : debug server starts etc...

    Could you precise your idea about "permissions" ?

    - debug server has the good permissions

    - my local decrypted binaries has read permissions

    Any idea ?

    Did you attack the process id of the GAME on your computer?

    Use this tutorial https://iosgods.com/topic/5380-working-on-ios-9-how-to-get-lldb-working-on-windows/

    Updated by Archangel04
    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted

    Usually if its saying that it cant choose binary i think it must be some problem with attach process but cant say for sure

    Did you attack the process id of the GAME on your computer?

    Use this tutorial https://iosgods.com/topic/5380-working-on-ios-9-how-to-get-lldb-working-on-windows/

     

    Ok, I'll give a shot with the rwx permissions as you said above. I'll let your know :)

    About the tutorial, I do exactly the same thing and it works. But the problem happens when I try to set a breakpoint.

    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted

    Kay. Also when you start it, the game is running right?

    Ok, I'll give a shot with the rwx permissions as you said above. I'll let your know :)

    About the tutorial, I do exactly the same thing and it works. But the problem happens when I try to set a breakpoint.

    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted (edited)

    Have you done this

     

    Step 4: Open PuTTY or iFunBox and type in this command:

    debugserver 127.0.0.1:23 --attach=PID or BINARYNAME
    PID is the Process ID of the app and Binary Name is the Binary Name of the app. You can get PID & Binary Name from iGameGuardian or Binary Name from iFile/Filza.

     

    Sorry tag error the step 4 in the other one. IF the app has attached (i know that debug server did, but im asking regarding app not the server itself)

    Updated by Archangel04
    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted (edited)

    Have you done this

     

    Step 4: Open PuTTY or iFunBox and type in this command:

    debugserver 127.0.0.1:23 --attach=PID or BINARYNAME
    PID is the Process ID of the app and Binary Name is the Binary Name of the app. You can get PID & Binary Name from iGameGuardian or Binary Name from iFile/Filza.

     

    Sorry tag error the step 4 in the other one. IF the app has attached (i know that debug server did, but im asking regarding app not the server itself)

     

     

     

    OK so, here are the steps I followed : 

     

     

     

    Desktop side

     

    //1: thin the decypted with Clutch2 binary and set permissions :

     

    MacBook-Pro:Desktop $ lipo -thin armv7 -output snapchat-armv7 Snapchat

    MacBook-Pro:Desktop $ chmod 777 snapchat-armv7 && ls -l snapchat-armv7
-rwxrwxrwx  1 kevinpiacentini  staff  49819344  3 jan 19:03 snapchat-armv7

     

     

     

    // 2: start lldb

    (lldb) process connect connect://192.168.0.28:23
Process 564 stopped
* thread #1: tid = 0x0c9e, 0x38034474 libsystem_kernel.dylib`mach_msg_trap + 20, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x38034474 libsystem_kernel.dylib`mach_msg_trap + 20
libsystem_kernel.dylib`mach_msg_trap:
->  0x38034474 <+20>: pop    {r4, r5, r6, r8}
    0x38034478 <+24>: bx     lr

libsystem_kernel.dylib`mach_msg_overwrite_trap:
    0x3803447c <+0>:  mov    r12, sp
    0x38034480 <+4>:  push   {r4, r5, r6, r8}
(lldb) platform select remote-ios
  Platform: remote-ios
 Connected: no
  SDK Path: "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"
 SDK Roots: [ 0] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"
 SDK Roots: [ 1] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/8.2 (12D508)"
 SDK Roots: [ 2] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.1 (13B143)"
 SDK Roots: [ 3] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.1 (13E238)"
 SDK Roots: [ 4] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.2 (13F69)"
 SDK Roots: [ 5] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.5 (13G36)"




    (lldb) target create --arch arm ~/Desktop/snapchat-armv7
Current executable set to '~/Desktop/snapchat-armv7' (armv7).

(lldb) b -[LoginV2ViewController viewDidLoad]
Breakpoint 1: no locations (pending).
WARNING:  Unable to resolve breakpoint to any actual locations.

     

    iPhone Side

     

    iPhone:~ root# 
./debugserver *:23 --attach=Snapchat
debugserver-@(#)PROGRAM:debugserver  PROJECT:debugserver-320.2.89
 for armv7.
Attaching to process Snapchat...
Listening to port 23 for a connection from *...
Waiting for debugger instructions for process 0.

    Here you can see all my steps... Maybe I misunderstood something ?

    Updated by babbunatale
    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted 

    (lldb) platform select remote-ios
  Platform: remote-ios
 Connected: no
  SDK Path: "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"

     

    "Connected: No" ??

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing

    • Our picks

      • Transcender : Idle RPG +3 Jailed Cheats

        Transcender : Idle RPG +3 Jailed Cheats

        AlyssaX64 posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Transcender : Idle RPG By Rookie Project Co., Ltd.
        Bundle ID: com.playgames.transcender
        iTunes Store Link: https://apps.apple.com/sg/app/transcender-idle-rpg/id6448614350?uo=4

         

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - Damage Multiplier
        - Never Die

         

        ⬇️ iOS Hack Download IPA Link


        Hidden Content

        Download via the iOSGods App







         

        📖 PC Installation Instructions

        STEP 1: Download the pre-hacked .IPA file from the link above to your computer. To download from the iOSGods App, see our iOSGods App IPA Download Tutorial which includes a video example.
        STEP 2: Download Sideloadly and install it on your Windows or Mac.
        STEP 3: Open Sideloadly on your computer, connect your iOS device, and wait until your device name appears in Sideloadly.
        STEP 4: Once your iDevice is recognized, drag the modded .IPA file you downloaded and drop it into the Sideloadly application.
        STEP 5: Enter your Apple Account email, then press “Start.” You’ll then be asked to enter your password. Go ahead and provide the required information.
        STEP 6: Wait for Sideloadly to finish sideloading/installing the hacked IPA. If there are issues during installation, please read the note below.
        STEP 7: Once the installation is complete and you see the app on your Home Screen, you will need to go to Settings -> General -> Profiles / VPN & Device Management. Once there, tap on the email you entered from step 6, and then tap on 'Trust [email protected]'.
        STEP 8: Now go to your Home Screen and open the newly installed app and everything should work fine. You may need to follow further per app instructions inside the hack's popup in-game.

        NOTE: iOS/iPadOS 16 and later, you must enable Developer Mode. For free Apple Developer accounts, you will need to repeat this process every 7 days. If you have any questions or problems, read our Sideloadly FAQ section of the topic and if you don't find a solution, please post your issue below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.

         

        🙌 Credits

        - AlyssaX64

         

        📷 Cheat Video/Screenshots

        N/A
        • 143 replies
        AlyssaX64

        Picked By

        AlyssaX64,
      • Crunchyroll: Beyblade X Xone +1 Jailed Cheat [ Unlocked ]

        Crunchyroll: Beyblade X Xone +1 Jailed Cheat [ Unlocked ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Crunchyroll: Beyblade X Xone By Crunchyroll, LLC
        Bundle ID: com.crunchyroll.gv.beybladexxone
        App Store Link: https://apps.apple.com/us/app/crunchyroll-beyblade-x-xone/id6752970992?uo=4

         

        🤩 Hack Features

        -- Full Game Unlocked
        • 1 reply
        Puddin

        Picked By

        Puddin,
      • Tiles Survive! - VN v2.4.700 Jailed Cheats +2

        Tiles Survive! - VN v2.4.700 Jailed Cheats +2

        Laxus posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Tiles Survive! - VN By RED RIVER MEDIA COMPANY LIMITED
        Bundle ID: com.ios.ts.vn
        App Store Link: https://apps.apple.com/vn/app/tiles-survive-vn/id6756411412?uo=4

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - Multiply Attack
        - Multiply Defense

         

        ⬇️ iOS Hack Download IPA Link: https://iosgods.com/topic/207405-tiles-survive-vn-v24700-jailed-cheats-2/
        • 1 reply
        Laxus

        Picked By

        Laxus ,
      • Hoop Land v1.09.61 Jailed Cheats +2

        Hoop Land v1.09.61 Jailed Cheats +2

        Laxus posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Hoop Land By Koality Game LLC
        Bundle ID: com.koalitygame.hoopland
        App Store Link: https://apps.apple.com/us/app/hoop-land/id1605197976?uo=4

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - Unlocked All Modes
        - Add 1k Coins per Tap

         

        Jailbroken Hack: https://iosgods.com/topic/207403-hoop-land-cheats-auto-update-2/

         

        ⬇️ iOS Hack Download IPA Link: https://iosgods.com/topic/179857-hoop-land-v10961-jailed-cheats-2/
        • 145 replies
        Laxus

        Picked By

        Laxus ,
      • Disney Magic Kingdoms Cheats v11.4.0 +1

        Disney Magic Kingdoms Cheats v11.4.0 +1

        Laxus posted a topic in ViP Jailbreak Cheats,

        Modded/Hacked App: Disney Magic Kingdoms By Gameloft
        Bundle ID: com.gameloft.disneykingdom
        iTunes Store Link: https://apps.apple.com/us/app/disney-magic-kingdoms/id731592936?uo=4

         

        📌 Mod Requirements

        - Jailbroken iPhone or iPad.
        - iGameGod / Filza / iMazing.
        - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak (from Sileo, Cydia or Zebra).

         

        🤩 Hack Features

        - Free Store ( not Free iAP )

         

        Non-Jailbroken Hack: https://iosgods.com/topic/184748-disney-magic-kingdoms-v1012-jailed-cheats-1/

         

        ⬇️ iOS Hack Download Link: https://iosgods.com/topic/147877-disney-magic-kingdoms-cheats-v1020-1/
        • 416 replies
        Laxus

        Picked By

        Laxus ,
      • Jurassic World Alive Cheats (Auto Update) +3

        Jurassic World Alive Cheats (Auto Update) +3

        Rook posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Jurassic World Alive By Ludia
        Bundle ID: com.ludia.jw2
        iTunes Store Link: https://apps.apple.com/us/app/jurassic-world-alive/id1231085864


        Hack Features:
        - Dino Don't Move
        - Inf. Battery
        - VIP Enabled

        This hack is an In-Game Mod Menu (iGMM). In order to activate the Mod Menu, tap on the iOSGods button found inside the app. This hack works on the latest x64 or ARM64 iDevices: iPhone 5s, 6, 6 Plus, 6s, 6s Plus, 7, 7 Plus, 8, 8 Plus, X, Xr, Xs, Xs Max, SE, iPod Touch 6G, iPad Air, Air 2, Pro & iPad Mini 2, 3, 4 and later.
        • 1,744 replies
        Laxus

        Picked By

        Laxus ,
      • The Seven Deadly Sins: Idle v1.26.1 Jailed Cheats +3

        The Seven Deadly Sins: Idle v1.26.1 Jailed Cheats +3

        Laxus posted a topic in ViP Non-Jailbroken Hacks & Cheats,

        Modded/Hacked App: The Seven Deadly Sins: Idle By Netmarble Corporation
        Bundle ID: com.netmarble.nanarise
        iTunes Store Link: https://apps.apple.com/us/app/the-seven-deadly-sins-idle/id6469305531?uo=4


        Mod Requirements:
        - Non-Jailbroken/Jailed or Jailbroken iPhone/iPad/iPod Touch.
        - Sideloadly / Cydia Impactor or alternatives.
        - A Computer Running Windows/macOS/Linux with iTunes installed.


        Hack Features:
        - Multiply Attack
        - Multiply Defense
        - Modify Range


        Jailbreak required hack(s): https://iosgods.com/topic/185131-the-seven-deadly-sins-idle-cheats-v1231-4/


        iOS Hack Download IPA Link: https://iosgods.com/topic/185162-the-seven-deadly-sins-idle-v1231-jailed-cheats-3/
        • 139 replies
        Laxus

        Picked By

        Laxus ,
      • Travel Town - Merge Adventure v2.12.1472 Jailed Cheats +1

        Travel Town - Merge Adventure v2.12.1472 Jailed Cheats +1

        Laxus posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Travel Town - Merge Adventure By Magmatic Games Ltd
        Bundle ID: io.randomco.travel
        iTunes Store Link: https://apps.apple.com/us/app/travel-town-merge-adventure/id1521236603?uo=4


        Hack Features:
        - Infinite Currencies


        iOS Hack Download Link: https://iosgods.com/topic/148953-travel-town-merge-adventure-v212287-jailed-cheats-1/
        • 933 replies
        Laxus

        Picked By

        Laxus ,
      • Tap Titans 2 - Hero Legends Cheats (Auto Update) +9

        Tap Titans 2 - Hero Legends Cheats (Auto Update) +9

        XxReddingtonxX posted a topic in ViP Jailbreak Cheats,

        Modded/Hacked App: Tap Titans 2 - Hero Legends By Game Hive Corporation
        Bundle ID: com.gamehivecorp.taptitans2
        iTunes Store Link: https://apps.apple.com/us/app/tap-titans-2-hero-legends/id1120294802?uo=4


        Hack Features:
        - Free Level Up
        - Free Skill Upgrades
        - Free Hired Heroes Upgrades
        - Skills Cost 0 Mana To Use
        - No Skill Cooldown
        - Skip Waves - Each Kill acts like the boss so it takes you to next stage instantly no need for waves to move on to next stage
        - Monsters Have Low HP - kill faster
        - Collect Ad Rewards Without Having to Watch Videos


        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/forum/79-no-jailbreak-section/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 526 replies
        Laxus

        Picked By

        Laxus ,
      • Cafeland - World Kitchen v2.68.1 Jailed Cheats +1

        Cafeland - World Kitchen v2.68.1 Jailed Cheats +1

        Laxus posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Cafeland - World Kitchen by Gamegos Internet Teknolojileri Ltd Sti.
        Bundle ID: com.gamegos.mobile.cafeland
        iTunes Store Link: https://apps.apple.com/us/app/cafeland-world-kitchen/id1147665432?uo=4&at=1010lce4


        Hack Features:
        - Freeze Currencies

        iOS Hack Download Link: https://iosgods.com/topic/100703-arm64-cafeland-world-kitchen-v2182-jailed-cheats-1/
        • 623 replies
        Laxus

        Picked By

        Laxus ,
      • Simply Piano: Learn Piano Fast Modded (Auto Update) +1

        Simply Piano: Learn Piano Fast Modded (Auto Update) +1

        Laxus posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Simply Piano: Learn Piano Fast By Simply Ltd
        Bundle ID: com.joytunes.asla
        iTunes Store Link: https://apps.apple.com/us/app/simply-piano-learn-piano-fast/id1019442026?uo=4


        Hack Features:
        - PREMIUM
         

        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/topic/68652-simply-piano-v975-jailed-mod-1/


        Hack Download Link: https://iosgods.com/topic/83369-simply-piano-learn-piano-fast-modded-all-versions-1/
        • 1,553 replies
        Laxus

        Picked By

        Laxus ,
      • Raising a Pretty Grave Robber: Idle RPG ( 미소녀 도굴단 키우기: 방치형 RPG ) +5 Jailed Cheats [ Damage + More ]

        Raising a Pretty Grave Robber: Idle RPG ( 미소녀 도굴단 키우기: 방치형 RPG ) +5 Jailed Cheats [ Damage + More ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: 미소녀 도굴단 키우기: 방치형 RPG By Minseok Jo
        Bundle ID: com.joApps.MinerRPG
        iTunes Store Link: https://apps.apple.com/kr/app/미소녀-도굴단-키우기-방치형-rpg/id6756303472

         


        🤩 Hack Features

        - Damage Multiplier
        - God Mode
        - Freeze Currencies

        VIP
        - Unlimited Currencies -> Will increase instead of decrease.
        - Add Currencies -> Head into Settings and toggle any FPS button.
        • 5 replies
        Puddin

        Picked By

        Puddin,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines