Jump to content
Community Announcements, Giveaways & More!

Debug iOS8.2 or iOS9.3.2 AppStore app using lldb.

babbunatale

By babbunatale
in Help & Support

 Share

18 posts in this topic

Recommended Posts

babbunatale Newbie

babbunatale 0
  •   9 

    • Posted
    Posted

    Hi everyone,

     

    first of all I wish you an happy hacking year !  (y)

    I'm very new in reverse engineering / debugging / iOS so excuse me for my newbie's questions. 

     

     

    Context:
    [everything was tried on iOS 9.3.2 AND iOS 8.2]

    I need to understand how an application generates its tokens passed through http headers. So, I disassembled it using Hopper I dumped all .header files and I then logged a lot of informations during runtime by hooking some functions to understand the process of 'how an authenticated http request is generated'. Now I almost know which function exactly generates which token, I need to go ahead and understand the way of a particular token is generated to be able to reproduce it. It seems that using lldb to set breakpoints and then dump the register's value at some step of the runtime could be the best way to achieve my goals, right ? 

    The steps I followed in order to use lldb are : 

    - decrypt the app using Clutch2 and download it on my desktop
    - install debug server and all stuff
    - thin the binary
    - set the thinned binary as lldb target
    - install the decrypted binary.ipa in the iPhone (I tried both with a decrypted version and the normal app store version)
    - set breakpoint: fail

     

    My problem:

    After having followed a lot of tutorials on it, I still don't get it to work.
    It's impossible to set breakpoint using a method name like: 

    (lldb): b -[ClassName methodCalled:]
// found on this tuts : http://highaltitudehacks.com/2015/05/17/ios-application-security-part-43-fat-binaries-and-lldb-usage-continued/
// does not work for me

    lldb says that the breakpoint can't be set, exactly as I've not "targeted" the binary.
    Plus, I don't really understand how to set a breakpoint using the memory address. Removing ASLR, finding memory addresses offset are just notions that brainf**ked me!

    Could someone help me by sending me a precise routine and more informations about ASLR, memory offset or other useful stuff? 

    PS: I read a lot of article on the web and also on this forum and some of them are just impossible to understand for a beginner like me... Please try to be "clear" :) 

    Thank you a lot guys ! :)

     

    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted (edited)

    attach process?

    that and have you set permissions? (chmod 777)

     

    Thank you for your answer. I'm note sure about the meaning of your question but I'll try to answer: 

    - of course I attach the process on iPhone side when I run debug server and then I do the following commands: 

    // iphone side
debugserver *:6666 -a <processNameOrId>


// desktop side
$ lldb
(lldb) platform select remote-ios
(lldb) target create --arch arm /path/to/my/decrypted/bin
(lldb) process connect connect://myIp:port

    --> everything is going fine here : debug server starts etc...

     

    Could you precise your idea about "permissions" ? 

    - debug server has the good permissions

    - my local decrypted binaries has read permissions 

     

    Any idea ? 

    Updated by babbunatale
    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted (edited)

    Binary needs read write and execute on all 3. Thats why we use chmod 777 to give it those permissions.

     

    Usually if its saying that it cant choose binary i think it must be some problem with attach process but cant say for sure

    Thank you for your answer. I'm note sure about the meaning of your question but I'll try to answer:

    - of course I attach the process on iPhone side when I run debug server and then I do the following commands:

     

    // iphone sidedebugserver *:6666 -a <processNameOrId>// desktop side$ lldb(lldb) platform select remote-ios(lldb) target create --arch arm /path/to/my/decrypted/bin(lldb) process connect connect://myIp:port
    --> everything is going fine here : debug server starts etc...

    Could you precise your idea about "permissions" ?

    - debug server has the good permissions

    - my local decrypted binaries has read permissions

    Any idea ?

    Did you attack the process id of the GAME on your computer?

    Use this tutorial https://iosgods.com/topic/5380-working-on-ios-9-how-to-get-lldb-working-on-windows/

    Updated by Archangel04
    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted

    Usually if its saying that it cant choose binary i think it must be some problem with attach process but cant say for sure

    Did you attack the process id of the GAME on your computer?

    Use this tutorial https://iosgods.com/topic/5380-working-on-ios-9-how-to-get-lldb-working-on-windows/

     

    Ok, I'll give a shot with the rwx permissions as you said above. I'll let your know :)

    About the tutorial, I do exactly the same thing and it works. But the problem happens when I try to set a breakpoint.

    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted

    Kay. Also when you start it, the game is running right?

    Ok, I'll give a shot with the rwx permissions as you said above. I'll let your know :)

    About the tutorial, I do exactly the same thing and it works. But the problem happens when I try to set a breakpoint.

    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted (edited)

    Have you done this

     

    Step 4: Open PuTTY or iFunBox and type in this command:

    debugserver 127.0.0.1:23 --attach=PID or BINARYNAME
    PID is the Process ID of the app and Binary Name is the Binary Name of the app. You can get PID & Binary Name from iGameGuardian or Binary Name from iFile/Filza.

     

    Sorry tag error the step 4 in the other one. IF the app has attached (i know that debug server did, but im asking regarding app not the server itself)

    Updated by Archangel04
    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted (edited)

    Have you done this

     

    Step 4: Open PuTTY or iFunBox and type in this command:

    debugserver 127.0.0.1:23 --attach=PID or BINARYNAME
    PID is the Process ID of the app and Binary Name is the Binary Name of the app. You can get PID & Binary Name from iGameGuardian or Binary Name from iFile/Filza.

     

    Sorry tag error the step 4 in the other one. IF the app has attached (i know that debug server did, but im asking regarding app not the server itself)

     

     

     

    OK so, here are the steps I followed : 

     

     

     

    Desktop side

     

    //1: thin the decypted with Clutch2 binary and set permissions :

     

    MacBook-Pro:Desktop $ lipo -thin armv7 -output snapchat-armv7 Snapchat

    MacBook-Pro:Desktop $ chmod 777 snapchat-armv7 && ls -l snapchat-armv7
-rwxrwxrwx  1 kevinpiacentini  staff  49819344  3 jan 19:03 snapchat-armv7

     

     

     

    // 2: start lldb

    (lldb) process connect connect://192.168.0.28:23
Process 564 stopped
* thread #1: tid = 0x0c9e, 0x38034474 libsystem_kernel.dylib`mach_msg_trap + 20, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x38034474 libsystem_kernel.dylib`mach_msg_trap + 20
libsystem_kernel.dylib`mach_msg_trap:
->  0x38034474 <+20>: pop    {r4, r5, r6, r8}
    0x38034478 <+24>: bx     lr

libsystem_kernel.dylib`mach_msg_overwrite_trap:
    0x3803447c <+0>:  mov    r12, sp
    0x38034480 <+4>:  push   {r4, r5, r6, r8}
(lldb) platform select remote-ios
  Platform: remote-ios
 Connected: no
  SDK Path: "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"
 SDK Roots: [ 0] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"
 SDK Roots: [ 1] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/8.2 (12D508)"
 SDK Roots: [ 2] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.1 (13B143)"
 SDK Roots: [ 3] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.1 (13E238)"
 SDK Roots: [ 4] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.2 (13F69)"
 SDK Roots: [ 5] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.5 (13G36)"




    (lldb) target create --arch arm ~/Desktop/snapchat-armv7
Current executable set to '~/Desktop/snapchat-armv7' (armv7).

(lldb) b -[LoginV2ViewController viewDidLoad]
Breakpoint 1: no locations (pending).
WARNING:  Unable to resolve breakpoint to any actual locations.

     

    iPhone Side

     

    iPhone:~ root# 
./debugserver *:23 --attach=Snapchat
debugserver-@(#)PROGRAM:debugserver  PROJECT:debugserver-320.2.89
 for armv7.
Attaching to process Snapchat...
Listening to port 23 for a connection from *...
Waiting for debugger instructions for process 0.

    Here you can see all my steps... Maybe I misunderstood something ?

    Updated by babbunatale
    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted 

    (lldb) platform select remote-ios
  Platform: remote-ios
 Connected: no
  SDK Path: "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"

     

    "Connected: No" ??

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing

    • Our picks

      • Pocket Champs PVP Racing Games Cheats v7.3.20 +2

        Pocket Champs PVP Racing Games Cheats v7.3.20 +2

        Laxus posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Pocket Champs: 3D Racing Games By MADBOX
        Bundle ID: com.pocketchamps.game
        iTunes Store Link: https://apps.apple.com/us/app/pocket-champs-3d-racing-games/id1542776143?uo=4


        Hack Features:
        - Free Store (not Free iAP) -- Negative value will reset to 0 on launch
        - Infinite Coins & Gems

        iOS Hack Download Link: https://iosgods.com/topic/165006-pocket-champs-3d-racing-games-cheats-v318-2/
        • 219 replies
        Laxus

        Picked By

        Laxus ,
      • Cookies Inc. - Idle Tycoon v100.1 Jailed Cheats +2

        Cookies Inc. - Idle Tycoon v100.1 Jailed Cheats +2

        Laxus posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Cookies Inc. - Idle Tycoon By PIXELCUBE STUDIOS INC.
        Bundle ID: com.pixelcubestudios.cookiecollector2
        App Store Link: https://apps.apple.com/us/app/cookies-inc-idle-tycoon/id918606368?uo=4

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - Free iAP (Turn on inside iOSGods Mod Menu first)
        - iGameGod Cheat Engine Enabled

         

        ⬇️ iOS Hack Download IPA Link: https://iosgods.com/topic/116578-cookies-inc-idle-tycoon-v961-jailed-cheats-2/
        • 110 replies
        Laxus

        Picked By

        Laxus ,
      • Zombie Roguebie: Shooting Game v1.9.0 Jailed Cheats +9

        Zombie Roguebie: Shooting Game v1.9.0 Jailed Cheats +9

        Laxus posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Zombie Roguebie: Shooting Game By Metajoy Limited
        Bundle ID: com.boom.zombie.survival
        App Store Link: https://apps.apple.com/us/app/zombie-roguebie-shooting-game/id6752294198?uo=4

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - Infinite Ammo
        - No Reload
        - High Pickup Range
        - Premium

        ViP
        - God Mode
        - High Damage
        - High Fire Rate
        - Freeze Currencies
        - Unlock All Guns

         

        Jailbroken Hack: https://iosgods.com/topic/203205-zombie-roguebie-shooting-game-cheats-v122-9/


        ⬇️ iOS Hack Download IPA Link: https://iosgods.com/topic/203204-zombie-roguebie-shooting-game-v122-jailed-cheats-9/
        • 31 replies
        Laxus

        Picked By

        Laxus ,
      • My War: Frozen Survival v1.1.53 Jailed Cheats +2

        My War: Frozen Survival v1.1.53 Jailed Cheats +2

        Laxus posted a topic in ViP Non-Jailbroken Hacks & Cheats,

        Modded/Hacked App: My War: Frozen Survival By EVISTA PTE. LTD.
        Bundle ID: com.evsita.mywar.global.ios
        App Store Link: https://apps.apple.com/us/app/my-war-frozen-survival/id6753156289?uo=4

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - God Mode
        - Multiply Attack

         

        Jailbroken Hack: https://iosgods.com/topic/203750-my-war-frozen-survival-cheats-v1131-2/

         

        ⬇️ iOS Hack Download IPA Link: https://iosgods.com/topic/203749-my-war-frozen-survival-v1131-jailed-cheats-2/
        • 12 replies
        Laxus

        Picked By

        Laxus ,
      • Zombie Catchers : Hunt & sell Cheats (Auto Update) +2

        Zombie Catchers : Hunt & sell Cheats (Auto Update) +2

        Laxus posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Zombie Catchers : Hunt & sell By Two Men and a Dog Oy
        Bundle ID: fi.twomenandadog.zombiecatchers
        App Store Link: https://apps.apple.com/us/app/zombie-catchers-hunt-sell/id845918296?uo=4

         

        📌 Mod Requirements

        - Jailbroken iPhone or iPad.
        - iGameGod / Filza / iMazing.
        - Cydia Substrate, ElleKit, Substitute or libhooker depending on your jailbreak (from Sileo, Cydia or Zebra).

         

        🤩 Hack Features

        - Infinite Coins
        - Inifnite Plutonium

         

        Non-Jailbroken Hack: https://iosgods.com/topic/78626-zombie-catchers-hunt-sell-v1621-jailed-cheats-2/

         

        ⬇️ iOS Hack Download Link: https://iosgods.com/topic/78564-zombie-catchers-hunt-sell-cheats-auto-update-2/
        • 184 replies
        Laxus

        Picked By

        Laxus ,
      • Polysphere: Art Puzzle 3D Modded (Auto Update) +1

        Polysphere: Art Puzzle 3D Modded (Auto Update) +1

        Laxus posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Polysphere by Playgendary GmbH
        Bundle ID: com.playgendary.polyspherecoolgame
        iTunes Store Link: https://apps.apple.com/us/app/polysphere/id1440756080?uo=4&at=1010lce4



        Hack Features:
        - PREMIUM (Unlock All Pictures)


        iOS Hack Download Link: https://iosgods.com/topic/102419-arm64-polysphere-cheats-v143-1/
        • 70 replies
        Laxus

        Picked By

        Laxus ,
      • Super Hit Baseball v4.12.4 [ +4 Jailed ] AI Stupid

        Super Hit Baseball v4.12.4 [ +4 Jailed ] AI Stupid

        IK_IK posted a topic in ViP Non-Jailbroken Hacks & Cheats,

        Modded/Hacked App: Super Hit Baseball By Hothead Games
        Bundle ID: com.hotheadgames.ios.baseballbattle
        iTunes Store Link: https://apps.apple.com/us/app/super-hit-baseball/id1473199423?uo=4
        Hack Features

        - AI Stupid
        - Play Cost
        - Team Cost
        - Bat Status [ Power Boost Control ] Always Home Run Some Time Mis
        • 6 replies
        IK_IK

        Picked By

        IK_IK,
      • Super Hit Baseball v4.12.4 [ +4 Cheats ] AI Stupid

        Super Hit Baseball v4.12.4 [ +4 Cheats ] AI Stupid

        IK_IK posted a topic in ViP Jailbreak Cheats,

        Modded/Hacked App: Super Hit Baseball By Hothead Games
        Bundle ID: com.hotheadgames.ios.baseballbattle
        iTunes Store Link: https://apps.apple.com/us/app/super-hit-baseball/id1473199423?uo=4

        Hack Features

        - AI Stupid
        - Play Cost
        - Team Cost
        - Bat Status [ Power Boost Control ] Always Home Run Some Time Mis
        • 12 replies
        IK_IK

        Picked By

        IK_IK,
      • Hello Town: Merge & Succeed v3.8 [ +3 Cheats ] Currency Max

        Hello Town: Merge & Succeed v3.8 [ +3 Cheats ] Currency Max

        IK_IK posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Hello Town By Springcomes Co., Ltd.
        Bundle ID: com.spcomes.hellotown
        iTunes Store Link: https://apps.apple.com/us/app/hello-town/id6737850281?uo=4


        Hack Features

        - Diamonds
        - Gold
        - Energy Freeze



        For Non-Jailbroken & No Jailbreak required hacks: https://iosgods.com/forum/79-no-jailbreak-section/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        • 37 replies
        IK_IK

        Picked By

        IK_IK,
      • Hello Town: Merge & Succeed v3.8 [ +3 Jailed ] Currency Max

        Hello Town: Merge & Succeed v3.8 [ +3 Jailed ] Currency Max

        IK_IK posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Hello Town By Springcomes Co., Ltd.
        Bundle ID: com.spcomes.hellotown
        iTunes Store Link: https://apps.apple.com/us/app/hello-town/id6737850281?uo=4

         

        Hack Features

        - Diamonds
        - Gold
        - Energy Freeze



        Jailbreak required iOS hacks: https://iosgods.com/forum/5-game-cheats-hack-requests/
        Modded Android APKs: https://iosgods.com/forum/68-android-section/
        • 36 replies
        IK_IK

        Picked By

        IK_IK,
      • Duck Dice: Casual Board Game +3 Cheats

        Duck Dice: Casual Board Game +3 Cheats

        AlyssaX64 posted a topic in Free Android Modded APKs,

        Mod APK Game Name: Duck Dice: Casual Board Game By treeplla Inc.
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=com.tree.hybrid.farmerisback

         

        🤩 Hack Features

        - Damage Multiplier
        - Never Die
        - Reward Multiplier

         

        ⬇️ Android Mod APK Download Link


        Hidden Content

        Download via the iOSGods App for Android







         

        📖 Android Installation Instructions

        STEP 1: Download the modded APK file from the link above using your preferred Android browser or download manager.
        STEP 2: Once the download is complete, open your file manager and locate the downloaded .apk file (usually in the Downloads folder).
        STEP 3: Tap the APK file, then select Install. If prompted, enable Install from Unknown Sources in your device settings.
        STEP 3A: If the mod includes an OBB file, extract it if it’s inside an archive. Then move the folder to: /Android/obb/
        STEP 3B: If the mod includes a DATA file, extract it if it’s archived. Then move the folder to: /Android/data/
        STEP 4: Once installed, open the game and toggle your desired cheats & features through the APK mod menu. Enjoy!

         

        NOTE: If you have any questions or issues, read our Frequently Asked Questions topic. If you still need help, post your issue below and we’ll assist you as soon as possible. If the mod works for you, please share your feedback to help other members!

         

        🙌 Credits

        - AlyssaX64

         

        📷 Cheat Video/Screenshots

        N/A

         

         iOS & iPadOS App Hacks
        If you’re looking for Non-Jailbroken & No Jailbreak required iOS IPA hacks, visit the iOS Game Cheats & Hacks or the iOSGods App for a variety of modded games and apps for non-jailbroken iOS devices.
        • 1 reply
        AlyssaX64

        Picked By

        AlyssaX64,
      • Duck Dice: Casual Board Game +3 Jailed Cheats

        Duck Dice: Casual Board Game +3 Jailed Cheats

        AlyssaX64 posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Duck Dice: Casual Board Game By treeplla Inc.
        Bundle ID: com.tree.hybrid.farmerisback
        App Store Link: https://apps.apple.com/us/app/duck-dice-casual-board-game/id6757574502?uo=4

         

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - Damage Multiplier
        - Defense Multiplier
        - Reward Multiplier

         

        ⬇️ iOS Hack Download IPA Link


        Hidden Content

        Download via the iOSGods App







         

        📖 PC Installation Instructions

        STEP 1: Download the pre-hacked .IPA file from the link above to your computer. To download from the iOSGods App, see our iOSGods App IPA Download Tutorial which includes a video example.
        STEP 2: Download Sideloadly and install it on your Windows or Mac.
        STEP 3: Open Sideloadly on your computer, connect your iOS device, and wait until your device name appears in Sideloadly.
        STEP 4: Once your iDevice is recognized, drag the modded .IPA file you downloaded and drop it into the Sideloadly application.
        STEP 5: Enter your Apple Account email, then press “Start.” You’ll then be asked to enter your password. Go ahead and provide the required information.
        STEP 6: Wait for Sideloadly to finish sideloading/installing the hacked IPA. If there are issues during installation, please read the note below.
        STEP 7: Once the installation is complete and you see the app on your Home Screen, you will need to go to Settings -> General -> Profiles / VPN & Device Management. Once there, tap on the email you entered from step 6, and then tap on 'Trust [email protected]'.
        STEP 8: Now go to your Home Screen and open the newly installed app and everything should work fine. You may need to follow further per app instructions inside the hack's popup in-game.

        NOTE: iOS/iPadOS 16 and later, you must enable Developer Mode. For free Apple Developer accounts, you will need to repeat this process every 7 days. If you have any questions or problems, read our Sideloadly FAQ section of the topic and if you don't find a solution, please post your issue below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.

         

        🙌 Credits

        - AlyssaX64

         

        📷 Cheat Video/Screenshots

        N/A
        • 0 replies
        AlyssaX64

        Picked By

        AlyssaX64,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines