Jump to content
Community Announcements, Giveaways & More!

Debug iOS8.2 or iOS9.3.2 AppStore app using lldb.

babbunatale

By babbunatale
in Help & Support

 Share

18 posts in this topic

Recommended Posts

babbunatale Newbie

babbunatale 0
  •   9 

    • Posted
    Posted

    Hi everyone,

     

    first of all I wish you an happy hacking year !  (y)

    I'm very new in reverse engineering / debugging / iOS so excuse me for my newbie's questions. 

     

     

    Context:
    [everything was tried on iOS 9.3.2 AND iOS 8.2]

    I need to understand how an application generates its tokens passed through http headers. So, I disassembled it using Hopper I dumped all .header files and I then logged a lot of informations during runtime by hooking some functions to understand the process of 'how an authenticated http request is generated'. Now I almost know which function exactly generates which token, I need to go ahead and understand the way of a particular token is generated to be able to reproduce it. It seems that using lldb to set breakpoints and then dump the register's value at some step of the runtime could be the best way to achieve my goals, right ? 

    The steps I followed in order to use lldb are : 

    - decrypt the app using Clutch2 and download it on my desktop
    - install debug server and all stuff
    - thin the binary
    - set the thinned binary as lldb target
    - install the decrypted binary.ipa in the iPhone (I tried both with a decrypted version and the normal app store version)
    - set breakpoint: fail

     

    My problem:

    After having followed a lot of tutorials on it, I still don't get it to work.
    It's impossible to set breakpoint using a method name like: 

    (lldb): b -[ClassName methodCalled:]
// found on this tuts : http://highaltitudehacks.com/2015/05/17/ios-application-security-part-43-fat-binaries-and-lldb-usage-continued/
// does not work for me

    lldb says that the breakpoint can't be set, exactly as I've not "targeted" the binary.
    Plus, I don't really understand how to set a breakpoint using the memory address. Removing ASLR, finding memory addresses offset are just notions that brainf**ked me!

    Could someone help me by sending me a precise routine and more informations about ASLR, memory offset or other useful stuff? 

    PS: I read a lot of article on the web and also on this forum and some of them are just impossible to understand for a beginner like me... Please try to be "clear" :) 

    Thank you a lot guys ! :)

     

    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted (edited)

    attach process?

    that and have you set permissions? (chmod 777)

     

    Thank you for your answer. I'm note sure about the meaning of your question but I'll try to answer: 

    - of course I attach the process on iPhone side when I run debug server and then I do the following commands: 

    // iphone side
debugserver *:6666 -a <processNameOrId>


// desktop side
$ lldb
(lldb) platform select remote-ios
(lldb) target create --arch arm /path/to/my/decrypted/bin
(lldb) process connect connect://myIp:port

    --> everything is going fine here : debug server starts etc...

     

    Could you precise your idea about "permissions" ? 

    - debug server has the good permissions

    - my local decrypted binaries has read permissions 

     

    Any idea ? 

    Updated by babbunatale
    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted (edited)

    Binary needs read write and execute on all 3. Thats why we use chmod 777 to give it those permissions.

     

    Usually if its saying that it cant choose binary i think it must be some problem with attach process but cant say for sure

    Thank you for your answer. I'm note sure about the meaning of your question but I'll try to answer:

    - of course I attach the process on iPhone side when I run debug server and then I do the following commands:

     

    // iphone sidedebugserver *:6666 -a <processNameOrId>// desktop side$ lldb(lldb) platform select remote-ios(lldb) target create --arch arm /path/to/my/decrypted/bin(lldb) process connect connect://myIp:port
    --> everything is going fine here : debug server starts etc...

    Could you precise your idea about "permissions" ?

    - debug server has the good permissions

    - my local decrypted binaries has read permissions

    Any idea ?

    Did you attack the process id of the GAME on your computer?

    Use this tutorial https://iosgods.com/topic/5380-working-on-ios-9-how-to-get-lldb-working-on-windows/

    Updated by Archangel04
    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted

    Usually if its saying that it cant choose binary i think it must be some problem with attach process but cant say for sure

    Did you attack the process id of the GAME on your computer?

    Use this tutorial https://iosgods.com/topic/5380-working-on-ios-9-how-to-get-lldb-working-on-windows/

     

    Ok, I'll give a shot with the rwx permissions as you said above. I'll let your know :)

    About the tutorial, I do exactly the same thing and it works. But the problem happens when I try to set a breakpoint.

    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted

    Kay. Also when you start it, the game is running right?

    Ok, I'll give a shot with the rwx permissions as you said above. I'll let your know :)

    About the tutorial, I do exactly the same thing and it works. But the problem happens when I try to set a breakpoint.

    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted (edited)

    Have you done this

     

    Step 4: Open PuTTY or iFunBox and type in this command:

    debugserver 127.0.0.1:23 --attach=PID or BINARYNAME
    PID is the Process ID of the app and Binary Name is the Binary Name of the app. You can get PID & Binary Name from iGameGuardian or Binary Name from iFile/Filza.

     

    Sorry tag error the step 4 in the other one. IF the app has attached (i know that debug server did, but im asking regarding app not the server itself)

    Updated by Archangel04
    babbunatale Newbie

    babbunatale 0
  •   9 

    • Posted
    • Author
    Posted (edited)

    Have you done this

     

    Step 4: Open PuTTY or iFunBox and type in this command:

    debugserver 127.0.0.1:23 --attach=PID or BINARYNAME
    PID is the Process ID of the app and Binary Name is the Binary Name of the app. You can get PID & Binary Name from iGameGuardian or Binary Name from iFile/Filza.

     

    Sorry tag error the step 4 in the other one. IF the app has attached (i know that debug server did, but im asking regarding app not the server itself)

     

     

     

    OK so, here are the steps I followed : 

     

     

     

    Desktop side

     

    //1: thin the decypted with Clutch2 binary and set permissions :

     

    MacBook-Pro:Desktop $ lipo -thin armv7 -output snapchat-armv7 Snapchat

    MacBook-Pro:Desktop $ chmod 777 snapchat-armv7 && ls -l snapchat-armv7
-rwxrwxrwx  1 kevinpiacentini  staff  49819344  3 jan 19:03 snapchat-armv7

     

     

     

    // 2: start lldb

    (lldb) process connect connect://192.168.0.28:23
Process 564 stopped
* thread #1: tid = 0x0c9e, 0x38034474 libsystem_kernel.dylib`mach_msg_trap + 20, queue = 'com.apple.main-thread', stop reason = signal SIGSTOP
    frame #0: 0x38034474 libsystem_kernel.dylib`mach_msg_trap + 20
libsystem_kernel.dylib`mach_msg_trap:
->  0x38034474 <+20>: pop    {r4, r5, r6, r8}
    0x38034478 <+24>: bx     lr

libsystem_kernel.dylib`mach_msg_overwrite_trap:
    0x3803447c <+0>:  mov    r12, sp
    0x38034480 <+4>:  push   {r4, r5, r6, r8}
(lldb) platform select remote-ios
  Platform: remote-ios
 Connected: no
  SDK Path: "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"
 SDK Roots: [ 0] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"
 SDK Roots: [ 1] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/8.2 (12D508)"
 SDK Roots: [ 2] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.1 (13B143)"
 SDK Roots: [ 3] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.1 (13E238)"
 SDK Roots: [ 4] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.2 (13F69)"
 SDK Roots: [ 5] "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/9.3.5 (13G36)"




    (lldb) target create --arch arm ~/Desktop/snapchat-armv7
Current executable set to '~/Desktop/snapchat-armv7' (armv7).

(lldb) b -[LoginV2ViewController viewDidLoad]
Breakpoint 1: no locations (pending).
WARNING:  Unable to resolve breakpoint to any actual locations.

     

    iPhone Side

     

    iPhone:~ root# 
./debugserver *:23 --attach=Snapchat
debugserver-@(#)PROGRAM:debugserver  PROJECT:debugserver-320.2.89
 for armv7.
Attaching to process Snapchat...
Listening to port 23 for a connection from *...
Waiting for debugger instructions for process 0.

    Here you can see all my steps... Maybe I misunderstood something ?

    Updated by babbunatale
    Archangel04 Rookie

    Archangel04 33k
  •   iPhone 7 
  •   14.3

    • Posted
    Posted 

    (lldb) platform select remote-ios
  Platform: remote-ios
 Connected: no
  SDK Path: "/Users/kevinpiacentini/Library/Developer/Xcode/iOS DeviceSupport/10.1.1 (14B100)"

     

    "Connected: No" ??

    Create an account or sign in to comment

    You need to be a member in order to leave a comment

    Create an account

    Sign up for a new account in our community. It's easy!

    Register a new account

    Sign in

    Already have an account? Sign in here.

    Sign In Now
     Share
    Go to topic listing

    • Our picks

      • Raising a Pretty Grave Robber: Idle RPG ( 미소녀 도굴단 키우기: 방치형 RPG ) +5 Jailed Cheats [ Damage + More ]

        Raising a Pretty Grave Robber: Idle RPG ( 미소녀 도굴단 키우기: 방치형 RPG ) +5 Jailed Cheats [ Damage + More ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: 미소녀 도굴단 키우기: 방치형 RPG By Minseok Jo
        Bundle ID: com.joApps.MinerRPG
        iTunes Store Link: https://apps.apple.com/kr/app/미소녀-도굴단-키우기-방치형-rpg/id6756303472

         


        🤩 Hack Features

        - Damage Multiplier
        - God Mode
        - Freeze Currencies

        VIP
        - Unlimited Currencies -> Will increase instead of decrease.
        - Add Currencies -> Head into Settings and toggle any FPS button.
        • 4 replies
        Puddin

        Picked By

        Puddin,
      • Mystery Inn: Merge Adventure v2.11 [ +4 Cheats ] Currency Max

        Mystery Inn: Merge Adventure v2.11 [ +4 Cheats ] Currency Max

        IK_IK posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: Mystery Inn: Merge Adventure By Rhino Games LLC
        Bundle ID: com.rhinogames.hotel.project
        App Store Link: https://apps.apple.com/us/app/mystery-inn-merge-adventure/id1615061176?uo=4

        🤩 Hack Features

        - ADS NO
        - Unlimited Gems
        - Unlimited Coins
        - Unlimited Energy
        • 0 replies
        IK_IK

        Picked By

        IK_IK,
      • Mystery Inn: Merge Adventure v2.11 [ +4 Jailed ] Currency Max

        Mystery Inn: Merge Adventure v2.11 [ +4 Jailed ] Currency Max

        IK_IK posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Mystery Inn: Merge Adventure By Rhino Games LLC
        Bundle ID: com.rhinogames.hotel.project
        App Store Link: https://apps.apple.com/us/app/mystery-inn-merge-adventure/id1615061176?uo=4

        🤩 Hack Features

        - ADS NO
        - Unlimited Gems
        - Unlimited Coins
        - Unlimited Energy
        • 0 replies
        IK_IK

        Picked By

        IK_IK,
      • Spirit Summoners +4 Jailed Cheats [ Damage & Defence ]

        Spirit Summoners +4 Jailed Cheats [ Damage & Defence ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Spirit Summoners By Proficient City Hong Kong Limited
        Bundle ID: com.f5game.ss
        App Store Link: https://apps.apple.com/us/app/spirit-summoners/id6754621437?uo=4

         

        🤩 Hack Features

        - Damage Multiplier
        - Defence Multiplier
        - God Mode
        - No Skill Cooldown

        Requires a certificate / Signulous / App+ etc to play. Sideloadly will not work!
        • 10 replies
        Puddin

        Picked By

        Puddin,
      • Pickaxe King Island +3 Mods [ Unlimited Everything ]

        Pickaxe King Island +3 Mods [ Unlimited Everything ]

        Puddin posted a topic in Free Android Modded APKs,

        Mod APK Game Name: Pickaxe King Island by ROGUE UNION GAMES
        Rooted Device: Not Required.
        Google Play Store Link: https://play.google.com/store/apps/details?id=com.rogueuniongames.pickaxekingisland

         

        🤩 Hack Features

        - God Mode
        - Unlimited Everything -> Will increase instead of decrease.
        - Free Shopping
        • 2 replies
        Puddin

        Picked By

        Puddin,
      • Chrome Valley Customs +1 Jailed Cheat [ Freeze Moves ]

        Chrome Valley Customs +1 Jailed Cheat [ Freeze Moves ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Chrome Valley Customs By Space Ape Ltd
        Bundle ID: com.spaceapegames.carsuperstar
        iTunes Store Link: https://apps.apple.com/us/app/chrome-valley-customs/id6444042518
         

        Hack Features:
        - Freeze Moves


        Jailbreak required hack(s): https://iosgods.com/topic/173179-chrome-valley-customs-v400-1-cheat-unlimited-moves/
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 118 replies
        Puddin

        Picked By

        Puddin,
      • The Game is Bugged: Defense +7 Jailed Cheats [ Unlimited Currencies ]

        The Game is Bugged: Defense +7 Jailed Cheats [ Unlimited Currencies ]

        Puddin posted a topic in ViP Non-Jailbroken Hacks & Cheats,

        Modded/Hacked App: The Game is Bugged: Defense By NADDIC GAMES Co Ltd.
        Bundle ID: com.maf.TileDefense
        App Store Link: https://apps.apple.com/us/app/the-game-is-bugged-defense/id6757915094?uo=4

         

        🤩 Hack Features

        - One-Hit Kill
        - Freeze Currencies
        - Unlimited Currencies -> Will increase instead of decrease.
        - No Summon Cost
        - No Upgrade Cost
        - No Troop Limit
        - Score Multiplier
        • 5 replies
        Puddin

        Picked By

        Puddin,
      • Pickaxe King Island +4 Jailed Cheats [ Unlimited Everything ]

        Pickaxe King Island +4 Jailed Cheats [ Unlimited Everything ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Pickaxe King Island By ROGUE UNION GAMES
        Bundle ID: com.rogueuniongames.pickaxekingisland
        App Store Link: https://apps.apple.com/us/app/pickaxe-king-island/id6738040300?uo=4

         


        🤩 Hack Features

        - God Mode
        - One-Hit Kill
        - Unlimited Everything -> Will increase instead of decrease.
        - Free Shopping
          • Like
        • 30 replies
        Puddin

        Picked By

        Puddin,
      • Adorable Garden +1++ Jailed Cheat [ Unlimited Currencies ]

        Adorable Garden +1++ Jailed Cheat [ Unlimited Currencies ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Adorable Garden By Skyborne Games Inc
        Bundle ID: com.skybornegames.adorablegarden
        iTunes Store Link: https://apps.apple.com/us/app/adorable-garden/id6503631437?uo=4

         


        🤩 Hack Features

        - Freeze Currencies
        • 11 replies
        Puddin

        Picked By

        Puddin,
      • Tile Family®:Match Puzzle Game +5 Jailed Cheats [ Unlimited Currencies ]

        Tile Family®:Match Puzzle Game +5 Jailed Cheats [ Unlimited Currencies ]

        Puddin posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: Tile Family®:Match Puzzle Game By Jump Plaid GmbH
        Bundle ID: com.tile.match.blockpuzzle
        iTunes Store Link: https://apps.apple.com/us/app/tile-family-match-puzzle-game/id6444056676?uo=4


        Hack Features:
        - Unlimited Coins -> Earn or spend some.
        - Unlimited Lives -> Use coins.
        - Unlimited Stars -> Earn or spend some.
        - Unlimited Boosters -> Earn or spend some.
        - No Ads


        Jailbreak required hack(s): [Mod Menu Hack] Tile Family®:Match Puzzle Game v1.54.1 +5 Cheats [ Unlimited Currencies ] - Free Jailbroken Cydia Cheats - iOSGods
        Modded Android APK(s): https://iosgods.com/forum/68-android-section/
        For more fun, check out the Club(s): https://iosgods.com/clubs/
        • 38 replies
        Puddin

        Picked By

        Puddin,
      • (The War Of Genesis Mobile) 창세기전 모바일 - 아수라 프로젝트 +2 Jailed Cheats

        (The War Of Genesis Mobile) 창세기전 모바일 - 아수라 프로젝트 +2 Jailed Cheats

        AlyssaX64 posted a topic in Free Non-Jailbroken IPA Cheats,

        Modded/Hacked App: 창세기전 모바일 - 아수라 프로젝트 By LINE Games
        Bundle ID: com.linegames.gm
        iTunes Store Link: https://apps.apple.com/kr/app/%EC%B0%BD%EC%84%B8%EA%B8%B0%EC%A0%84-%EB%AA%A8%EB%B0%94%EC%9D%BC-%EC%95%84%EC%88%98%EB%9D%BC-%ED%94%84%EB%A1%9C%EC%A0%9D%ED%8A%B8/id6450174109?uo=4

         

         

        📌 Mod Requirements

        - Non-Jailbroken/Jailed or Jailbroken iPhone or iPad.
        - Sideloadly or alternatives.
        - Computer running Windows/macOS/Linux with iTunes installed.

         

        🤩 Hack Features

        - Damage Multiplier
        - Defense Multiplier

         

        ⬇️ iOS Hack Download IPA Link


        Hidden Content

        Download via the iOSGods App







         

        📖 PC Installation Instructions

        STEP 1: Download the pre-hacked .IPA file from the link above to your computer. To download from the iOSGods App, see our iOSGods App IPA Download Tutorial which includes a video example.
        STEP 2: Download Sideloadly and install it on your Windows or Mac.
        STEP 3: Open Sideloadly on your computer, connect your iOS device, and wait until your device name appears in Sideloadly.
        STEP 4: Once your iDevice is recognized, drag the modded .IPA file you downloaded and drop it into the Sideloadly application.
        STEP 5: Enter your Apple Account email when prompted, then press “Start.” You’ll then be asked to enter your password. Go ahead and provide the required information.
        STEP 6: Wait for Sideloadly to finish sideloading/installing the hacked IPA. If there are issues during installation, please read the note below.
        STEP 7: Once the installation is complete and you see the app on your Home Screen, you will need to go to Settings -> General -> Profiles / VPN & Device Management. Once there, tap on the email you entered from step 6, and then tap on 'Trust [email protected]'.
        STEP 8: Now go to your Home Screen and open the newly installed app and everything should work fine. You may need to follow further per app instructions inside the hack's popup in-game.

        NOTE: iOS/iPadOS 16 and later, you must enable Developer Mode. For free Apple Developer accounts, you will need to repeat this process every 7 days. If you have any questions or problems, read our Sideloadly FAQ section of the topic and if you don't find a solution, please post your issue below and we'll do our best to help! If the hack does work for you, post your feedback below and help out other fellow members that are encountering issues.

         

        🙌 Credits

        - AlyssaX64

         

        📷 Cheat Video/Screenshots

        N/A
        • 45 replies
        AlyssaX64

        Picked By

        AlyssaX64,
      • BitLife - Life Simulator Cheats v3.23.3 +2

        BitLife - Life Simulator Cheats v3.23.3 +2

        Laxus posted a topic in Free Jailbreak Cheats,

        Modded/Hacked App: BitLife - Life Simulator by Candywriter, LLC
        Bundle ID: com.wtfapps.apollo16
        iTunes Store Link: https://apps.apple.com/us/app/bitlife-life-simulator/id1374403536?uo=4&at=1010lce4


        Hack Features:
        - Infinite Cash
        - Free Bitizen Purchase (Press Cancle) - Work for All Versions


        Non-Jailbroken & No Jailbreak required hack(s): https://iosgods.com/topic/84167-arm64-bitlife-life-simulator-v1412-jailed-cheats-2/


        Hack Download Link: https://iosgods.com/topic/84223-arm64-bitlife-life-simulator-cheats-all-versions-2/
          • Agree
          • Haha
          • Thanks
          • Winner
          • Like
        • 3,998 replies
        Laxus

        Picked By

        Laxus ,
      View All
    ×
    ×
    • Create New...

    Important Information

    We would like to place cookies on your device to help make this website better. The website cannot give you the best user experience without cookies. You can accept or decline our cookies. You may also adjust your cookie settings. Privacy Policy - Guidelines