Tool GNU Debugger (gdb) For ARM64!

July 18, 2018

The best debugger ever made has returned to iOS with arm64 support! I have spent about five days fixing bugs, adding features, and making this GDB usable. However, I need all the help I can get in fixing bugs. If you find a bug, or see any debug output, *PLEASE* DM me on Twitter @hackedbyshmoo with steps to reproduce so I can add that bug to my list.

Installs to /usr/bin, put your gdbinit in /var/root if you run GDB as root and /var/mobile if you run GDB as mobile.

It is buggy. Please dont get your hopes up. If you get abort trap: 6 when trying to attach, keep trying or use the pid

if you jailbroke with doubleh3lix this may not work due to issues sending signals over SSH

Bugs destroyed:
- SIGINT wasn't being handled correctly. If you tried to interrupt the program, nothing would happen, the GDB prompt wouldn't come back, and you wouldn't be able to type. Fixed by writing my own SIGINT handler
- When you detached from a process, a ton of errors would be spit to the screen and it would fail. This no longer happens and detaching works again
- You can no longer Ctrl C two times in a row, which would either (a)ruin your debugging session or (b)crash GDB
- A broken breakpoint auto-added when attaching that would screw up your debugging session is auto-deleted ("could not insert breakpoint -1")
- The inferior's name wasn't being updated correctly. Fixed by calling exec_close whenever you attach to something
- No more nasty errors when you kill the debuggee
- iOS 10 support by changing DYLD_VERSION_MAX from 14 to 15
- You can debug multithreaded programs without GDB crashing. Before, doing anything after a breakpoint hit would cause GDB to crash
- You can attach to a process if you give its executable name

New:
- add-aslr-bp: a command to automatically add the ASLR slide to breakpoints. To use, set add-aslr-bp on
- add-aslr-set: a command to automatically add the ASLR slide to the expression in the set command. To use, set add-aslr-set on. Since memory addresses already have ASLR accounted for, we need an upper bound to know when to not add the ASLR slide. Use 0x103000000 if you know you aren't going to be modifing memory and only instructions, otherwise, use IDA Pro to find out where main code segment ends (Ctrl+S)

Notes:
- You must install Gawk package from CoolStar’s repo for this gdb to work. Hardware watchpoints will never be supported

Known bugs:
- Rare bug that can be fixed by detaching and reattaching
- Spamming c after a breakpoint hits may crash GDB under special circumstances
- Very bad lag when scrolling up in the TUI asm window

TODO:
- ascii value of memory shown side by side with the actual memory printed out by the examine command (x)
- TUI window that shows memory like Cheat Engine's memory editor