Tutorial [ARM64] IDA + LLDB Tutorial [Noob Friendly]

[Wwvk 4 iPad (7th Gen) 14.3]

26 minutes ago, Ted2 said:

Could you post full stack trace?

27 minutes ago, Ted2 said:

Could you post full stack trace?

i dont really know how to post a screenshot on here lol so i copied and pasted the whole thing

> Making all for tweak bloodyharry…
make[2]: Nothing to be done for 'internal-library-compile'.
> Making all in bloodyharrySettings…
> Making all for bundle bloodyharry…
==> Copying resource directories into the bundle wrapper…
==> Compiling bloodyharry.mm (armv7)…
While building module 'Preferences' imported from bloodyharry.mm:1:
In file included from <module-includes>:1:
In file included from /var/theos/include/Preferences/Preferences.h:2:
In file included from /var/theos/include/Preferences/NSArray+PreferencesAddition.h:1:
In file included from /var/theos/include/Preferences/PSSpecifier.h:2:
/var/theos/include/Preferences/PSTableCell.h:53:18: error: expected ';' after method prototype
- (BOOL)isChecked API_AVAILABLE(ios(6.0));
                 ^
                 ;
/var/theos/include/Preferences/PSTableCell.h:55:47: error: expected ':'
- (void)setChecked:(BOOL)checked API_AVAILABLE(ios(6.0));
                                              ^
                                              :
/var/theos/include/Preferences/PSTableCell.h:55:47: error: expected ';' after method prototype
- (void)setChecked:(BOOL)checked API_AVAILABLE(ios(6.0));
                                              ^
                                              ;
While building module 'Preferences' imported from bloodyharry.mm:1:
In file included from <module-includes>:1:
In file included from /var/theos/include/Preferences/Preferences.h:2:
In file included from /var/theos/include/Preferences/NSArray+PreferencesAddition.h:1:
/var/theos/include/Preferences/PSSpecifier.h:123:66: error: expected ':'
+ (instancetype)groupSpecifierWithID:(NSString *)ID API_AVAILABLE(ios(8.0));
                                                                 ^
                                                                 :
/var/theos/include/Preferences/PSSpecifier.h:123:66: error: expected ';' after method prototype
+ (instancetype)groupSpecifierWithID:(NSString *)ID API_AVAILABLE(ios(8.0));
                                                                 ^
                                                                 ;
bloodyharry.mm:1:9: fatal error: could not build module 'Preferences'
#import <Preferences/PSListController.h>
 ~~~~~~~^
6 errors generated.
make[4]: *** [/var/theos/makefiles/instance/rules.mk:201: /var/root/bloodyharry/.theos/obj/armv7/bloodyharry.mm.c520ca07.o] Error 1
==> Compiling bloodyharry.mm (arm64)…
While building module 'Preferences' imported from bloodyharry.mm:1:
In file included from <module-includes>:1:
In file included from /var/theos/include/Preferences/Preferences.h:2:
In file included from /var/theos/include/Preferences/NSArray+PreferencesAddition.h:1:
In file included from /var/theos/include/Preferences/PSSpecifier.h:2:
/var/theos/include/Preferences/PSTableCell.h:53:18: error: expected ';' after method prototype
- (BOOL)isChecked API_AVAILABLE(ios(6.0));
                 ^
                 ;
/var/theos/include/Preferences/PSTableCell.h:55:47: error: expected ':'
- (void)setChecked:(BOOL)checked API_AVAILABLE(ios(6.0));
                                              ^
                                              :
/var/theos/include/Preferences/PSTableCell.h:55:47: error: expected ';' after method prototype
- (void)setChecked:(BOOL)checked API_AVAILABLE(ios(6.0));
                                              ^
                                              ;
While building module 'Preferences' imported from bloodyharry.mm:1:
In file included from <module-includes>:1:
In file included from /var/theos/include/Preferences/Preferences.h:2:
In file included from /var/theos/include/Preferences/NSArray+PreferencesAddition.h:1:
/var/theos/include/Preferences/PSSpecifier.h:123:66: error: expected ':'
+ (instancetype)groupSpecifierWithID:(NSString *)ID API_AVAILABLE(ios(8.0));
                                                                 ^
                                                                 :
/var/theos/include/Preferences/PSSpecifier.h:123:66: error: expected ';' after method prototype
+ (instancetype)groupSpecifierWithID:(NSString *)ID API_AVAILABLE(ios(8.0));
                                                                 ^
                                                                 ;
bloodyharry.mm:1:9: fatal error: could not build module 'Preferences'
#import <Preferences/PSListController.h>
 ~~~~~~~^
6 errors generated.
make[4]: *** [/var/theos/makefiles/instance/rules.mk:201: /var/root/bloodyharry/.theos/obj/arm64/bloodyharry.mm.cda5af5f.o] Error 1
make[3]: *** [/var/theos/makefiles/instance/bundle.mk:37: /var/root/bloodyharry/.theos/obj/armv7/bloodyharry.bundle/bloodyharry] Error 2
make[3]: *** Waiting for unfinished jobs....
make[3]: *** [/var/theos/makefiles/instance/bundle.mk:37: /var/root/bloodyharry/.theos/obj/arm64/bloodyharry.bundle/bloodyharry] Error 2
make[2]: *** [/var/theos/makefiles/instance/bundle.mk:26: internal-bundle-all_] Error 2
make[1]: *** [/var/theos/makefiles/master/rules.mk:117: bloodyharry.all.bundle.variables] Error 2
make: *** [/var/theos/makefiles/master/aggregate.mk:12: internal-all] Error 2

 

 

[Ted2 39k iPhone 13 Pro 16.0 Donor]

8 hours ago, Wwvk said:

 

How did you install theos? And which SDK did you download?

[Wwvk 4 iPad (7th Gen) 14.3]

1 hour ago, Ted2 said:

How did you install theos? And which SDK did you download?

I got Theos by following the rook tutorial and using putty on windows and I’m using the iphoneos9.3 sdk

[Ted2 39k iPhone 13 Pro 16.0 Donor]

11 hours ago, Wwvk said:

I got Theos by following the rook tutorial and using putty on windows and I’m using the iphoneos9.3 sdk

Try these sdks: https://github.com/theos/sdks, download them and extract in the sdks folder. Then run: make clean package and see if that works.

[Wwvk 4 iPad (7th Gen) 14.3]

6 hours ago, Ted2 said:

Try these sdks: https://github.com/theos/sdks, download them and extract in the sdks folder. Then run: make clean package and see if that works.

after doing that i get 55 errors but i think it might have something to do with me being on ios 13, does that have something to do with it maybe?

[Mr.Stop 0 iPhone X 13.2.2]

Very good

Very good ..

[Ted2 39k iPhone 13 Pro 16.0 Donor]

On 2/18/2022 at 8:21 PM, Wwvk said:

after doing that i get 55 errors but i think it might have something to do with me being on ios 13, does that have something to do with it maybe?

It might be that the template I used in this guide is outdated for theos. You could try to make a menu instead with this template:

https://github.com/joeyjurjens/iOS-Mod-Menu-Template-for-Theos

[cinderace 0 iPhone 7 Plus 14.4.2]

Hey, really nice tutorial, it gave me a nice motivation to start hacking on iOS devices too!

I've been trying to reverse engineer Head Soccer as my first proper project but I really did not understand how ASLR works on ARM64.

 

(lldb) image list "headsoccer"

[  0] 177C24B9-537F-3B7A-ACDF-74DDC1B4D35B 0x00000001022d8000 /private/var/containers/Bundle/Application/028CC5F9-515B-4E52-8380-ED4D992353B8/headsoccer.app/headsoccer

(lldb)

According to the guide I need to take the last 5 hex digits of the address 0x1022d8000, aka d8000 but I wonder if this is always the case or if the ASLR slide could include more or less digits (like 0x4000 or 0x100000).

Many thanks for publishing this guide!

Updated March 13, 2022 by cinderace
fixed some bad grammar

[0xja5er 296 iPhone 7 iOS 14]

Ty

[0xja5er 296 iPhone 7 iOS 14]

Really good tutorial. Curious if there are any other good alternatives than mem scan+LLDB watch+IDA+repatch.