Tutorial [ARM64] IDA + LLDB Tutorial [Noob Friendly]

Wwvk · February 17, 2022

26 minutes ago, Ted2 said:

Could you post full stack trace?

27 minutes ago, Ted2 said:

Could you post full stack trace?

i dont really know how to post a screenshot on here lol so i copied and pasted the whole thing

> Making all for tweak bloodyharry…
make[2]: Nothing to be done for 'internal-library-compile'.
> Making all in bloodyharrySettings…
> Making all for bundle bloodyharry…
==> Copying resource directories into the bundle wrapper…
==> Compiling bloodyharry.mm (armv7)…
While building module 'Preferences' imported from bloodyharry.mm:1:
In file included from <module-includes>:1:
In file included from /var/theos/include/Preferences/Preferences.h:2:
In file included from /var/theos/include/Preferences/NSArray+PreferencesAddition.h:1:
In file included from /var/theos/include/Preferences/PSSpecifier.h:2:
/var/theos/include/Preferences/PSTableCell.h:53:18: error: expected ';' after method prototype
- (BOOL)isChecked API_AVAILABLE(ios(6.0));
                 ^
                 ;
/var/theos/include/Preferences/PSTableCell.h:55:47: error: expected ':'
- (void)setChecked:(BOOL)checked API_AVAILABLE(ios(6.0));
                                              ^
                                              :
/var/theos/include/Preferences/PSTableCell.h:55:47: error: expected ';' after method prototype
- (void)setChecked:(BOOL)checked API_AVAILABLE(ios(6.0));
                                              ^
                                              ;
While building module 'Preferences' imported from bloodyharry.mm:1:
In file included from <module-includes>:1:
In file included from /var/theos/include/Preferences/Preferences.h:2:
In file included from /var/theos/include/Preferences/NSArray+PreferencesAddition.h:1:
/var/theos/include/Preferences/PSSpecifier.h:123:66: error: expected ':'
+ (instancetype)groupSpecifierWithID:(NSString *)ID API_AVAILABLE(ios(8.0));
                                                                 ^
                                                                 :
/var/theos/include/Preferences/PSSpecifier.h:123:66: error: expected ';' after method prototype
+ (instancetype)groupSpecifierWithID:(NSString *)ID API_AVAILABLE(ios(8.0));
                                                                 ^
                                                                 ;
bloodyharry.mm:1:9: fatal error: could not build module 'Preferences'
#import <Preferences/PSListController.h>
 ~~~~~~~^
6 errors generated.
make[4]: *** [/var/theos/makefiles/instance/rules.mk:201: /var/root/bloodyharry/.theos/obj/armv7/bloodyharry.mm.c520ca07.o] Error 1
==> Compiling bloodyharry.mm (arm64)…
While building module 'Preferences' imported from bloodyharry.mm:1:
In file included from <module-includes>:1:
In file included from /var/theos/include/Preferences/Preferences.h:2:
In file included from /var/theos/include/Preferences/NSArray+PreferencesAddition.h:1:
In file included from /var/theos/include/Preferences/PSSpecifier.h:2:
/var/theos/include/Preferences/PSTableCell.h:53:18: error: expected ';' after method prototype
- (BOOL)isChecked API_AVAILABLE(ios(6.0));
                 ^
                 ;
/var/theos/include/Preferences/PSTableCell.h:55:47: error: expected ':'
- (void)setChecked:(BOOL)checked API_AVAILABLE(ios(6.0));
                                              ^
                                              :
/var/theos/include/Preferences/PSTableCell.h:55:47: error: expected ';' after method prototype
- (void)setChecked:(BOOL)checked API_AVAILABLE(ios(6.0));
                                              ^
                                              ;
While building module 'Preferences' imported from bloodyharry.mm:1:
In file included from <module-includes>:1:
In file included from /var/theos/include/Preferences/Preferences.h:2:
In file included from /var/theos/include/Preferences/NSArray+PreferencesAddition.h:1:
/var/theos/include/Preferences/PSSpecifier.h:123:66: error: expected ':'
+ (instancetype)groupSpecifierWithID:(NSString *)ID API_AVAILABLE(ios(8.0));
                                                                 ^
                                                                 :
/var/theos/include/Preferences/PSSpecifier.h:123:66: error: expected ';' after method prototype
+ (instancetype)groupSpecifierWithID:(NSString *)ID API_AVAILABLE(ios(8.0));
                                                                 ^
                                                                 ;
bloodyharry.mm:1:9: fatal error: could not build module 'Preferences'
#import <Preferences/PSListController.h>
 ~~~~~~~^
6 errors generated.
make[4]: *** [/var/theos/makefiles/instance/rules.mk:201: /var/root/bloodyharry/.theos/obj/arm64/bloodyharry.mm.cda5af5f.o] Error 1
make[3]: *** [/var/theos/makefiles/instance/bundle.mk:37: /var/root/bloodyharry/.theos/obj/armv7/bloodyharry.bundle/bloodyharry] Error 2
make[3]: *** Waiting for unfinished jobs....
make[3]: *** [/var/theos/makefiles/instance/bundle.mk:37: /var/root/bloodyharry/.theos/obj/arm64/bloodyharry.bundle/bloodyharry] Error 2
make[2]: *** [/var/theos/makefiles/instance/bundle.mk:26: internal-bundle-all_] Error 2
make[1]: *** [/var/theos/makefiles/master/rules.mk:117: bloodyharry.all.bundle.variables] Error 2
make: *** [/var/theos/makefiles/master/aggregate.mk:12: internal-all] Error 2

Ted2 · February 17, 2022

8 hours ago, Wwvk said:

How did you install theos? And which SDK did you download?

Wwvk · February 18, 2022

1 hour ago, Ted2 said:

How did you install theos? And which SDK did you download?

I got Theos by following the rook tutorial and using putty on windows and I’m using the iphoneos9.3 sdk

Ted2 · February 18, 2022

11 hours ago, Wwvk said:

I got Theos by following the rook tutorial and using putty on windows and I’m using the iphoneos9.3 sdk

Try these sdks: https://github.com/theos/sdks, download them and extract in the sdks folder. Then run: make clean package and see if that works.

Wwvk · February 18, 2022

6 hours ago, Ted2 said:

Try these sdks: https://github.com/theos/sdks, download them and extract in the sdks folder. Then run: make clean package and see if that works.

after doing that i get 55 errors but i think it might have something to do with me being on ios 13, does that have something to do with it maybe?

Mr.Stop · February 22, 2022

Very good

Very good ..

Ted2 · February 24, 2022

On 2/18/2022 at 8:21 PM, Wwvk said:

after doing that i get 55 errors but i think it might have something to do with me being on ios 13, does that have something to do with it maybe?

It might be that the template I used in this guide is outdated for theos. You could try to make a menu instead with this template:

https://github.com/joeyjurjens/iOS-Mod-Menu-Template-for-Theos

cinderace · March 13, 2022

Hey, really nice tutorial, it gave me a nice motivation to start hacking on iOS devices too!

I've been trying to reverse engineer Head Soccer as my first proper project but I really did not understand how ASLR works on ARM64.

(lldb) image list "headsoccer"

[  0] 177C24B9-537F-3B7A-ACDF-74DDC1B4D35B 0x00000001022d8000 /private/var/containers/Bundle/Application/028CC5F9-515B-4E52-8380-ED4D992353B8/headsoccer.app/headsoccer

(lldb)

According to the guide I need to take the last 5 hex digits of the address 0x1022d8000, aka d8000 but I wonder if this is always the case or if the ASLR slide could include more or less digits (like 0x4000 or 0x100000).

Many thanks for publishing this guide!

Updated March 13, 2022 by cinderace
fixed some bad grammar