mikeyb

ok damn well sorry ios under 11.3.1 then for now

lldb has changed above xcode 9 try xcode 9 and see

what version of xcode you using? I downgraded to xcode 9 to get it to work properly

Mobile /usr/bin/

like this Last login: Fri Aug 17 13:51:09 on ttys003 mikeys-Mac-Pro:~ mikey$ ssh -p 2222 root@localhost root@localhost's password: mikeys-iPad:~ root# debugserver 192.168.0.106 debugserver-@(#)PROGRAM:debugserver PROJECT:debugserver-360.0.26.14 for arm64. Listening to port 192 for a connection from 127.0.0.1... 　 mikeys-iPad:~ root# /electra/jailbreakd_client 661 1 mikeys-iPad:~ root# /usr/bin/debugserver localhost:6666 -a 617 debugserver-@(#)PROGRAM:debugserver PROJECT:debugserver-360.0.26.14 for arm64. Attaching to process 617... Listening to port 6666 for a connection from localhost... Waiting for debugger instructions for process 617. (lldb) w s e — 0x11fe30c00 Watchpoint created: Watchpoint 2: addr = 0x11fe30c00 size = 8 state = enabled type = w new value: 3279 (lldb) c Process 617 resuming Watchpoint 2 hit: old value: 3279 new value: 3279 Process 617 stopped * thread #1, name = 'Unity Thread', queue = 'com.apple.main-thread', stop reason = watchpoint 2 frame #0: 0x0000000101703d78 TropicThunderDev`_mh_execute_header + 7732600 TropicThunderDev`_mh_execute_header: -> 0x101703d78 <+7732600>: ldr x20, [x19, #0x30] 0x101703d7c <+7732604>: adrp x24, 9017 0x101703d80 <+7732608>: add x24, x24, #0xeb8 ; =0xeb8 0x101703d84 <+7732612>: ldr x0, [x24] Target 0: (TropicThunderDev) stopped.

it should say something like debugserver listening on port don't see how this is like yours mate, only thing same is the attaching of debugserver

when? when trying to attach u have to /usr/bin/debugserver localhost:6666 -a <the pid> or bin

hahahahaha it will work bro trust, just follow tut and your all good :P

this should work fine for 11.3.1

Ok this will only work on mac os If you don't own a mac use VMware there are lots a tuts for getting Vmware set up with mac even if u have a amd processor like me :p ok 1st download this debugger and place in /usr/bin/ set permission 775 [Hidden Content] Ok now to begin 1st Make sure you have xcode installed to be able to use lldb. 1. You will have to install usbmuxed and iproxy. To do this open a terminal in mac and type brew install usbmuxd when it's downloades and installed open another terminal and type iproxy 2222 22 & When it's opened new port at 2222 close terminal and open another type iproxy 6666 6666 & It will say waiting for connection leave terminal open just minimize it 2. Connect your phone via usb cable make sure you set up VMware usb config so you can connect. Open 2 new teminals and Type ssh -p 2222 root@localhost In both to connect to your device,When connected In 1 terminal Type debugserver device ip debugserver will start in the other terminal Type ps ax this will show you pid of debugserver now type /electra/jailbreakd_client <debugserver pid> 1 Now u can close debugserver terminal and stay in pid 1 Type /usr/bin/debugserver localhost:6666 -a <game pid or game binary name> either 1 will work game will now attach open new terminal for lldb type lldb when lldb is ready type process connect connect://localhost:6666 now it will connect give it a bit sometimes lldb take long than others all depends on game. Once it have type image list Go right to the top to very 1st call you will see game name example Var/container/bundle/gamename 0x0000000100fa4000 this is the aslr slide take a note of it as it changes every time you detach and re-attach game now you have you offset from igg ect type in lldb w s e -- 0xiggadress then c to continue when you a hit it will show like below value will be here: 0x101703d78 <+7732600>: ldr x20, [x19, #0x30] 0x <+7732604>: adrp x24, 9017 0x101703d80 <+7732608>: add x24, x24, #0xeb8 ; =0xeb8 0x101703d84 <+7732612>: ldr x0, [x24] TropicThunderDev`_mh_execute_header: -> 0x101c1be88 <+13074056>: ldr w8, [x19, #0x50] 0x101c1be8c add w8, w8, #0x1 ; =0x1 0x101c1be90 <+13074064>: str w8, [x19, #0x50] 0x101c1be94 <+13074068>: ldp x29, x30, [sp, #0x70] now remember your aslr example 0x0000000100fa4000 now subtract fa4000 from the offsets you got. 0x101c1be8c - fa4000 Use the new offset in ida that's all to it :p

thank

nice

does this still work on windows?

awesome thanks

Will be updated shortly