Difference between revisions of "IOS debugserver with IDA"
From Hawk Wiki
| Line 11: | Line 11: | ||
http://versprite.com/og/ios-reverse-engineering-part-one-configuring-lldb/ | http://versprite.com/og/ios-reverse-engineering-part-one-configuring-lldb/ | ||
| + | ==Debugging with lldb== | ||
When you got gdbserver working | When you got gdbserver working | ||
<pre> | <pre> | ||
| Line 24: | Line 25: | ||
</pre> | </pre> | ||
| + | In lldb, to find out the app memory offset | ||
| + | <pre> | ||
| + | image list -o -f | ||
| + | |||
| + | #[ 0] 0x00000000000a0000 /private/var/mobile/Containers/Bundle/Application/xxxxx-xxxxx/tgame.app/game(0x00000001000a0000) | ||
| + | #[ 1] 0x0000000102888000 /Library/MobileSubstrate/MobileSubstrate.dylib(0x0000000102888000) | ||
| + | </pre> | ||
| + | The 0x00000000000a0000 would be the offset | ||
| + | |||
| + | To set break point at address do | ||
| + | <pre> | ||
| + | br s -a 0x00000001014665bc | ||
| + | </pre> | ||
[http://iosre.com/forum.php?mod=viewthread&tid=52 Method2]<br> | [http://iosre.com/forum.php?mod=viewthread&tid=52 Method2]<br> | ||
Revision as of 05:20, 20 August 2015
- On Mac. Open /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/DeviceSupport/7.0 (XXXXXX)
-
hdiutil attach ./DeveloperDiskImage.dmg
- Mount DeveloperDiskImage.dmg, copy everything into a folder
- Use iFunbox or SCP tool upload all files in DeveloperDiskImage.dmg to iphone /Developer
- iPhone root#
/Developer/usr/bin/debugserver port:2008 /var/mobile/Containers/Bundle/Application/xx-xxxx-xx/Scan.app/Scan
Refer to [1]
Another more recent post http://bbs.pediy.com/showthread.php?t=190126
I finally got it working by following this link http://versprite.com/og/ios-reverse-engineering-part-one-configuring-lldb/
Debugging with lldb
When you got gdbserver working
// ssh to iphone /usr/bin/debugserver *:2008 --attach tgame
On Mac open a new terminal tab
lldb platform select remote-ios process connect connect://192.168.1.106:2008
In lldb, to find out the app memory offset
image list -o -f #[ 0] 0x00000000000a0000 /private/var/mobile/Containers/Bundle/Application/xxxxx-xxxxx/tgame.app/game(0x00000001000a0000) #[ 1] 0x0000000102888000 /Library/MobileSubstrate/MobileSubstrate.dylib(0x0000000102888000)
The 0x00000000000a0000 would be the offset
To set break point at address do
br s -a 0x00000001014665bc
