MH: A CLI based Memory Editor for iOS/macOS

I write this project just because I don’t like those game memory editor like igg.

Code: https://github.com/sskaje/mh

CMake is required for building. Build scripts already included in build/.

Leave an issue if there’s any bugs/feature requests.

MH: A CLI based Memory Editor for iOS/macOS by @sskaje: https://sskaje.me/2018/03/mh-cli-based-memory-editor-ios-macos/

Run HelloWorld on Jailbroken iOS 11

iPhone 5s, iOS 11.1

Jailbroken by Electra

How to jailbreak

Cydia Impactor and a new Apple ID required (You can use your own Apple ID at your risk).

If any error occurs on Cydia Impactor, try to login in Xcode and remove useless app/cert.

Trust your developer certificate in iOS Settings => General => Profiles & Device Management => DEVELOPER APP.

Write HelloWorld

helloworld.c

build

sign with jtool

ent.xml

upload and run helloworld

If this binary is not signed with platform-application entitlement, it will get a ‘Killed’ if it’s under /bin/

More

I wrote a cli based memory editor, which requires more than a hello world.

1 entitlements

2 patch_setuid() from coolstar’s example. But I’m using code from electra’s cydia fork, also mentioned after his example.

3 Special thanks to ThisTakenIsUsername.

Run HelloWorld on Jailbroken iOS 11 by @sskaje: https://sskaje.me/2018/03/run-helloworld-on-jailbroken-ios-11/

Incoming search terms:

iOS SDK Archive

iPhoneOS SDKs are included in Xcode, Wikipedia provides a table about Xcode and bundled SDKs.

To download old versions of iPhoneOS SDKs, you need to download Xcode from: https://developer.apple.com/download/more/.

I’ve uploaded some to https://dl.sskaje.me/ios-sdks/.

iOS 8.4 from Xcode 6.4
iOS 9.3 from Xcode 7.3.1
iOS 10.2 from Xcode 8.2.1
iOS 10.3 from Xcode 8.3.2
iOS 11.0 from Xcode 9.0.1
iOS 11.1 from Xcode 9.1

to download
Enter ‘sskaje.me’ as both user and password.

to install

iOS SDK Archive by @sskaje: https://sskaje.me/ios-sdk-archive/

Free iOS Developer Signing Certificate

1 You need Cydia Impactor

2 You need an Apple ID

3 Do something in Impactor to get a certificate, only valid in 7 days.

4 No way to renew, but revoke and generate new one.

After those above, find cert:

To sign

Free iOS Developer Signing Certificate by @sskaje: https://sskaje.me/2017/08/free-ios-developer-signing-certificate/

Set up iOS SSH over USB with MacPorts

文档在:http://iphonedevwiki.net/index.php/SSH_Over_USB

提供了homebrew的安装方式。这里给一下MacPorts下的安装方式。

安装过程可能会进入opam的初始化状态,如果没有的化,可以手工执行

慢的时候不要急着回车,中间会有需要输入y确认的选项

gandalf的新版mapping配置用的是json,跟wiki描述的已经不一致了。

手机连上电脑,直接执行gandalf

编辑 mapping.json,内容如下

其中:udid与上边直接执行命令时拿到的结果须一致;name自定义;forwarding里的local_port是本地开的端口,device_port是远程的端口。
按这份配置,我可以直接使用 ssh -p 10022 root@127.0.0.1 连接到iPhone的22端口。

执行下列命令,启动gandalf。

Set up iOS SSH over USB with MacPorts by @sskaje: https://sskaje.me/2017/07/set-up-ios-ssh-over-usb-with-macports/