ARM __moddi3

When I was debugging an app on iPhone 4 (armv7), I found a function call:

Since ARM does not have Division/Modulo operators, compilers use other ways making your code work on devices like iPhone.

I followed the __moddi3 on iPhone 4, the moddi3() is provided by llvm’s compiler-rt (lib/builtins/moddi3.c).

Parameters a and b are 64-bit long and returned value is also 64-bit.

But in ARMv7, registers are 32-bit long. I’m trying to find out which registers are used.

I wrote a simple C file and compile to armv7 and x86_64

Compile to x86_64

Disassembe x86_64

x86_64 uses idivq, in this program:

Compile to armv7

Disassemble armv7

In armv7:

If both dividend and divisor are less than 0x100000000.

$r2 may be negative, like 0xfffffff3. ($r3 == 0).

means $r0 – $r2 == divisor

If signed integer $r2 is smaller than 0x80000000,
((long long) $r1 << 32 | $r0) - ((long long ) $r3 << 32 | $r2) == divisor.

ARM __moddi3 by @sskaje:

error: failed to launch process debugserver: Security

I jailbroken my iPhone 4s with iOS 8.2 and tried to ran debugserver, then I met this error:

Google doesn’t help.

Just because, the App I’m trying to crack is an In-House app, not from AppStore, I have to ran it after installation and choose to trust the developer.

error: failed to launch process debugserver: Security by @sskaje:

Set up DebugServer on iOS 7

I had my iPhone 4 jailbroken, so I can debug/crack apps on iPhone.

Server: iPhone 4 + debugserver
Client: Mac OS X + lldb



Debugserver can be found on iOS: /Developer/usr/bin/debugserver
Just follow instructions: debugserver on iPhone Wiki

Save following content as a plist like dbg.plist

Apply the entitlement

If entitlement above is not applied, debugserver won’t be able to listen to a TCP port.

Remove FairPlay

FairPlay is Apple’s DRM applied to apps on AppStore.
If you see cryptid 1 like below, try
otool -l /var/mobile/Applications/0732D587-2530-4517-A101-C46602B32628/  |grep LC_ENCRYPTION_INFO -A 5
          cmd LC_ENCRYPTION_INFO
      cmdsize 20
    cryptoff  16384
    cryptsize 5652480
    cryptid   1
Load command 13

Disable ASLR

Try otool -hv to your App, if you see PIE flags, you have to disable ASLR.

See: Mach-O Disable ASLR/PIE

Make sure you have python installed on your iPhone.

Find your target app.


Copy a decrypted and de-aslr-ed app binary to your OS X and:

Set up DebugServer on iOS 7 by @sskaje:

Incoming search terms: