ARM __moddi3

When I was debugging an app on iPhone 4 (armv7), I found a function call:

Since ARM does not have Division/Modulo operators, compilers use other ways making your code work on devices like iPhone.

I followed the __moddi3 on iPhone 4, the moddi3() is provided by llvm’s compiler-rt (lib/builtins/moddi3.c).

Parameters a and b are 64-bit long and returned value is also 64-bit.

But in ARMv7, registers are 32-bit long. I’m trying to find out which registers are used.

I wrote a simple C file and compile to armv7 and x86_64

Compile to x86_64

Disassembe x86_64

x86_64 uses idivq, in this program:

Compile to armv7

Disassemble armv7

In armv7:

If both dividend and divisor are less than 0x100000000.

$r2 may be negative, like 0xfffffff3. ($r3 == 0).

means $r0 – $r2 == divisor

If signed integer $r2 is smaller than 0x80000000,
((long long) $r1 << 32 | $r0) - ((long long ) $r3 << 32 | $r2) == divisor.

ARM __moddi3 by @sskaje: https://sskaje.me/2016/01/arm-__moddi3/

error: failed to launch process debugserver: Security

I jailbroken my iPhone 4s with iOS 8.2 and tried to ran debugserver, then I met this error:

Google doesn’t help.

Just because, the App I’m trying to crack is an In-House app, not from AppStore, I have to ran it after installation and choose to trust the developer.

error: failed to launch process debugserver: Security by @sskaje: https://sskaje.me/2016/01/failed-launch-process-debugserver-security/

Set up DebugServer on iOS 7

I had my iPhone 4 jailbroken, so I can debug/crack apps on iPhone.

Server: iPhone 4 + debugserver
Client: Mac OS X + lldb

Server

DebugServer

Debugserver can be found on iOS: /Developer/usr/bin/debugserver
Just follow instructions: debugserver on iPhone Wiki

Save following content as a plist like dbg.plist

Apply the entitlement

If entitlement above is not applied, debugserver won’t be able to listen to a TCP port.

Remove FairPlay

FairPlay is Apple’s DRM applied to apps on AppStore.
If you see cryptid 1 like below, try Clutch!

Disable ASLR

Try otool -hv to your App, if you see PIE flags, you have to disable ASLR.

See: Mach-O Disable ASLR/PIE

Make sure you have python installed on your iPhone.

Find your target app.

Client

Copy a decrypted and de-aslr-ed app binary to your OS X and:

Set up DebugServer on iOS 7 by @sskaje: https://sskaje.me/2016/01/set-up-debugserver-ios-7/

Incoming search terms:

Ocserv IPv6

I’m using AnyConnect both on iOS and OS X, you can read previously posted article on my blog: anyconnect, openconnect, ocserv.

You can find ipv6-network and ipv6-prefix in ocserv’s sample.config:

which means ocserv should be compatible with IPv6.
And, in AnyConnect for iOS, ipv6 can be found somewhere, seems ipv6 is also compatible here.

My VPN is hosted on Linode VPS. Linode provides free IPv6 address pool. Open a ticket and ask for an address pool, you’ll get your own pool routed to your VPS’s ipv6 address.
After that, set the ipv6-network and ipv6-prefix.

Ocserv 0.8.9 does not send correct headers to AnyConnect for iOS, but 0.9.0-dev does.
I can now get a correct ipv6 address on my iPhone but with no connectivity. As it’s said, X-CSTP-Split-Include/Exclude is not well handled by AnyConnect for IPv6 addresses.
After that, I tried the latest AnyConnect for OSX, you can download it here: http://dl.sskaje.me/anyconnect/4.0/4.0.00051/

IPv6 is also assigned to my MBP, also with route, but still not working.

Ocserv IPv6 by @sskaje: https://sskaje.me/2015/01/ocserv-ipv6/

Incoming search terms: