(Created page with "'''This is a draft that needs your help. Can you help fix it? Add some details!''' The process for developing a tweak for jailbroken iOS can include: using a combination of c...") |
(Added info about weak_classdump) |
||
Line 10: | Line 10: | ||
When working with App Store apps, you may need something like [https://github.com/stefanesser/dumpdecrypted dumpdecrypted]. | When working with App Store apps, you may need something like [https://github.com/stefanesser/dumpdecrypted dumpdecrypted]. | ||
== Class-dump'ing encrypted binaries == | |||
When binaries are encrypted with fairplay (e.g App Store apps), class-dump[-z] will produce garbage data. Therefore, it is necessary to use a runtime tool such as [https://github.com/limneos/weak_classdump weak_classdump]. | |||
weak_classdump can be used to dump a single class, like so: | |||
<source lang=javascript> | |||
iPhone$ cycript -p Skype weak_classdump.cy; cycript -p Skype | |||
'Added weak_classdump to "Skype" (1685)' | |||
cy# weak_classdump(SkypeAppDelegate, "/tmp/") | |||
"Wrote file to /tmp/SkypeAppDelegate.h" | |||
</source> | |||
It can also be used to dump all the classes in a bundle (in this case, the main bundle): | |||
<source lang=javascript> | |||
iPhone$ cycript -p Skype weak_classdump.cy; cycript -p Skype | |||
'Added weak_classdump to "Skype" (1685)' | |||
cy# weak_classdump_bundle([NSBundle mainBundle], "/tmp/SkypeHeaders") | |||
</source> |
Revision as of 00:34, 5 March 2014
This is a draft that needs your help. Can you help fix it? Add some details!
The process for developing a tweak for jailbroken iOS can include: using a combination of class-dump, IDA, and GDB to locate functions/methods, using Cycript to prototype the tweak, and finishing it with Theos.
See Getting Started#Looking at classes and Debugging on iOS 7#Class-dumping
See Debugging on iOS 7 for using GDB/LLDB.
Logify might help you.
When working with App Store apps, you may need something like dumpdecrypted.
Class-dump'ing encrypted binaries
When binaries are encrypted with fairplay (e.g App Store apps), class-dump[-z] will produce garbage data. Therefore, it is necessary to use a runtime tool such as weak_classdump.
weak_classdump can be used to dump a single class, like so:
iPhone$ cycript -p Skype weak_classdump.cy; cycript -p Skype
'Added weak_classdump to "Skype" (1685)'
cy# weak_classdump(SkypeAppDelegate, "/tmp/")
"Wrote file to /tmp/SkypeAppDelegate.h"
It can also be used to dump all the classes in a bundle (in this case, the main bundle):
iPhone$ cycript -p Skype weak_classdump.cy; cycript -p Skype
'Added weak_classdump to "Skype" (1685)'
cy# weak_classdump_bundle([NSBundle mainBundle], "/tmp/SkypeHeaders")