Ios: How to Run gdb on ios5

Why is gdb running on ios? This is a matter of opinion. For developers, We have gdb, which makes it easier to track and analyze other people's programs and learn from each other's advantages. :) here we will not teach you crack :)

 

 

Running environment:

Mac OS 10.7.4

Xcode 4.3.2

IOS 5.0.1 jailbreak ipod 4

 

 

First, find the gdb in Xcode.

/Applications/Xcode. app/Contents/Developer/Platforms/iPhoneOS. platform/Developer/usr/libexec/gdb

Download ldid, http://code.google.com/p/networkpx/downloads/detail? Name = ldid & can = 2 & q =

Next, perform the following steps:

[Plain] cd/tmp
Cp/Applications/Xcode. app/Contents/Developer/Platforms/iPhoneOS. platform/Developer/usr/libexec/gdb-arm-apple-darwin.
Lipo-thin armv7 gdb-arm-apple-darwin-output gdb
Cd/tmp
Cp/Applications/Xcode. app/Contents/Developer/Platforms/iPhoneOS. platform/Developer/usr/libexec/gdb-arm-apple-darwin.
Lipo-thin armv7 gdb-arm-apple-darwin-output gdb
 

[Plain] Create and save the object entitlements. xml
<! DOCTYPE plist PUBLIC "-// Apple // dtd plist 1.0 // EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<Plist version = "1.0">
<Dict>
 
<Key> com. apple. springboard. debugapplications </key>
<True/>
<Key> get-task-allow </key>
<True/>
<Key> task_for_pid-allow </key>
<True/>
</Dict>
</Plist>
Create and save the entitlements. xml file
<! DOCTYPE plist PUBLIC "-// Apple // dtd plist 1.0 // EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd”>
<Plist version = "1.0">
<Dict>

<Key> com. apple. springboard. debugapplications </key>
<True/>
<Key> get-task-allow </key>
<True/>
<Key> task_for_pid-allow </key>
<True/>
</Dict>
</Plist>

[Plain] use the downloaded ldid
Ldid-Sentitlements. xml gdb
 
Use scp to copy gdb to ios devices
Scp gdb root @ <iOS Device IP Address>:/usr/bin/
Use the downloaded ldid
Ldid-Sentitlements. xml gdb

Use scp to copy gdb to ios devices
Scp gdb root @ <iOS Device IP Address>:/usr/bin/

Refer to the description in scs3_201511bachmann.pdf to learn how to use it (you need to flip the wall to download the pdf)

In addition,

During disassemble, you need to use tools such as clutch to decryption the app downloaded from the app store first, then use the relevant nm, ida, class-dump-z to query the relevant Assembly Code and find the address of the function entry point to be concerned.

Finally, execute gdb attach -- pid on the target's deivce, set the breakpoint on the previously found address, and then perform the crack action you want :)

 

From Melody_lu123