Jump to content

Search the Community

Showing results for tags 'Cracking'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


  • General
    • appdb news
    • Introductions
    • appdb API
    • The Job Centre
  • App/Book Wishes
    • iOS App Wishes
    • Mac OS X App Wishes
    • iTunes Book Wishes
    • Cydia App Wishes
    • Cydia Tweaks Wishes
    • Apple TV (tvOS) App Wishes
    • Update requests
    • Fulfilled Wishes
  • The Geek Squad
    • Support
    • Tutorials & Guides
    • الدعم الفني
  • General OSs
    • Windows
    • Mac OS
    • Linux
    • Android
    • Even Other OS
  • OS X Apps (NON App Store) - Members Only
    • OS X Apps (NON App Store ONLY)
    • Requests
    • Requests Completed
  • Dev Centre
    • Bugs
    • Suggestions
    • Jailbreak Tools - Development & Updates
    • Translations
  • Goods & Services (Member Ads)
    • Goods for Sale
    • Wanted
  • Chill Out Lounge
    • Chit Chat
  • Staff
    • Incorrect/Invalid Uploads
  • Archive
    • Universal Installer Forums
    • Archived Bugs
    • Archived Suggestions
    • Archived Discussions & Polls

Find results in...

Find results that contain...

Date Created

  • Start


Last Updated

  • Start


Filter by number of...


  • Start



Website URL







Found 7 results

  1. edit: can some mod move this into the tutorials section? I can't start a topic there. More and more apps are beginning to implement anti-piracy methods and have managed to circumvent protections such as Overdrive. Patching iOS apps for noobs be leet in 10 minutes! (not really) Brought to you by Kim Jong Cracks Requirements: - IDA Pro (Trial/Legit) - Hex Editor (I'm using 0xED on Mac for this) - Basic knowledge of assembly - Knowledge on how to create simple MobileSubstrate tweaks -Swag and luck This tutorial is heavily based on THIS ONE Also, DOWNLOAD PDF TUTORIAL HERE Getting Started We shall be patching SpellChecker by Enfour Inc, which is notorious for it's protection.. You can download the binary here (https://dl.dropbox.c...40/SpellChecker), unpatched IPAs are available on apptrackr, grab them before they are removed! First, open the app in IDA and remember to choose the correct processor type. Choose the armv6 portion as it's easier to patch (we'll discuss about armv7 portions in another part) armv7 may use some functions which opcodes are more complicated, I suggest you thin your binary using lipo and just play with the armv6 portion Parse obj-c methods and let IDA load the binary. I've created a MobileSubstrate tweak that hooks onto the logging system the app uses to find out where the protection is. Oct 27 18:19:23 ttwj-iPad SpellChecker[16062]: logevent: CAUGHT_IT, params {THIS = TOOT;}Oct 27 18:19:23 ttwj-iPad SpellChecker[16062]: filemanager: /var/mobile/Applications/A2EA3A60-46DC-4D59-B209-1C78C23819C2/Library/flurryStored1158494424.archiveOct 27 18:19:23 Terence-Tans-iPad SpellChecker[16062]: logevent: CAUGHT_IT, params {THIS = "NO_INFO";}Oct 27 18:19:23 ttwj-iPad SpellChecker[16062]: filemanager: /var/mobile/Applications/A2EA3A60-46DC-4D59-B209-1C78C23819C2/SpellChecker.app/_CodeSignatureOct 27 18:19:23 ttwj-iPad SpellChecker[16062]: logevent: CAUGHT_IT, params {THIS = SIG;} So, we now search for CAUGHT_IT in IDA Next, we go to the first occurrence where THIS = TOOT was logged The first segment checks some stuff about the bundle but that doesn't matter. The last 2 lines are CMP R0, #0xA and BGT loc_2B28. CMP R0, #0xA compares the two variables so we need to patch it to CMP R0, R0 so that it wil always be true BGT loc_2B28 checks if R0 is greater than #0x1A and jumps to loc_2B28 if it's true. We need to patch that to BEQ loc_2B28 so it will skip the part where the protection kicks in. Patching Now we need to find the ARM opcode and patch it in our hex editor. Highlight the line we want to patch and hit the Hex-View-A button. The opcode for CMP R0, #0x2A is 0A 28 so we to patch that to the opcode of CMP R0, R0 Here we have a list of the opcodes for the corresponding instructions So we need to patch that to 80 42. We need to find the offset of the opcode. Copy the offset located on the left and search for it in your hex editor Highlight the opcode we want to patch and paste the new opcode, in this case, 80 42 Congratulations you have patched a part of the app! But wait, there's more! We need to patch the opcode of BGT loc_2B28 (1D 1C) to BEQ loc_2B28 (1D D0) Repeat the steps to find the offset , select the opcode in the hex editor and paste the new opcode Save the file and you have successfully patched an app! However, most apps come with multiple protections so you'll have to patch each one of them! Final Copy the patched binary to your device and run ldone -s <binary> This tutorial only covers basic ways to patch an app, I highly suggest you read up more HERE Brought to you by Kim Jong Cracks
  2. Edit:Here is a quick video walkthrough Edit 2: confirmed working on 11.1.2 Electra as well with tweaks turned on. If you’re gonna use it on an older device it’s better to run the commands via SSH since older device won’t have enough memory to switch between the app and the terminal. Edit 3: added a detailed video walkthrough Requirements 1. Filza File Manager (BigBoss repo) 2. New Term 2 (Hash Bang repo) 3. Link Identity Editor (ldid) (BigBoss repo) 4. An App to Crack (Duh!) 5. Jailbroken Device with Tweaks turned ON (should've said that one first) 6. Bfinject.tar from the Github repo 7. The signing script ( credit to 4pda.ru user for this) nofile.io or pastebin or Github Getting Everything Ready 1. Copy both bfinjector.tar and signer.sh to your /var/mobile/Documents 2. Tap on bfinject.tar to extract it. 3. Tap Edit on the top right, select the extracted "bfinject" folder and tap "Move". 4. Browse to /private 5. Paste here **** the bfinject folder must be in “/private , /bin , /sbin or / ” for it to work.**** 6. Go back to /var/mobile/Documents , select "signer.sh" and tap "Move". 7. Browse to /var/mobile/Media and create a two new folders called "cracking" and "signing". 8. paste "signer.sh" in "cracking". Let's Start Cracking (pun intended) 1. Open the app you want to crack. For the purpose of this guide i'll be cracking "Wayward Soul" and go back to 2. Open New Term 2 3. Login as root by typing su 4.Enter default password (unless you changed it) alpine 5. Now we need to set the working directory to /private/bfinject cd /private/bfinject 6. to start cracking (no pun this time) we'll type the following command bash bfinject -P Wayward -L decrypt * after "-P" you write either the app's name or even a part of it and the script will find it. * to know every usage run "bash bfinject" 7. Now go back to the App to finish decrypting it. 8. After it's done you'll get a pop up with a "Yes" and "No" question. Just press "No". 9. Cracking is done. 10. Open Filza and browse to /var/mobile/Containers/Data/ 11. Tap on the magnifying glass on the left to search for "decrypted-app.ipa". 12. Press the arrow on the left of the file to locate it. 13. Select and Move it to the folder we made before at /var/mobile/Media/cracking. 14. Go back to New Term 15. login as root as instructed above (if you closed the previous session or it crashed) 16. Set the Working directory to cracking cd /var/mobile/Media/cracking 17. to run the signing script type the folowing bash signer.sh decrypted-app.ipa 18. After the script is finished it'll ask you if you want to move it to "/var/mobile/Media/signed" or keep it here. Better choose yes to keep things organized 19. you are now done and have a properly signed cracked app.
  3. can anyone list all the cracking scripts/apps that they know of? i've tried rasticrac and clutch but can't crack the latest ipvanish vpn version 1.3.8
  4. Cracking iOS Apps **VIDEO AT THE BOTTOM OF TUTORIAL I SUGGEST READING THIS FIRST, AS THERE IS MORE DETAIL IN THIS TUTORIAL** Ok so first of all id like to start off by stating that I’m relatively new to cracking iOS apps but have some knowledge and skills in other areas, which has enabled me to pick this up quite quickly. But I can see how this would be really difficult for the average user so I have decided to write in my own words exactly how to crack an app from start to finish. It has taken me a long time to write this tutorial so if any one would like to use it else where that’s great it means I have done a good job but please credit me for my work. I will make some videos and add tomorrow What is Cracking iOS Apps iOS cracking is the process by which iOS applications are decrypted (cracked) so they may be used on other jailbroken devices. The method used is crude but simple: a debugger is attached to the executable and is used to dump the decrypted segments before the executable launches. The decrypted segments are then transposed onto the original binary, and the LC_ENCRYPTION_INFO load command's cryptid field is changed to 0. How to Crack iOS Apps - tools available I have been using a combination of Clucth (by @KimJongCracks) and also Rasticrac (by @iRastignac) so my guide will be based upon these two tools. and last but not least CrackAddict the in-house cracking tool powered by clutch, which is the easiest for beginners... CrackAddict - this is essentially a GUI for Clutch, and for beginners is the easiest way to crack, upload, and submit apps to AppAddict, all straight from your idevice - see here for more info and how to use it - CrackAddict - All In One Native iOS Cracking Tool for iOS 6 and iOS 7 - it is much easier to use than any of the other tools listed on this page...but the others are much more fun... Clutch (for a while known as ClutchPatched) - for a full tutorial on crackaing with clutch, for how to use and install the latest version, see [HOW TO] Crack iOS apps with Clutch (now on 64bit!)This runs on all Devices including 64bit devices such as iPhone 5s , for bug reports, etc. the developers of clutch take messages in THIS THREAD Rasticrac is an updated version of the popular cracking tool PCM (PoedCrackMod). This now runs on iOS 7 on all devices..... This is a very powerful cracking tool and I suggest using it! See THIS THREAD For the latest version of Rasticrac - Rasticrac v3.1.3 , as the appaddict repo does not have the latest version at the momnet. Tools you will need for Cracking Obviously you will need some kind of iDevice, ideally it will be at least 16gb although I would recommend at least 32gb as the cracks take space on your device until you move them off. You can get all the required tools from the standard Cydia repos and the AppAddict repo – please add the following repo to Cydia EDIT: THE REPO ISNT ALWAYS UP TO DATE, SO I SUGGEST U INSTALL IT MANUALLY - SEE [HOW TO] Crack iOS apps with Clutch (now on 64bit!) From our repo install the following packages: Clutch GNU Debugger (iOS 5&6) Rasticrac (will install quite a few dependencies from the standard Cydia repo) Search Cydia for the following packages and also install: MobileTerminal Screen Optional Installs to make life easier SBsettings OpenSSH iFile AutoLock SBSettings Also Optional NOT from Cydia Prompt iOS App (must of installed OpenSSH from Cydia for this to work locally) – Is a SSH client that can be used as a terminal window for you device. Advantages are it is able to run in the background, can launch multiple terminal sessions and also has lots of keyboard shortcuts easily accessible. Ok so you have installed all the required tools you are ready to crack your first app. Cracking If Using MobileTerminal skip this step, if you are using Prompt instead of MobileTerminal open the Prompt App, click add connection. SSH = localhost Username = root Password = Leave Blank Click on “Connect†This will open up a CMD prompt and ask for your root password if you have never changed it please enter or continue to enter your own password. I will explain below how to change your root password I highly advise you do this. Please follow the guide below apart from opening MobileTerminal Open MobileTerminal Type This will ask for your root password, if you have never changed it please enter (or continue to enter your own password.) At this point I would strongly suggest changing your root password if it is default to do this enter the following command Now enter your desired password Then confirm the password again If there are no errors and you are back to the command prompt you have successfully changed your password Clutch (get root acces first, see above) At your cmd prompt type the following command (must have capital C) (unless you installed it manually and renamed it) You will get this numbered menu iPhone:~ root# clutchYou're using a Clutch development build, checking for updates..Your version of Clutch is up to date!Clutch-1.3.2-git1usage: clutch [flags] [application name] [...]Applications available:1) Angry Birds2) Brazzers Mobile3) Butch4) CrackAddict5) Facebook6) Gangstar Rio7) Gangnam Style8) Installous9) Movie Box10) Music Box11) Rasticrac12) RedTube Mobile13) SWAGR Pro14) Twitter15) Youtube16) Zeusmos Now enter for example if I want to crack Facebook, I enter Clutch 5 Clutch will now begin to crack the chosen app/s and once done it will tell you and return to the command prompt. You have just cracked an iOS app! The cracked app/s are placed in We will explain further into the document what to do with the cracked app and how to get it off of your phone and onto AppAddict. Rasticrac At your cmd prompt type the following command this will now list all the encrypted applications that are installed on your device, it will list the application with a number, letter or combination of both at the side depending on how many apps you have installed. At the prompt type in the App/s you wish to crack using the corresponding number/letter from the side of the apps name. Rasticrac will now begin to work its magic and crack the app/s you have chosen. You will notice that Rasticrac speaks to you as it is cracking applications . You have just cracked an iOS app using Rasticrac. The cracked app/s are placed in Getting your App onto AppAddict Ok so you have cracked your app/s now you need to get it off your device, upload, and share the links. To do this you will need to use one of the following tools or methods to browse your iDevice’s file system [*]iFunBox [*]iExplorer [*]CyberDuck [*]An ftp client that can connect to sftp I wont go into great detail here on how to use these applications as google is your friend and this is getting longer and longer. But basically you need to use one of the above to browse to the following location on your device There you will see the app/s that you have cracked, move them to your Computer usually by just highlighting then dragging and dropping in the desired destination. Once the cracked apps are safely on your computer rename them to include your Cracker name and its time to upload them. Sign up for your favourite file hosts and start to upload the apps please see here for AppAddict’s Approved list of file Hosts HERE Once the app/s are uploaded you need to make a record of the links, the app versions and also get the itunes url for the app this can be done easiest I find by going HERE and searching the app. Once on the preview page with the screenshots and app information highlight the full URL from the address bar and make a note of it. Once you have the iTunes URL, Link/s to your App/s and version/s of the app/s you can go HERE fill in the required fields and your app/s will be posted into the New & Noteworthy section of AppAddict for all to see and download. Fix for Clutch’s cracked Apps crashing on ARMv7s Devices NO LONGER NECESSARY Customisation & Auto Adding Cracker Name and Credit File So if you are going to be cracking a lot of apps it would be a good idea to customise your cracking tools slightly and have your cracker name auto added to the file name. We can also make it so a secret credit file is placed within the app with your cracker name on it, this is so people can’t steal credit for your cracks. Clutch There you will see a file called “clutch.conf “ open this file with your favourite text editor and amend the following depending on what you want. These are probably the only things you may want to change: CreditFile NO(Change to YES to create Credit File inside app) FilenameCredit NO(Change to YES to add cracker name to filename) CrackerName (Enter your Cracker Name inbetween >< ) ListWithDisplayName YES (Change to DIRECTORY to list apps in full form within clutch’s menu) MetadataEmail steve@rim.jobs(Can be changed to any email address) Rasticrac Navigate to the following location on your device There you will see a file called “rasticrac“ open this file with your favourite text editor and amend the following depending on what you want **Be carefull in here as this is the main script also for Rasticrac. Here are the things you will most likely want to change: # - Default CrackerName (or "Anonymous"). RCcracker="Anonymous" (Change to your cracker name) # - Should "extra details" appear in Ipa name (ie: "iPad / 3GS / etc") ? (You can hate them) RCextras="YES" (Change to NO if you w=don’t want extra information adding to the file names of your cracked apps) # - Should script talk to you ? (it only speaks english, only with iOS4+, only with "speak" tool from Cydia) RCspeak="YES" (Change to NO to turn the voice off) # - Should artist's name be used in filename ? RCartistfrommeta="YES" (Change to NO if you don’t want developers name in your cracked apps file name i.e. Rovio) # - Default compression level is blank (aka "-6"), and is the best speed/size ratio. # - Recommended. Upload/download/storage will be good. RCcompression="" (Change to desired level -9 being smallest size and minus -1 largest – I recommend -9 or -8 as the smaller the apps the easier and quicker they are to upload) # - Maximum compression ("-9") (also "-8" or "-7") is very very slow, but size is the best. more detailed guide to configuring rasticrac - Hints & Tips If you installed SBSettings and also AutoLock SBSettings it is a good idea to use the AutoLock toggle and turn it to off before you start cracking this will stop the device from going to sleep. If you installed iFile and have a Dropbox account, you can install the Dropbox iOS App and link it to iFile. You do this by going to Preferences in iFile, then to Remote Servers and then Link Dropbox. Now browse to the location of the cracked app/s in iFile, you will need to add .zip to the end of the file name then simply click the file and choose Dropbox. This will open Dropbox and click save this will now sync the app to your account that I expect syncs with your computer. Just remember to remove the .zip before uploading it to the file host/s. Video Cracking iOS Applications Using Rasticrac - video tutorial http://youtu.be/x5Mry5a46cU Cracking iOS Applications Using CrackAddict - video tutorial Cracking iOS Applications Using Clutch - Coming Soon
  5. iknow i know this sh*t is hella outdated Post Last Edit by MONGOLO at 2013-12-12 07:13 NOTICE: RASTICRAC HAS BEEN UPDATED TO 3.1.3 - go here for more information and download- RASTICRAC 3.1.3 I'll be updating the tutorial once a .deb version is out.... for now you can move the script to usr/bin with ifile or ifunbox, rename it, and set all permissions to read, write, execute. The rest is the same as this tutorial, if you need help ask in the update thread. by MONGOLO 2013-3-10 if you want to share this tutorial on other forums, please give credit!! Not only will apps cracked with Rasticrac will run on armv7s devices such as the iPhone 5 and 4th generation iPad, Rasticrac can crack apps on these devices. Rasticrac works on iOS 6, but sometimes the same app on the same device will not crack on iOS 6, but will work just fine on iOS 5. If you want to read about how iOS cracking works, check this thread out: NEED TO ADD LINK If you are new to cracking, you might want to try using AppCrackr, which is a bit easier and more user friendly. Appcrackr is a GUI for Rasticrac, so using AppCrackr produces the same results as Rasticrac. Here is a tutorial for Appcrackr: tba You will need the following packages from Cydia: ---------------------------------[from default repos]-------------------------------------------------- MobileTerminal Screen (You need to go to manage>settings and change to hacker if you are on user at the monent) iFile (if you wish to edit the script to add your handle or change the compression rate, etc....) ---------------------------------[from iPhoneCake repo (cydia.iphonecake.com)]----------------------- Rasticrac (3.0 gamma 5) GNU Debugger (iOS 5&6) posix_spawn ldone (there may be other dependencies, zip 7-zip, GAWK etc., all are available from the default Cydia sources) STEP 1 - INSTALLING THE PACKAGES STEP 2 - CONFIGURATION (OPTIONAL) STEP 3 - CRACKING APPS NEW FROM iRastignac - iRastignac â€@iRastignac Dec 20 @MONG0LO Run "iTools", go "iDevice - Advanced", set "OpenSshTunnel=ON", then "rrc306.bat" should work over USB cable without wifi. OPEN the terminal app on your springboard. You will get this window: [Next you will get root access to your device, which isn't necessary, but recommended] ENTER EXACTLY: su root press RETURN, you will be prompted for a password, your default password is alpine ENTER your password and press RETURN, you now have root access ENTER EXACTLY rasticrac -m (if you chose not to rename, enter r30c5.sh -m or if you named it otherwise substitute that name for rasticrac) You will get this window. This is the Rasticrac main menu. You will see all apps on your device downloaded from the appstore that you haven't cracked yet. Each app has a letter that corresponds with it. If I want to crack Angry Birds Classic, I will type " b " , then press return you will get this information about the app press return again and the app will crack... this can take a while, especially for larger apps You will get a screen like this when done. The IPAs are in /var/root/Documents/Cracked copy them to your PC with iFunbox and upload. If you didn't choose to use root access they will be in var/Mobile/Documents/Cracked. Once you crack an app on the list, it is added to a "done" list, to reset the "done" list, at the rasticrac main menu enter command " 0 " (a number 0) To mark all apps on the list as done enter command " 9 " SECTION 4 CRACKING MULTIPLE APPS AT ONCE (OPTIONAL) In this image, If I want to crack both Angry Birds Rio and Angry Birds Seasons, I can enter " c d ", putting a space beetween c and d, you can do this for as many apps as you like. To crack all apps one your device that haven't been cracked yet, you can enter command "rasticrac -all" after getting root access (REMEMBER: if you named the script something else type this instead of rasticrac) PRESS RETURN It could be a while depending on the number of apps to crack or size of apps, when done, both progress bars should be at 100% ---------------------------------------------------------------------------------------------------------- Here is a video by iChr0niX that has a tutorial for Rasticrac, but they use a different repo and don't rename the script. http://www.youtube.com/watch?v=x5Mry5a46cU If you need any help be sure and ask, you can find Rastignac, who created Rasticrac @iRastignac on twitter. Follow him for updates and more information.
  6. Well, as ttwj asked us to make a video tutorial for Brake, because some people seemed to not figure out how to use it, we decided to also include RemoteRasticrac while we are at it. Enjoy the video and leave some feedback (URL if you cant see the video) https://www.youtube.com/watch?v=PAg_8vLwBDE https://www.youtube.com/watch?v=PAg_8vLwBDE
  7. Personally I used to use rasticrac for a long time but once I tried out clutch there is no way I will ever go back to rasticrac. Clutch is so much faster and a ton easier. What is your opinion? Clutch or Rasticrac?
  • Create New...