Search the Community
Showing results for tags 'aslr'.
Cracking iOS Apps **VIDEO AT THE BOTTOM OF TUTORIAL I SUGGEST READING THIS FIRST, AS THERE IS MORE DETAIL IN THIS TUTORIAL** Ok so first of all id like to start off by stating that Iâ€™m relatively new to cracking iOS apps but have some knowledge and skills in other areas, which has enabled me to pick this up quite quickly. But I can see how this would be really difficult for the average user so I have decided to write in my own words exactly how to crack an app from start to finish. It has taken me a long time to write this tutorial so if any one would like to use it else where thatâ€™s great it means I have done a good job but please credit me for my work. I will make some videos and add tomorrow What is Cracking iOS Apps iOS cracking is the process by which iOS applications are decrypted (cracked) so they may be used on other jailbroken devices. The method used is crude but simple: a debugger is attached to the executable and is used to dump the decrypted segments before the executable launches. The decrypted segments are then transposed onto the original binary, and the LC_ENCRYPTION_INFO load command's cryptid field is changed to 0. How to Crack iOS Apps - tools available I have been using a combination of Clucth (by @KimJongCracks) and also Rasticrac (by @iRastignac) so my guide will be based upon these two tools. and last but not least CrackAddict the in-house cracking tool powered by clutch, which is the easiest for beginners... CrackAddict - this is essentially a GUI for Clutch, and for beginners is the easiest way to crack, upload, and submit apps to AppAddict, all straight from your idevice - see here for more info and how to use it - CrackAddict - All In One Native iOS Cracking Tool for iOS 6 and iOS 7 - it is much easier to use than any of the other tools listed on this page...but the others are much more fun... Clutch (for a while known as ClutchPatched) - for a full tutorial on crackaing with clutch, for how to use and install the latest version, see [HOW TO] Crack iOS apps with Clutch (now on 64bit!)This runs on all Devices including 64bit devices such as iPhone 5s , for bug reports, etc. the developers of clutch take messages in THIS THREAD Rasticrac is an updated version of the popular cracking tool PCM (PoedCrackMod). This now runs on iOS 7 on all devices..... This is a very powerful cracking tool and I suggest using it! See THIS THREAD For the latest version of Rasticrac - Rasticrac v3.1.3 , as the appaddict repo does not have the latest version at the momnet. Tools you will need for Cracking Obviously you will need some kind of iDevice, ideally it will be at least 16gb although I would recommend at least 32gb as the cracks take space on your device until you move them off. You can get all the required tools from the standard Cydia repos and the AppAddict repo â€“ please add the following repo to Cydia EDIT: THE REPO ISNT ALWAYS UP TO DATE, SO I SUGGEST U INSTALL IT MANUALLY - SEE [HOW TO] Crack iOS apps with Clutch (now on 64bit!) From our repo install the following packages: Clutch GNU Debugger (iOS 5&6) Rasticrac (will install quite a few dependencies from the standard Cydia repo) Search Cydia for the following packages and also install: MobileTerminal Screen Optional Installs to make life easier SBsettings OpenSSH iFile AutoLock SBSettings Also Optional NOT from Cydia Prompt iOS App (must of installed OpenSSH from Cydia for this to work locally) â€“ Is a SSH client that can be used as a terminal window for you device. Advantages are it is able to run in the background, can launch multiple terminal sessions and also has lots of keyboard shortcuts easily accessible. Ok so you have installed all the required tools you are ready to crack your first app. Cracking If Using MobileTerminal skip this step, if you are using Prompt instead of MobileTerminal open the Prompt App, click add connection. SSH = localhost Username = root Password = Leave Blank Click on â€œConnectâ€ This will open up a CMD prompt and ask for your root password if you have never changed it please enter or continue to enter your own password. I will explain below how to change your root password I highly advise you do this. Please follow the guide below apart from opening MobileTerminal Open MobileTerminal Type This will ask for your root password, if you have never changed it please enter (or continue to enter your own password.) At this point I would strongly suggest changing your root password if it is default to do this enter the following command Now enter your desired password Then confirm the password again If there are no errors and you are back to the command prompt you have successfully changed your password Clutch (get root acces first, see above) At your cmd prompt type the following command (must have capital C) (unless you installed it manually and renamed it) You will get this numbered menu iPhone:~ root# clutchYou're using a Clutch development build, checking for updates..Your version of Clutch is up to date!Clutch-1.3.2-git1usage: clutch [flags] [application name] [...]Applications available:1) Angry Birds2) Brazzers Mobile3) Butch4) CrackAddict5) Facebook6) Gangstar Rio7) Gangnam Style8) Installous9) Movie Box10) Music Box11) Rasticrac12) RedTube Mobile13) SWAGR Pro14) Twitter15) Youtube16) Zeusmos Now enter for example if I want to crack Facebook, I enter Clutch 5 Clutch will now begin to crack the chosen app/s and once done it will tell you and return to the command prompt. You have just cracked an iOS app! The cracked app/s are placed in We will explain further into the document what to do with the cracked app and how to get it off of your phone and onto AppAddict. Rasticrac At your cmd prompt type the following command this will now list all the encrypted applications that are installed on your device, it will list the application with a number, letter or combination of both at the side depending on how many apps you have installed. At the prompt type in the App/s you wish to crack using the corresponding number/letter from the side of the apps name. Rasticrac will now begin to work its magic and crack the app/s you have chosen. You will notice that Rasticrac speaks to you as it is cracking applications . You have just cracked an iOS app using Rasticrac. The cracked app/s are placed in Getting your App onto AppAddict Ok so you have cracked your app/s now you need to get it off your device, upload, and share the links. To do this you will need to use one of the following tools or methods to browse your iDeviceâ€™s file system [*]iFunBox [*]iExplorer [*]CyberDuck [*]An ftp client that can connect to sftp I wont go into great detail here on how to use these applications as google is your friend and this is getting longer and longer. But basically you need to use one of the above to browse to the following location on your device There you will see the app/s that you have cracked, move them to your Computer usually by just highlighting then dragging and dropping in the desired destination. Once the cracked apps are safely on your computer rename them to include your Cracker name and its time to upload them. Sign up for your favourite file hosts and start to upload the apps please see here for AppAddictâ€™s Approved list of file Hosts HERE Once the app/s are uploaded you need to make a record of the links, the app versions and also get the itunes url for the app this can be done easiest I find by going HERE and searching the app. Once on the preview page with the screenshots and app information highlight the full URL from the address bar and make a note of it. Once you have the iTunes URL, Link/s to your App/s and version/s of the app/s you can go HERE fill in the required fields and your app/s will be posted into the New & Noteworthy section of AppAddict for all to see and download. Fix for Clutchâ€™s cracked Apps crashing on ARMv7s Devices NO LONGER NECESSARY Customisation & Auto Adding Cracker Name and Credit File So if you are going to be cracking a lot of apps it would be a good idea to customise your cracking tools slightly and have your cracker name auto added to the file name. We can also make it so a secret credit file is placed within the app with your cracker name on it, this is so people canâ€™t steal credit for your cracks. Clutch There you will see a file called â€œclutch.conf â€œ open this file with your favourite text editor and amend the following depending on what you want. These are probably the only things you may want to change: CreditFile NO(Change to YES to create Credit File inside app) FilenameCredit NO(Change to YES to add cracker name to filename) CrackerName (Enter your Cracker Name inbetween >< ) ListWithDisplayName YES (Change to DIRECTORY to list apps in full form within clutchâ€™s menu) MetadataEmail email@example.com(Can be changed to any email address) Rasticrac Navigate to the following location on your device There you will see a file called â€œrasticracâ€œ open this file with your favourite text editor and amend the following depending on what you want **Be carefull in here as this is the main script also for Rasticrac. Here are the things you will most likely want to change: # - Default CrackerName (or "Anonymous"). RCcracker="Anonymous" (Change to your cracker name) # - Should "extra details" appear in Ipa name (ie: "iPad / 3GS / etc") ? (You can hate them) RCextras="YES" (Change to NO if you w=donâ€™t want extra information adding to the file names of your cracked apps) # - Should script talk to you ? (it only speaks english, only with iOS4+, only with "speak" tool from Cydia) RCspeak="YES" (Change to NO to turn the voice off) # - Should artist's name be used in filename ? RCartistfrommeta="YES" (Change to NO if you donâ€™t want developers name in your cracked apps file name i.e. Rovio) # - Default compression level is blank (aka "-6"), and is the best speed/size ratio. # - Recommended. Upload/download/storage will be good. RCcompression="" (Change to desired level -9 being smallest size and minus -1 largest â€“ I recommend -9 or -8 as the smaller the apps the easier and quicker they are to upload) # - Maximum compression ("-9") (also "-8" or "-7") is very very slow, but size is the best. more detailed guide to configuring rasticrac - Hints & Tips If you installed SBSettings and also AutoLock SBSettings it is a good idea to use the AutoLock toggle and turn it to off before you start cracking this will stop the device from going to sleep. If you installed iFile and have a Dropbox account, you can install the Dropbox iOS App and link it to iFile. You do this by going to Preferences in iFile, then to Remote Servers and then Link Dropbox. Now browse to the location of the cracked app/s in iFile, you will need to add .zip to the end of the file name then simply click the file and choose Dropbox. This will open Dropbox and click save this will now sync the app to your account that I expect syncs with your computer. Just remember to remove the .zip before uploading it to the file host/s. Video Cracking iOS Applications Using Rasticrac - video tutorial http://youtu.be/x5Mry5a46cU Cracking iOS Applications Using CrackAddict - video tutorial Cracking iOS Applications Using Clutch - Coming Soon