Hacking application from App Store [Guide]

Full guide: How to hack an application from App Store! Read the instructions below! And who are too lazy to do it himself, he can already download the application here ready hacked!

1) Preparation.
You will need:
- IPhone / iPod Touch with iOS 2.0, dzheylbreknuty, with an installed Cydia;
- Launch Cydia and update all she asks for its renewal;
- In addition (to the same Cydia) set:
a) Open SSH;
b) GNU Debugger for iphone;
in) iPhone 2.0 Toolchain;
- On your computer (I am using a PC with OS Windows XP SP3), need some terminal.
I use PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)
The terminal must be set up, you need to go to the body (root @ alpine);
- Well, just break open the app. It must be purchased in
AppStore and work properly at the time of Krakow.
All the cooking is finished. Getting Started:

2) Collection of information.
In the terminal (all on the PC), please dial:
otool -l {path to your program}
otool -l /var/mobile/Applications/F02B7479-78DH-4AA2-B33F-D27E098CB478/Test.app/Test
How to spy on the way I will not sling ink here, you have to define it yourself and remember.
You will be thrown out PILE of information, among which are looking around the following lines:
Load command 9
cmdsize 20
cryptoff 4096
cryptsize 798720
cryptid 1
Those. section 9 Load Command - LC_ENCRYPTION_INFO.
Write the following values:
cryptoff - offset (dec) from the beginning of the file from which you start the encrypted data;
cryptsize - length of encrypted data;
cryptid 1 - indicates that the file has the encrypted data (if necessary here 0
it means that all further steps, up to the signature, you can skip);

3) Run the victim.
Start your application on the body. Try not to walk on the home screen;
Now we need to calculate the process ID. To do this, in a terminal on the PC, type:
ps ax
It highlights the large list of processes. familiar process (by way of Looking at it, there will be
something like):
721 ?? s 0: 00.00 /var/mobile/Applications/F02B7479-78DH-4AA2-B33F-D27E098CB478/Test.app/Test
721 and so this is our right ID. We remember him.

4) peeling skin.
Run GNU Debugger with the option to connect to the process:
gdb -p PID

where PID - the process ID obtained at step 3. Example:
gdb -p 721
Debugger is loaded into the victim and raspolozhitya it. ATTENTION all this time, the program-victim
It should be opened on the body.
Now it is necessary to dump the team:
dump memory dump.bin 0? 2000 {addr2}
where addr2 = (cryptsize + 8192) -> HEX = 798,720 + 8,192 = 806,912 = 0xC5000 (!)
dump memory dump.bin 0? 2000 0xC5000
We climb over SSH in / var / root / and take out the resulting dump.bin on the PC.
Close Debugger (quit) and close to the body of the victim. More we do not need.

5) Preparation of the victim.
The following actions are performed on your PC in your favorite Hex-Editor. I enjoyed HIEW.
We need:
- The original program file (/var/mobile/Applications/F02B7479-78DH-4AA2-B33F-D27E098CB478/Test.app/Test);
- Dump.bin, obtained in step 5;
Take the original file and replaces it with a piece of displacement 0 1000 files dump.bin?;
There was one small thing - correct title. We are looking at offset = 0? 800 in the resulting file
Baitik form 0? 01 0 00 and is replaced by 0 00 0 00
(In other words, looking around 0 800 yedinichku lonely and replace it to zero?);

6) is pumped out all of the original application folder
(Example: /var/mobile/Applications/F02B7479-78DH-4AA2-B33F-D27E098CB478/Test.app/Test)
and pumped /Test.app in / Applications or /stash/Applications.* (where one works)
SC_Info delete the folder (it is no longer needed)
rewrite prepared in claim 5 zapusknoe program file,
755 prescribes the right.

7) Signing your application.
We just need to sign the application on the new site:
ldid -S myapp

ldid -S /Applications/Test.app/Test If for some time, the terminal began to respond to your actions Killed, restart your phone and try again.
Liked? Subscribe to RSS news!
You can also support shram.kiev.ua, click:

Do not be amiss to your friends and find out this information, share with them the article!

Expand / Collapse Expand / Collapse box with comments


Commenting, keep in mind that the content and the tone of your messages can hurt the feelings of real people, show respect and tolerance to his interlocutors, even if you do not share their opinion, your behavior in terms of freedom of speech and anonymity offered by the Internet, is changing not only virtual, but real world. All comments are hidden from the index, spam control.
Free Credit Card with a limit of 15,000 USD.