This page has been robot translated, sorry for typos if any. Original content here.

Hacking Applications from the App Store [Manual]

Full instructions: How to hack applications from the App Store! Read the instructions further! And who is too lazy to do it himself, he can download already ready hacked applications here!

1) Preparation.
You will need:
- iPhone / iPod Touch with firmware 2.0, jailbroken, with installed Cydia;
- Run Cydia and update everything that it asks for its update;
- Optional (in the same Cydia), install:
a) Open SSH;
b) GNU Debugger for iphone;
c) iPhone 2.0 Toolchain;
- On a computer (I'm using a PC with OS Windows XP SP3), I need some kind of terminal.
I'm using PuTTY (http://www.chiark.greenend.org.uk/~sgtatham/putty/download.html)
The terminal must be configured, you must enter the body (root @ alpine);
- Well, the application itself is hacked. It must be bought in
AppStore and work normally at the moment of the cracks.
All preparations are finished. Let's proceed:

2) Information gathering.
In the terminal (all on the PC) we type:
otool -l {path to your program}
eg:
otool -l /var/mobile/Applications/F02B7479-78DH-4AA2-B33F-D27E098CB478/Test.app/Test
How to spy the way I will not write here, you must define and remember it yourself.
You will fall out of the KUCH information, among which we are looking for about the following lines:
Load command 9
cmd LC_ENCRYPTION_INFO
cmdsize 20
cryptoff 4096
cryptsize 798720
cryptid 1
Those. section 9 Load Command - LC_ENCRYPTION_INFO.
Record the following values:
cryptoff - offset (dec) from the beginning of the file from which the encrypted data begins;
cryptsize - the length of the encrypted data;
cryptid 1 - indicates that the file has encrypted data (if there is 0,
then all further steps, until the signature itself, can be omitted);

3) Launching the victim.
Run your application on the body. Try not to go beyond the initial menu;
Now we need to calculate the process ID. To do this in the terminal on the PC, type:
ps ax
A large list of processes will be displayed. We are looking for a familiar process in it (along the way, there will be
something like):
721 ?? s 0: 00.00 /var/mobile/Applications/F02B7479-78DH-4AA2-B33F-D27E098CB478/Test.app/Test
so this is the ID that we need. We remember it.

4) Rip off the skin.
Run GNU Debugger with the option to connect to the process:
gdb -p PID

where PID is the process ID obtained in step 3. example:
gdb -p 721
Debagger will be loaded into the victim and placing in it. ATTENTION all this time, the victim program
should be open on the body.
Now we need to do the dump with the command:
dump memory dump.bin 0? 2000 {addr2}
where addr2 = (cryptsize + 8192) -> HEX (!) = 798720 + 8192 = 806912 = 0xC5000
we introduce:
dump memory dump.bin 0? 2000 0xC5000
We climb on SSH to / var / root / and pull out the received dump.bin on the PC.
Close the Debugger (quit) and close the victim on the body. We will not need them any more.

5) Dissection of the victim.
Subsequent actions are performed on the PC in your favorite Hex editor. I used HIEW.
We need:
- Original program file (/var/mobile/Applications/F02B7479-78DH-4AA2-B33F-D27E098CB478/Test.app/Test);
- dump.bin, obtained in clause 5;
Take the original program file and replace it with a slice with an offset of 0? 1000 file dump.bin;
Remained a little - to correct the title. Looking for a displacement of ~ 0? 800 in the resulting file
Baitki type 0? 01 0? 00 and replace with 0? 00 0? 00
(in other words, we search for a single unit in the vicinity of 0-800 and replace it with zero);

6) Download all from the original application folder
(example: /var/mobile/Applications/F02B7479-78DH-4AA2-B33F-D27E098CB478/Test.app/Test)
and upload /Test.app to / Applications or /stash/Applications.* (who's working where)
delete the folder SC_Info (it is no longer needed),
we rewrite the program file, prepared in step 5,
prescribing the right 755.

7) Signing the application.
We just need to sign the application on a new location:
ldid -S myapp
example:

ldid -S / Applications / Test.app/Test If, at some time, the terminal has responded Killed to your actions, restart the phone and try again.

It will not be superfluous for your friends to know this information, share their article with them!

Expand / Collapse Expand / Collapse box with comments

Comments

Commenting on, remember that the content and tone of your message can hurt the feelings of real people, show respect and tolerance to your interlocutors even if you do not share their opinion, your behavior in the conditions of freedom of expression and anonymity provided by the Internet, changes not only virtual, but also the real world. All comments are hidden from the index, spam is controlled.
Now everyone can publish articles
Try it first!
To write an article
Liked? Subscribe to RSS news,
to be the first to receive information
about all important events of the country and the world.
You can also support shram.kiev.ua, click: