Debugging From Xcode To Real Device(Jail-Broken)

Some random iPhone stuff

Have fun ...

Using gdb to debug on the iPhone (no need for OSX)

The goal here is to debug application on real-hardware. To do that you must follow some conditions :

• Get gdb itself

  Good news, gdb is now available on cydia. So you can install it very easily. It comes all setup with all the needed signature / entitlements to have full functionalities. If you're interested in building it yourself, you'll find the original apple sources and the needed patches / build scripts on the telesphoreo repository

  The other way (previously only way) is to grab it from the SDK. Inside the .dmg you will find a package named iPhoneHostSideTools.pkg. Inside, there is Platforms/iPhoneOS.platform/Developer/usr/libexec/gdb/gdb-arm-apple-darwin. Just copy it to the iPhone, it's a universal binary that supports armv6 just fine.
  gdb is under GNU licence so you should be free to redistribute the binary as well I think.

  For information, the original Apple source are here.

  To enhance functionality you should add some entitlements to the apple binary. Use theses : for codesign, for ldid. To apply them :

  codesign -s "iPhone developer" --entitlements gdb.xcent -f gdb-arm-apple-darwin
  
  or
  
  ldid -Sgdb.xml gdb-arm-apple-darwin
      

• Taget armv6

  Apple's modified gdb is kinda picky. It will only work properly on ARMv6 arch. ARM isn't sufficient ... You can see the different in cpusubtype in the output of otool :

  lain:iPhone tnt$ otool -h test.arm
  test.arm:
  Mach header
       magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
  0xfeedface      12          0  0x00          2    12        860 0x00000085
  
  lain:iPhone tnt$ otool -h test.armv6
  test.armv6:
  Mach header
       magic cputype cpusubtype  caps    filetype ncmds sizeofcmds      flags
  0xfeedface      12          6  0x00          2    12        860 0x00000085
      

  To make sure of that you must make sure you have -arch armv6 (or -march=armv6 -mcpu=arm1176jzf-s, depending on your compiler) in you CFLAGS / LDFLAGS. Like this :

  /Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/gcc-4.0 -arch armv6 -isysroot /Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS2.0.sdk test.c -o test
      

• Sign the binary with entitlements

  Update: Actually if you used the entitlements I provide to sign gdb, or if you used the gdb of cydia, this step is no longer required.

  Next, you need to sign the binary you want to debug with entitlements. For details on that, see the 'Using XCode with Pwned iPhone', it's described there. I do it with codesign on OSX but ldid also support theses.

  If you're planning on doing it with ldid, the easier it to apt-get install it on your phone and do it there.

  ldid -Smyapp.xml myapp
      

  The myapp.xml is the XML file describing the entitlements. I generate them using a simple script but for this simple purpose you could just always use a static one that would look like this :

  
  
  
   
     application-identifier
     test
     get-task-allow
     
   
  
      

  Update : If you applied enhanced entitlements to gdb as described in the first point, you don't need entitlements on your binary.

Using XCode with Pwned iPhone

The idea here is to use the official SDK to create applications without having to pay for an 'official' certificate and provisioning profile.

Note that the instructions here are experimental. I can't be held responsible for whatever happens if you try them ... That being said, I can hardly imagine any issue that couldn't be solved by a DFU restore ...

Make Build & Go" + Debugging works

If you're not a fully registred / paying developer, you can use XCode to compile apps but some functions won't work. Like the 'Build & go' button, the automatic signing or the debugger. It's however possible to make them work ! Just follow the steps ...

• Create a self-signed signing certificate

  Apple has a nice page explaining how to do that. Make sure to name your certificate 'iPhone developer'.

• Add a custom build step to sign executables

  A pwned iPhone doesn't need a valid signature ... but it still needs one, or at least the hashes ... (for more details see on www.saurik.com). Jay Freeman made a small utility called ldid that add thoses hashes. However here we will use the official codesign utility, provided by Apple, with our self-signed identity.

  To make remote debugging work, we also need to add entitlements to the Application. This will be handled by codesign as well. We will however need a small python utility gen_entitlements.py to generate the entitlement file. Download it, place it somewhere on your disk and make it executable.

  So, to execute codesign properly during the build, you will need to add a custom build step to each of your XCode projects. Select the menu options "Project > New Build Phase > New Run Script Build Phase", and enter the following script (don't forget to replace /Users/youruser/bin by the correct path to gen_entitlements.py) :

  export CODESIGN_ALLOCATE=/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/codesign_allocate
  if [ "${PLATFORM_NAME}" == "iphoneos" ]; then
   /Users/youruser/bin/gen_entitlements.py "my.company.${PROJECT_NAME}" "${BUILT_PRODUCTS_DIR}/${WRAPPER_NAME}/${PROJECT_NAME}.xcent";
   codesign -f -s "iPhone developer" --resource-rules "${BUILT_PRODUCTS_DIR}/${WRAPPER_NAME}/ResourceRules.plist" \
     --entitlements "${BUILT_PRODUCTS_DIR}/${WRAPPER_NAME}/${PROJECT_NAME}.xcent"  "${BUILT_PRODUCTS_DIR}/${WRAPPER_NAME}/"
  fi
      

• Remove signature checks from MobileInstallation & SpringBoard

  The final step is to bypass some security checks in some executable. The idea is simple to patch them, using a small software. Of course, after patching, you need to re-generate a signature for the new binaries to get loaded properly. All-in-all, it's easier to do all that on your Mac. So open a console and cut & paste the instructions (I assume you have ssh on the iPhone and that it's IP is 192.168.0.1) :

  The binary patch has been written for 2.0.0 and I didn't get a change to test/update it to 2.0.1 ... so make sure you have a backup of the files and an active ssh if needed

  osx:~ user$ osx:~ user$ osx:~ user$ osx:~ user$ osx:~ user$ osx:~ user$ osx:~ user$ osx:~ user$ osx:~ user$ osx:~ user$ osx:~ user$ osx:~ user$ osx:~ user$ osx:~ user$ osx:~ user$

  mkdir iphone_tmp cd iphone_tmp scp root@192.168.0.1:/System/Library/PrivateFrameworks/MobileInstallation.framework/MobileInstallation . scp root@192.168.0.1:/System/Library/CoreServices/SpringBoard.app/SpringBoard . cp MobileInstallation MobileInstallation.bak cp SpringBoard SpringBoard.bak curl -O http://www.246tNt.com/iPhone/iphone_binary_patch curl -O http://www.246tNt.com/iPhone/SpringBoard.xcent chmod +x ./iphone_binary_patch ./iphone_binary_patch export CODESIGN_ALLOCATE=/Developer/Platforms/iPhoneOS.platform/Developer/usr/bin/codesign_allocate codesign -s "iPhone developer" -f MobileInstallation codesign -s "iPhone developer" --entitlements SpringBoard.xcent -f SpringBoard scp MobileInstallation root@192.168.0.1:/System/Library/PrivateFrameworks/MobileInstallation.framework/MobileInstallation scp SpringBoard root@192.168.0.1:/System/Library/CoreServices/SpringBoard.app/SpringBoard

  Finally, reboot the phone ... and enjoy :) Note that you may have to restart XCode and re-plug the iPhone for the connection to work. Also, if you had done previous attempts without following this how-to, you might need to clear the /var/mobile/Media/PublicStaging directory on the iPhone.

source taken from:--http://www.246tnt.com/iPhone/#xcode