Vault7: CIA Hacking Tools Revealed
Navigation: » Latest version
iOS Debugging
Set Up
- GDB does not work on device.
- Use our debugserver from the MDBMobile Development Branch share at iOS/Binaries/debugserver_* (different versions for different processors).
- Copy debug server to target. (iscp is my alias for "~/Documents/code/el_ssh.repo/Dist/Release-iPhoneOS/scp -P 12345 -i ~/privkeys/iPad42.pem”; change as necessary for your el_ssh scp location, port, and key file)
- iscp /Volumes/share/MDB/iOS/Binaries/debugserver_arm64 root@localhost:
- On target, add the executable hash to the list of valid hashes:
- /private/var/root/bin\_nohash/cdhash debugserver\_\*
- Run the debugserver on target (can leave process to debug out)
- ./debugserver_\* \*:8888 <process to debug>
- NOTE: If it fails instantly with "Killed: 9", then the cdhash command failed.
- ./debugserver_\* \*:8888 <process to debug>
- Run tcprelay (part of the usbmuxd project under the python-client directory)
- python tcprelay.py -t 8888
- Get debug symbols and shared cache using XCode. (without this, you will see "<redacted>" in LLDB where it attempts to print the names of functions in shared cache)
- Have device plugged in.
- Start XCode.
- Go to "Window->Devices".
- Select the device from the screen that appears.
- Run lldb in another window and in it run the command.
- gdb-remote localhost:8888