-
Notifications
You must be signed in to change notification settings - Fork 25
/
Copy pathREADME.txt
160 lines (114 loc) · 2.98 KB
/
README.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
*** Run app on iDevice using com.apple.debugserver ***
This simple utility will start iOS app (using com.apple.debugserver)
and tail its output.
Interrupting idevice-app-runner process (ctrl-c) stops app on iDevice
too.
Requirements:
* libimobiledevice - http://www.libimobiledevice.org/
* iDevice(s) (maybe in developer mode)
Build:
$ make
Usage:
$ idevice-app-runner -r /private/var/mobile/Applications/........-....-....-....-............/...
I cooked up something mostly by tracing APIs and syscalls used in
Xcode and fruitscrap.
To get app path, for example:
$ APPNAME=something APPPATH=`ideviceinstaller -l -o xml | egrep -A1 '<key>Path</key>|<key>CFBundleName</key>' | tr -d $'\n' | sed 's/--/\n/g' | egrep -A1 'CFBundleName.*'$APPNAME | tail -1 | tr '<>' ' ' | awk '{print $5}'`
or
$ ideviceinstaller -l -o xml | grep -A1 '<key>Path</key>' | grep '<string>' | tr '<>' ' ' | awk '{ print $2 }' | grep $APPNAME
Tested:
Linux 3.0, x86_64, libimobiledevice-git, iOS 4.1 - works
Linux 3.0, x86_64, libimobiledevice-git, iOS 5.0.1 - works
Linux 3.0, i686, libimobiledevice-git, iOS 5.0.1 - works
Notes:
Sometimes debugger process or application being run is left
hanging, it's not killed properly. When that happens it's impossible
to run application again. Workaround for this issue is to restore
device with --reboot option,
$ idevicebackup2 restore --reboot bakdir...
Wait for device to come back online by monitoring with ideviceinfo. It
will take a few minutes. When reboot is completed, developer image
should be mounted,
$ idevicemountimage .../{DeveloperDiskImage.dmg,DeveloperDiskImage.dmg.signature}
so idevice-app-runner can be used again.
References:
https://github.com/ghughes/fruitstrap - very helpful
Contact:
DTRUSS COMMANDS:
With tweak in fruitscrap.c:
#define GDB_SHELL "sudo dtruss /Developer/Platforms/iPhoneOS.platform/Developer/usr/libexec/gdb/gdb-arm-apple-darwin --arch armv7 -q -x " PREP_CMDS_PATH " 2> dtruss2.log"
For example:
$ egrep 'write\(0x5,|read\(0x5,' dtruss2.log
GDB COMMANDS:
$ gdb .../Xcode nnnnn
set print elements 10000
b mobdevlog
command
silent
printf "mobdevlog: %s\n", $rsi
cont
end
b USBMuxDebugLog
command
silent
printf "USBMuxDebugLog: %s %s\n", $rsi, $rdi
cont
end
b send
command
printf "fd=%ld, size=%ld\n", $rdi, $rdx
x/s $rsi
bt 3
cont
end
b SSL_write
command
p/d $rdx
x/s $rsi
cont
end
#b write
b *0x0000000100fd3268
command
printf "fd=%ld, size=%ld\n", $rdi, $rdx
x/s $rsi
bt 3
cont
end
#b recvfrom
b *0x10100494c
command
printf "fd=%ld, size=%ld\n", $rdi, $rdx
set variable $buf = $rsi
cont
end
#b <recvfrom+17>
b *0x10100494c+17
command
x/s $buf
cont
end
#b read
b *0x100fcb45c
command
printf "fd=%ld, size=%ld\n", $rdi, $rdx
set variable $buf2 = $rsi
cont
end
#b read+17
b *0x100fcb45c+17
command
x/s $buf2
cont
end
#b BIO_write
b *0x106aefaf8
command
printf "fd=%ld, size=%ld\n", $rdi, $rdx
x/s $rsi
x/100c $rsi
bt 3
cont
end
b DTDKStartSecureDebugServerService