Debugger support on iOS

[DoranekoSystems]

The debugger is currently in a testing state and bugs may exist.

config.ini

{
  "target": "",
  "targetOS": "ios",
  "mode": "attach",
  "arch": 1,
  "fix_module_size": false,
  "ceversion": "7.4",
  "manualParser": false,
  "javaDissect": false,
  "frida_server_ip":"",
  "native_ceserver_ip": "192.168.x.x:52734",
  "debugserver_ip": "192.168.x.x:1234",
  "custom_symbol_loader": ""
}

1. arch must be 1. This must be set to x64 because Cheat Engine does not support arm64.
2. Configure BinUtils and set disassembler to arm64.
3. Run debugserver on iOS.

./debugserver 0.0.0.0:1234

4. native_ceserver must also be run. This is because frida's own memory read/write must hit a breakpoint.

Only arm64 devices are supported.
Currently only 「find out what writes to this address」 and「find out what accesses this address」are valid.
Have fun!

[LanBaiCode]

No response ,[find out what accesses this address]

[DoranekoSystems]

Thank you for your comment.
Did you find the referenced process itself?

[LanBaiCode]

Thank you for your comment. Did you find the referenced process itself?

The game process that needs to be modified has been found, and the address can be added and the value in the memory can be modified
But can't use lldb

[DoranekoSystems]

There was a problem with the exclusion control.
I would appreciate it if you could try again with a new commit.
Perhaps this will work.

[LanBaiCode]

There was a problem with the exclusion control. I would appreciate it if you could try again with a new commit. Perhaps this will work.

yes it would be better if you have telegram so i can reply right away

[Thekidiacs]

Wow this is awesome. I'm going to test this right now!

[Thekidiacs]

So I tried it and it was showing results when I did what writes/accesses the address but I'm pretty sure it wasn't the correct assembly. I'm using an iPad Air 4th generation on iOS 14.2 it is arm64e. It wouldn't let me search anymore after attaching the debugger. Maybe you have a solution? Here is what it looked like.

[DoranekoSystems]

Thekidacs

Please try with the latest commits.
c6c5365

Currently, cheat engine does not support arm64, so binutils configuration is required.
https://github.com/ds20211213/frida-ceserver#binutils

Also, native_ceserver needs to work.
This is because frida cannot read memory when the process is stopped in the debugger.
https://github.com/ds20211213/ceserver-ios-mini

The device may not work properly due to the fact that it is an arm64e.
At this time, I am only testing the operation on arm64.

[Thekidiacs]

is native_ceserver the ceserver that I put at /usr/bin? If so I am already using that. But am I still supposed to run the command python main.py "App name". I forgot to do binutils configuration so I will try that and report back. Also, I redownloaded with the latest commits.

[Thekidiacs]

So in cheat engine I went to memory view and went to "View" and couldn't find binutils?

[DoranekoSystems]

Thekidiacs

Are you on telegram or wechat?

[Thekidiacs]

Yes, I use telegram whats your telegram username I'll add you.

[LanBaiCode]

Thekidiacs

Are you on telegram or wechat?

I think now I can solve his problem,233

[Thekidiacs]

Thanks @ds20211213. @LanBaiCode Thank you for willing to help me. What are your ideas?

[LanBaiCode]

Thanks @ds20211213. @LanBaiCode Thank you for willing to help me. What are your ideas?

@ds20211213 He will help you solve the problem, the problem you encountered, I also asked him yesterday, and it has been successfully solved

[Thekidiacs]

Okay awesome. :)

[DoranekoSystems]

Supported update of ce itself.
arm64 disassembly and debugging is available without using binutils.
If you can build the ce itself, please try it if you like.

{
  "target": "",
  "targetOS": "ios",
  "mode": "attach",
  "arch": 3,
  "fix_module_size": false,
  "ceversion": "7.4.2",
  "manualParser": false,
  "javaDissect": false,
  "frida_server_ip":"",
  "native_ceserver_ip": "192.168.x.x:52734",
  "debugserver_ip": "192.168.x.x:1234",
  "custom_symbol_loader": ""
}

[yazigegeda]

Where should I be unfinished

[DoranekoSystems]

Where should I be unfinished

For android, the original ceserver supports the arm64 debugger.
Debugging is possible by building the cheat engine itself and ceserver.

[LanBaiCode]

Where should I be unfinished

Yes, for Android, it would be better to use native ceserver, no need to use this project

[yazigegeda]

Where should I be unfinished

Yes, for Android, it would be better to use native ceserver, no need to use this project

I use the source code of cheat engine 7.4 on github to compile ceserver. After execution, this problem still occurs when debugging with cheat engine 7.4

[StevenLyo]

can I Use this tool on Mac?

[DoranekoSystems]

can I Use this tool on Mac?

The Mac version of cheat engine does not support network mode, so it is not supported at this time.