Skip to content
Electra iOS 11 Cycript CYListenServer Tweak Runner Tool
Objective-C++ Shell Makefile
Branch: master
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
layout/usr/bin Add '-p' option to allow the user to choose the MobileSubstrate tweak… Sep 5, 2018
packages Add missing disable message. Sep 6, 2018
.gitignore Load the correct filterFileObjectList from Bundles or Executables...w… Sep 3, 2018
LICENSE Initial Commit Sep 2, 2018
Makefile Add option to load a Cycript script file. Sep 3, 2018
README.md
control
entitlements.xml
main.mm Add missing disable message. Sep 6, 2018

README.md

cyrun

For the Electra iOS 11 Jailbreaks.

cyrun is comprised of an executable and bash script. It will

  • Enable/disable the cycriptListenerTweak dylib file (which loads Cyript and runs a CYListenServer on port 8556)
  • Write the App bundleIdentifier or Process Executable Name to the tweak filter plist
  • Kill the App/Process and, if it is an App, they will be relaunched automatically by Cyrun. Other, non App processes, may need to be manually launched if iOS does not handle that on it's own like it does for SpringBoard and backboardd.
  • If enabled successfully, the bash script will then run cycript -r 127.0.0.1:8556

It is meant to be used alongside cycriptListenerTweak.

INSTALLATION

# From SSH or terminal as root
cd ~
# download https://electrarepo64.coolstar.org/debs/ncurses_6.1_iphoneos-arm.deb
# download http://apt.saurik.com/debs/readline_6.0-8_iphoneos-arm.deb
# download http://apt.saurik.com/debs/cycript_0.9.594_iphoneos-arm.deb
# download https://electrarepo64.coolstar.org/debs/ldid_2_1.2.2-coolstar_iphoneos-arm.deb
# download http://www.tateu.net/repo/files/net.tateu.cycriptlistenertweak_1.0.0_iphoneos-arm.deb
# download http://www.tateu.net/repo/files/net.tateu.cyrun_1.0.4_iphoneos-arm.deb
dpkg -i ncurses_6.1_iphoneos-arm.deb
dpkg -i readline_6.0-8_iphoneos-arm.deb
dpkg -i cycript_0.9.594_iphoneos-arm.deb
dpkg -i ldid_2_1.2.2-coolstar_iphoneos-arm.deb
dpkg -i net.tateu.cycriptlistenertweak_1.0.0_iphoneos-arm.deb
dpkg -i net.tateu.cyrun_1.0.4_iphoneos-arm.deb

The newest versions of cyrun and cycriptListenerTweak can be found on my repo in Cydia.

And then you can use the bash script to sign the Cycript binaries with the correct Electra entitlements

cyrun -s

Then you can load Cycript into SpringBoard. SpringBoard will be terminated and auto restart

cyrun -n SpringBoard -e

Or you can unload Cycript from SpringBoard. SpringBoard will be terminated and auto restart

cyrun -n SpringBoard -d

Or you can load and auto unloaded Cycript from the iOS Mail App. Mail will be terminated and auto restart. When you ?exit Cycript, it will be killed and unloaded.

cyrun -n Mail -e -d

Or you can load and auto unloaded Cycript from backboardd. backboardd will be terminated and auto restart. When you ?exit Cycript, it will be killed and unloaded.

cyrun -x backboardd -e -d

The '-n' command takes an AppName, ExecutableName, IconName or LocalizedName.

You can use a bundleIdentifier instead of an App name with '-b com.apple.springboard'

You can also turn off the 'ask to continue' prompts with '-f'

cyrun -b com.apple.mobilemail -e -d -f

You can also load a Cycript scipt file

cyrun -b com.apple.mobilemail -e -d -f -c /path/to/script.cy

If you try to enable Cycript for an App that is not SpringBoard while your device is passcode locked, you will see a warning message, since it will most likely fail for most Apps.

Unfortunately, some things still do not work correctly, possibly (most likely) due to the fact we are using Substitute on iOS 11 and not Substrate.

@import com.saurik.substrate.MS;
// the above succeeds without error but trying to use any of the functions it imports results in errors such as
// throw new Error("*** _require(class_getInstanceMethod(_class, sel)):../ObjectiveC/Library.mm(2711):Selector_callAsFunction_type") /* type@[native code] hookMessage */
@import net.limneos.classdumpdyld;
// the above succeeds without error but trying to use any of the functions it imports results in errors such as
// throw #"-[NSBundle isKindOfClass:]: unrecognized selector sent to instance 0x10110c1a0"
You can’t perform that action at this time.