cynject not supported on iOS 12

Question

cynject not supported on iOS 12

Closed this issue 4 years ago · 14 comments

Hi there,

Just want to ask, will dumpdecrypted.dylib work on unc0ver (maybe not now, but is it possible in future)?

And, I'm also interested in why dumpdecrypted.dylib stopped working. Can someone explain what's the difference between old JB and the new one? Thanks in advance

Answer 1 · 2019-01-07T17:45:59.000Z

Use bfdecrypt + substrate's cynject.

Answer 2 · 2019-01-08T05:45:34.000Z

@Cryptiiiic can they work with 'load tweak' enabled mode? and, I don't find much useful info about cynject, would you please send a link or guide?

Answer 3 · 2019-01-08T18:16:39.000Z

@liuxuan30 I haven't tried it yet but pwn told me to use it. You were able to use inject_criticald and inject_library with tweaks enabled and cynject is part of substrate(made by saurik) so wouldn't it be better to try it instead of asking.

Answer 4 · 2019-01-09T01:38:49.000Z

@Cryptiiiic the truth is I don't know how to get started with unc0ver. though I know how to code, but I don't have the knowledge how to put what you said together :(
wanted to learn, but I couldn't find any doc or guide on this topic.
e.g. how it works, what's missing.

Answer 5 · 2019-01-17T03:25:17.000Z

@liuxuan30
to get bfdecrypt:
iPhone:~ root# curl -s https://raw.githubusercontent.com/BishopFox/bfdecrypt/master/bfdecrypt.dylib -o bfdecrypt.dylib
iPhone:~ root# ldid -S bfdecrypt.dylib
iPhone:~ root# cp bfdecrypt.dylib /usr/lib/

to dump an app:
iPhone:~ root# ps aux | grep Discord
mobile 3942 90.0 4.7 1752832 95760 ?? Rs 7:23PM 0:00.67 /var/containers/Bundle/Application/E90BCC57-0758-4C9B-91B2-5C6BD7193711/Discord.app/Discord
root 3944 2.8 0.3 1586528 5424 s000 R+ 7:23PM 0:00.01 grep Discord
iPhone:~ root# cynject 3942 /usr/lib/bfdecrypt.dylib
iPhone:~ root# nc 10.0.0.16 31336 > /var/mobile/Documents/Discord.ipa

Here is an example.

Answer 6 · 2019-01-21T06:01:22.000Z

Thanks! @Cryptiiiic but you have to disable load tweaks right? Do you know why?

I'm kind of want to write a daemon process to execute the shell cmds to dump the apps, but disabling tweaks would kill my daemon.

previously I can use dumpdecrypted.dylib and my daemon at the same time.

Answer 7 · 2019-01-22T17:14:42.000Z

@liuxuan30 no you don't at all. Why would you have to disable them. Saurik makes his injector properly unlike coolstar and his inject_criticald.

Answer 8 · 2019-01-28T01:35:57.000Z

wow that's fantastic. Thanks! closing.

Answer 9 · 2019-03-03T00:36:37.000Z

I understand this is closed now however when trying to inject into an app the app crashes.

Answer 10 · 2019-03-03T11:11:01.000Z

Tried to use cynject on iOS12 (with unc0ver). The app exits with an error:

cyinject 871 /usr/lib/bfdecrypt.dylib 

_krncall(mach_vm_read_overwrite) =10000003

Answer 11 · 2019-03-07T16:22:42.000Z

Tried to use cynject on iOS12 (with unc0ver). The app exits with an error:
cyinject 871 /usr/lib/bfdecrypt.dylib 

_krncall(mach_vm_read_overwrite) =10000003

I get exactly the same thing.

Answer 12 · 2019-03-08T03:22:59.000Z

reopen - @Cryptiiiic can you help?

Answer 13 · 2019-03-15T11:08:54.000Z

Any updates? @pwn20wndstuff

Answer 14 · 2020-03-28T12:32:51.000Z

Closing, use substitute-inject on substitute. Bingner updated cynject for substrate.