Tools to make it easier to get cycript to work in chimera, will eventually try and get it to work in earlier versions, but for now 12+ is all that is supported.

Kevin Bradley 132dc9b382 updated readme adding wiki link 3 weeks ago
CycriptLoader dba77a1cf6 fixed ios makefile to point to 12.1 sdk and build both arm64 and arm64e 3 weeks ago
.gitignore 23518e5d2a Initial commit 3 weeks ago
Ent.plist 05e3eb0a4c initial commit 3 weeks ago
FindProcess.h 05e3eb0a4c initial commit 3 weeks ago
FindProcess.m 05e3eb0a4c initial commit 3 weeks ago
LICENSE 23518e5d2a Initial commit 3 weeks ago
README.md 132dc9b382 updated readme adding wiki link 3 weeks ago
cycripter.mm 686bbf9bd0 cleaned up indentation 3 weeks ago
iosMake.sh 05e3eb0a4c initial commit 3 weeks ago
libtakeover-tvOS.a 05e3eb0a4c initial commit 3 weeks ago
libtakeover.a 05e3eb0a4c initial commit 3 weeks ago
libtakeover.hpp 05e3eb0a4c initial commit 3 weeks ago
tvosMake.sh 05e3eb0a4c initial commit 3 weeks ago

README.md

cycripter

Tools to make it easier to get cycript to work in chimera, will eventually try and get it to work in earlier versions, but for now 12+ is all that is supported.

How to use it:

cycripter <ProcessName> &

ie cycripter PineBoard &

which should return log like the following:

[2] 1763 root@ (/var/root)# PineBoard PID is 1758 No error occured! cycript started on port: 1337! Press return & then run the following command to connect: cycript -r 127.0.0.1:1337 <--- run this command exactly as it appears

Press return and run the command in the last line of the output from cycripter, in our case it would be

cycript -r 127.0.0.1:1337

Building:

It's a two step build process run either iosMake.sh or tvOSMake.sh depending on which platform you are targeting

Then change to CycriptLoader folder and run 'make', you may need to rename a make file first to build for your intended target.

How it works

  1. cycripter takes the process name and searches for a matching pid, while adding a distributed notification observer to listen for the port CycriptLoader.dylib will report back for us to connect to in cycript

  2. it uses libtakeover and code from inject_criticald and injects /usr/lib/CycriptLoader.dylib into the targeted process

  3. Starting at port 1337 CycriptLoader.dylib finds the first available port and then posts a distributed notification back to cycripter with this port number. After that it runs CYServerListener at the specified port inside the injected process.

  4. cycripter receives this notification and prints out the log for what we need to run to connect to the targeted process with cycript.

  5. when running cycript it connects to a "remote" process on localhost, on the specified port. voila!

Notes

Would much prefer not to use distributed notifications to communicate this information between the loader and the binary, initially tried to write the file out to /tmp//port and have the bin monitor that folder and read the 'port' file which it could read back and log to us. Not a much cleaner or better solution, but i tried and it failed so i resorted to push notifications as a quick stop gap.

Would also prefer to fork / exec / etc a new process and drop straight in to cycript, or even just leverage its libraries and connect via sockets to control the cycript session as well, don't currently have the time to purse that path, hoping if someone else cares enough they can pick up the mantle and continue, or at least submit a PR.

more info: https://wiki.awkwardtv.org/wiki/Cycript