2.5 KB


Tools to make it easier to get cycript to work in chimera, will eventually try and get it to work in earlier versions, but for now 12+ is all that is supported.

How to use it:

cycripter <ProcessName> &

ie cycripter PineBoard &

which should return log like the following:

[2] 1763 root@ (/var/root)# PineBoard PID is 1758 No error occured! cycript started on port: 1337! Press return & then run the following command to connect: cycript -r <--- run this command exactly as it appears

Press return and run the command in the last line of the output from cycripter, in our case it would be

cycript -r


It's a two step build process run either or depending on which platform you are targeting

Then change to CycriptLoader folder and run 'make', you may need to rename a make file first to build for your intended target.

How it works

  1. cycripter takes the process name and searches for a matching pid, while adding a distributed notification observer to listen for the port CycriptLoader.dylib will report back for us to connect to in cycript

  2. it uses libtakeover and code from inject_criticald and injects /usr/lib/CycriptLoader.dylib into the targeted process

  3. Starting at port 1337 CycriptLoader.dylib finds the first available port and then posts a distributed notification back to cycripter with this port number. After that it runs CYServerListener at the specified port inside the injected process.

  4. cycripter receives this notification and prints out the log for what we need to run to connect to the targeted process with cycript.

  5. when running cycript it connects to a "remote" process on localhost, on the specified port. voila!


Would much prefer not to use distributed notifications to communicate this information between the loader and the binary, initially tried to write the file out to /tmp//port and have the bin monitor that folder and read the 'port' file which it could read back and log to us. Not a much cleaner or better solution, but i tried and it failed so i resorted to push notifications as a quick stop gap.

Would also prefer to fork / exec / etc a new process and drop straight in to cycript, or even just leverage its libraries and connect via sockets to control the cycript session as well, don't currently have the time to purse that path, hoping if someone else cares enough they can pick up the mantle and continue, or at least submit a PR.

more info: