setup iphone tweak dev environment on Windows 10 with Linux Subsystem

examples.md

Helpful Command Examples

copy files from iDevice to WLS

Execute this from WLS

scp -rp root@localhost:/ios-dev/crackerxi/Reddit_4.20.0_CrackerXI/Payload/Reddit.app/* ./

dump headers for everything on device (way overkill)

Use https://github.com/limneos/classdump-dyld (available on cydia). This headers for everything in the iOS dyld cache into the specified output directory (this this case /ios-dev/dyld/)

classdump-dyl -o /ios-dev/dyld/ -r / -c

this command blew up for me apparently when dumping NewsTransport:

 Dumping /System/Library/PrivateFrameworks/NewsTransport.framework/NewsTransport...(221 classes)
 99% [================================================= ]  220/221 <NTPBLinkTap>
2018-10-20 07:01:41.592 classdump-dyld[15133:2103976] *** Assertion failure in +[SpringBoardUI load], /BuildRoot/Library/Caches/com.apple.xbs/Sources/SpringBoardUI/SpringBoard-3757.36.16/SpringBoardUI.m:57
2018-10-20 07:01:41.602 classdump-dyld[15133:2103976] *** Terminating app due to uncaught exception 'NSInternalInconsistencyException', reason: 'This process should not be linking or loading SpringBoardUI.framework (<rdar://problem/26143166>)'
*** First throw call stack:
(0x18215ed8c 0x1813185ec 0x18215ebf8 0x182b4efa0 0x198f2379c 0x18131a9f0 0x18131bb58 0x103101fd4 0x1031070ec 0x103107624 0x1030fce84 0x103103734 0x181ab6ef0 0x102f03c08 0x102f07934 0x181ab5fc0)
Abort trap: 6

mac-os.md

Installing macOS on windows 10

• download some shady ass vm image of macOS... maybe named macOS Sierra v10.12 (16A323) Multilingual Image For VMware [SadeemPC]
• follow these instructions
• on step 11 of those instructions, you'll probably have to replace the curly unicode quotes for normal quotes
• boot it up
• change language to english (mine defaulted to italian?)
• setup file sharing between vm and windows
• this was also helpful
• oh, also the Admin password for the os may be 123
• you may want to crank up the memory and cpu on the vm if you're planning on disassembling binaries in the vm. Hopper consumed 3-4 gb of memory fairly quickly when noshing on a 35mb binary.
• find xcode download urls here (xcode 9.2 is the last version that will run on macOS Sierra 10.12)
• hopper

fix full screen resolution

On my 3000x2000 display I found a good setting to be 1500x1000 for the vm, and then setting the vm scale to 200%. This keeps the macOS UI from rendering too small.

cd "C:\Program Files\Oracle\Virtualbox"
VBoxManage setextradata "macOS 10.12 Sierra" "CustomVideoMode1" "1500x1000x32"
VBoxManage setextradata "macOS 10.12 Sierra" VBoxInternal2/EfiGraphicsResolution 1500x1000

upgrade to Mojave?

Mojave 10.14 Build 18A391

In order to get the upgrade to run correctly:

• mount dmg file
• drag install app into Applications folddger
• run installer
• on reboot, you have to hit + R right as VirtualBox restarts the VM. This will get you into the EFI menu. Details here.
• in EFI menu select Boot Maintenance Manger > Boot from File > Select second option > Hit Enter
• navigate to macOS Install Data > Locked Files > Boot Files > boot.efi > Hit Enter

or just install Mojave to begin with using an image.

Mojave

• used macOS Mojave 10.14 by SYSNETTECH Solutions Full Version.iso
• used these instructions
• checked Storage > Controller > Use Host I/O Cache (found that here)
• installed VitualBox Extesion Pack, and set USB controller to usb 3 (this fixes the mouse functionality)

Mojave on Windows 10.md

Mojave on Windows 10

https://www.insanelymac.com/forum/topic/309556-run-vanilla-os-x-el-capitan-sierra-high-sierra-or-mojave-in-vmware-workstation-on-a-windows-host/

Used the latest VMWare unlocker tool from here: https://github.com/DrDonk/unlocker

Used macOS Mojave 10.14 by SYSNETTECH Solutions Full Version.iso

setup.md

As of 10/6/2018 the tooling on linux only supports the iOS 9.2 sdk. If you have the newer sdks in your theos sdks folder, you will get errors.

go root (make sure you use the -)

sudo su -

define where you want files stored

DEV_INIT_SCRIPT="/etc/profile.d/dev-setup.sh"
DEV_BASE="/mnt/c/ios-dev"
PROJECTS="$DEV_BASE/projects"
THEOS_BASE="$DEV_BASE"
TOOLS="$DEV_BASE/tools"

echo export DEV_INIT_SCRIPT=$DEV_INIT_SCRIPT >> $DEV_INIT_SCRIPT
echo export DEV_BASE=$DEV_BASE >> $DEV_INIT_SCRIPT
echo export PROJECTS=$PROJECTS >> $DEV_INIT_SCRIPT
echo export THEOS_BASE=$THEOS_BASE >> $DEV_INIT_SCRIPT
echo export TOOLS=$TOOLS >> $DEV_INIT_SCRIPT
echo export THEOS="$THEOS_BASE/theos" >> $DEV_INIT_SCRIPT
echo export PATH="\$THEOS/bin:\$PATH" >> $DEV_INIT_SCRIPT
echo alias theos="\$THEOS/bin/nic.pl" >> $DEV_INIT_SCRIPT
echo export THEOS_DEVICE_IP=localhost THEOS_DEVICE_PORT=22 >> $DEV_INIT_SCRIPT

source $DEV_INIT_SCRIPT

mkdir $DEV_BASE &> /dev/null
mkdir $PROJECTS &> /dev/null
mkdir $THEOS_BASE &> /dev/null

update apt-get package info

apt-get update

install required utilities

apt-get install -y build-essential git unzip libio-compress-perl

clone Theos files

cd $THEOS_BASE
git clone --recursive git://github.com/theos/theos.git

download the linux toolchain

cd "$THEOS_BASE/theos/toolchain"
wget https://developer.angelxwind.net/Linux/ios-toolchain_clang%2bllvm%2bld64_latest_linux_x86_64.zip -O LinuxToolchain.zip
unzip LinuxToolchain.zip
rm -rf LinuxToolchain.zip

download iOS sdks for theos

cd "$THEOS_BASE/theos/sdks/"
wget http://resources.airnativeextensions.com/ios/iPhoneOS9.2.sdk.zip -O sdk.zip
unzip sdk.zip
rm -rf sdk.zip

Currently, the toolchain is broken for sdks 9.3+. So don't use this:

 # rm -rf /opt/theos/sdks/* /opt/theos/sdks/.*
 # git clone https://github.com/theos/sdks /opt/theos/sdks

remove unsupported sdk versions (optional - only if you clone the full theos sdks repo)

rm -rf /opt/theos/sdks/iPhoneOS10.* /opt/theos/sdks/iPhoneOS11.* 

install newer libstdc++

cd /tmp
wget http://ubuntu.mirrors.tds.net/ubuntu/pool/main/g/gcc-5/libstdc++6_5.4.0-6ubuntu1~16.04.10_amd64.deb -O libstdc++.deb
dpkg-deb -x libstdc++.deb libstdc++
cp libstdc++/usr/lib/x86_64-linux-gnu/libstdc++.so.6.0.21 /usr/lib/x86_64-linux-gnu/
cd /usr/lib/x86_64-linux-gnu/
ln -sf libstdc++.so.6.0.21 libstdc++.so.

fix fakeroot

sed -i 's/\$(FAKEROOT) -r/fakeroot-tcp/g'  "$THEOS_BASE/theos/makefiles/package/deb.mk"

finished! now you can make a project

cd $PROJECTS
theos
cd my-project-folder
make

additional stuff

install SSH over USB

• use ifunbox 2.95 from this page (direct download).
• install it on windows and create the USB tunnel from Quck Toolbox Tab > USB Tunnel > [Detect and Create] link
• now you should be able to type ssh root@localhost which will connect at the default port 22 on your local machine and tunnel you to port 22 on your iDevice.

Note on USB & WSL

• no luck installing usbmuxd / ganalf with WSL - as of 10/12/218 there is not full support for USB devices in WSL outside of mass storage devices.

Setup environment on iDevice

DEV_INIT_SCRIPT="/etc/profile.d/dev-setup.sh"
DEV_BASE="/ios-dev"
DEV_TOOLS_PATH="$DEV_BASE/tools"
CRACKERXI="/var/mobile/Documents/CrackerXI"

echo export DEV_INIT_SCRIPT=$DEV_INIT_SCRIPT >> $DEV_INIT_SCRIPT
echo export DEV_BASE=$DEV_BASE >> $DEV_INIT_SCRIPT
echo export DEV_TOOLS_PATH=$DEV_TOOLS_PATH >> $DEV_INIT_SCRIPT
echo export CRACKERXI=$CRACKERXI >> $DEV_INIT_SCRIPT

source $DEV_INIT_SCRIPT

mkdir $DEV_BASE &> /dev/null
mkdir $CRACKERXI &> /dev/null
ln -s $CRACKERXI "$DEV_BASE/crackerxi"

Package and Install tweak

make package
make install

Install CrackerXI app from Cydia

• Available on this repo: https://iosgods.com/topic/80763-crackerxi-crack-ios-ipa-apps-on-ios-10-11/

Install SOcket CAT from Cydia

This lets you run socat from bash so you can view syslog output from tweaks, apps, etc.

Notes

• ios sdks can be downloaded here: https://github.com/theos/sdks and here: http://resources.airnativeextensions.com/ios/
• you can reset your linux subsystem using these instructions: https://medium.com/@gauravnelson/how-to-reset-ubuntu-in-wsl-f64dd7977e73
• intro to setting up / using Theos: https://stackoverflow.com/questions/6118814/is-there-anywhere-where-i-could-start-mobilesubstrate-tweaks-programming/11553722#11553722

tools.md

"Tools"

IDA Pro 7.0 - crack likely contains trojan - do not run as administrator. Install IDA to a location outside of c:\program files. Copy crack to the IDA folder, and run not as administrator as described here.

hopper

@frakman1 Probably not too hard, but I know next to nothing about creating Docker images, or how they can interop with WSL. What benefits would there be to using a docker image?