Hacking iOS
2015-05-06
Est. 3m read
What Does Hacking iOS Mean?
As most developers for the platform know, iOS is a very locked down operating system full of sandboxes, restrictions, and gray areas. But this doesn’t mean it’s impenetrable. Jailbreak developers try to exploit vulnerabilities in the operating system allowing commands to be executed with a higher privileges.
If we’re lucky, these exploiters will share their findings allowing the rest of the jailbreak community to jailbreak as well. Some of the biggest names for exploiting iOS 8 include Pangu8, TaiG, PP, and more.
Why Should I Care?
When you jailbreak your device, you’re given access to the entire operating system; with this access you can do things like modify your carrier name or completely re-theme your device!
Even if you’re not planning on customizing your device, there are still a lot of good reasons to jailbreak. For example, with access to the root filesystem, I can use my iPhone as a flash drive. For developers looking to reverse engineer iOS, you can dissect how Apple made the lock screen and other iOS components with FLEXible. This is only possible after jailbreaking.
Setup “Cycript”
Cycript is a program that allows users to essentially inject code into a running process. This is useful if you want to modify things in iOS without compiling a full tweak. Think of it like a REPL. In order to setup Cycript you must first install OpenSSH from the Cydia application that is installed when you jailbreak.
OpenSSH creates a secure shell from your computer’s CLI to your iOS device. This is how we’ll be interacting with Cycript. To install Cycript, we’re going to first need the .deb file containing the package. The download for this can be found here (make sure you get the latest version.)
Now that you have the .deb file on your computer, you need to connect to your
iOS device through SFTP and upload your .deb file with the following commands
by replacing <ip address>
with your devices IP address (which can be found
in the Settings app) and replacing <cycript path>
with the location of the
Cycript .deb file on your computer:
Zanes-iMac:~ Zane$ sftp root@<ip address>
root@...'s password:alpine
Connected to ...
sftp> cd /tmp
sftp> put <cycript path>
Uploading ... to /private/var/tmp/cycript_0.9.501_iphoneos-arm.deb
... 444KB 443.5KB/s 00:00
sftp> bye
Great! Almost ready to use Cycript, now we have to install the package using these commands:
Zanes-iMac:~ Zane$ ssh root@<ip address>
root@...'s password:alpine
Zanes-iPad:~ root# cd /tmp && dpkg -i cycript_0.9.501_iphoneos-arm.deb
Cycript is now up and ready to go!
To attach Cycript to a running process (e.g. SpringBoard) run the following on your device:
Zanes-iPad:~ root# cycript -p SpringBoard
cy#
Now you can manipulate the SpringBoard process that’s currently running without any permanent changes.
To read more about how to use Cycript’s language, check out the official manual. I’ve also made a video on Cycript that goes into detail about using it to inspect a process here: