search

DoranekoSystems / frida-ceserver

Frida-based ceserver: A fusion of Cheat Engine and Frida.
GNU General Public License v3.0
201 stars 52 forks source link

Debugger support on iOS #4

Closed DoranekoSystems closed 2 years ago

DoranekoSystems commented 2 years ago

The debugger is currently in a testing state and bugs may exist.

config.ini

{
  "target": "",
  "targetOS": "ios",
  "mode": "attach",
  "arch": 1,
  "fix_module_size": false,
  "ceversion": "7.4",
  "manualParser": false,
  "javaDissect": false,
  "frida_server_ip":"",
  "native_ceserver_ip": "192.168.x.x:52734",
  "debugserver_ip": "192.168.x.x:1234",
  "custom_symbol_loader": ""
}
  1. arch must be 1. This must be set to x64 because Cheat Engine does not support arm64.
  2. Configure BinUtils and set disassembler to arm64.
  3. Run debugserver on iOS. 
    ./debugserver 0.0.0.0:1234
  4. native_ceserver must also be run. This is because frida's own memory read/write must hit a breakpoint.

Only arm64 devices are supported. Currently only 「find out what writes to this address」 and「find out what accesses this address」are valid. Have fun!

LanBaiCode commented 2 years ago

No response ,[find out what accesses this address]

DoranekoSystems commented 2 years ago

Thank you for your comment. Did you find the referenced process itself?

LanBaiCode commented 2 years ago

Thank you for your comment. Did you find the referenced process itself?

The game process that needs to be modified has been found, and the address can be added and the value in the memory can be modified But can't use lldb

DoranekoSystems commented 2 years ago

There was a problem with the exclusion control. I would appreciate it if you could try again with a new commit. Perhaps this will work.

LanBaiCode commented 2 years ago

There was a problem with the exclusion control. I would appreciate it if you could try again with a new commit. Perhaps this will work.

yes it would be better if you have telegram so i can reply right away

Thekidiacs commented 2 years ago

Wow this is awesome. I'm going to test this right now!

Thekidiacs commented 2 years ago

So I tried it and it was showing results when I did what writes/accesses the address but I'm pretty sure it wasn't the correct assembly. I'm using an iPad Air 4th generation on iOS 14.2 it is arm64e. It wouldn't let me search anymore after attaching the debugger. Maybe you have a solution? Here is what it looked like. Cheat Engine 7 2 4_19_2022 1_31_14 AM

DoranekoSystems commented 2 years ago

Thekidacs

Please try with the latest commits. https://github.com/ds20211213/frida-ceserver/commit/c6c53659faf7ff4a443d35b878b68caac961b793

Currently, cheat engine does not support arm64, so binutils configuration is required. https://github.com/ds20211213/frida-ceserver#binutils

Also, native_ceserver needs to work. This is because frida cannot read memory when the process is stopped in the debugger. https://github.com/ds20211213/ceserver-ios-mini

The device may not work properly due to the fact that it is an arm64e. At this time, I am only testing the operation on arm64.

Thekidiacs commented 2 years ago

is native_ceserver the ceserver that I put at /usr/bin? If so I am already using that. But am I still supposed to run the command python main.py "App name". I forgot to do binutils configuration so I will try that and report back. Also, I redownloaded with the latest commits.

Thekidiacs commented 2 years ago

So in cheat engine I went to memory view and went to "View" and couldn't find binutils?

DoranekoSystems commented 2 years ago

Thekidiacs

Are you on telegram or wechat?

Thekidiacs commented 2 years ago

Yes, I use telegram whats your telegram username I'll add you.

LanBaiCode commented 2 years ago

Thekidiacs

Are you on telegram or wechat?

I think now I can solve his problem,233

Thekidiacs commented 2 years ago

Thanks @ds20211213. @LanBaiCode Thank you for willing to help me. What are your ideas?

LanBaiCode commented 2 years ago

Thanks @ds20211213. @LanBaiCode Thank you for willing to help me. What are your ideas?

@ds20211213 He will help you solve the problem, the problem you encountered, I also asked him yesterday, and it has been successfully solved

Thekidiacs commented 2 years ago

Okay awesome. :)

DoranekoSystems commented 2 years ago

Supported update of ce itself. arm64 disassembly and debugging is available without using binutils. If you can build the ce itself, please try it if you like.

{
  "target": "",
  "targetOS": "ios",
  "mode": "attach",
  "arch": 3,
  "fix_module_size": false,
  "ceversion": "7.4.2",
  "manualParser": false,
  "javaDissect": false,
  "frida_server_ip":"",
  "native_ceserver_ip": "192.168.x.x:52734",
  "debugserver_ip": "192.168.x.x:1234",
  "custom_symbol_loader": ""
}

img

yazigegeda commented 2 years ago

1 2

Where should I be unfinished

DoranekoSystems commented 2 years ago

1 2

Where should I be unfinished

For android, the original ceserver supports the arm64 debugger. Debugging is possible by building the cheat engine itself and ceserver.

LanBaiCode commented 2 years ago

1 2

Where should I be unfinished

Yes, for Android, it would be better to use native ceserver, no need to use this project

yazigegeda commented 2 years ago

1 2 Where should I be unfinished

Yes, for Android, it would be better to use native ceserver, no need to use this project

I use the source code of cheat engine 7.4 on github to compile ceserver. After execution, this problem still occurs when debugging with cheat engine 7.4

StevenLyo commented 2 years ago

can I Use this tool on Mac?

DoranekoSystems commented 2 years ago

can I Use this tool on Mac?

The Mac version of cheat engine does not support network mode, so it is not supported at this time.