Iphone Applications

Full instruction: How to crack the annex of the App Store! Read the instructions on! And who laziness do it himself, he can download ready hacked application here!

1) Preparations.
You will need:
- IPhone / iPod Touch with firmware 2.0, dzheylbreknuty, with an installed Cydia;
- Start Cydia and update all that she asks for your updates;
- Advanced (in the same Cydia) set:
a) Open SSH;
b) GNU Debugger for iphone;
in) iPhone 2.0 Toolchain;
- In computer (I use a PC with OS Windows XP SP3), want a piece of the terminal.
I use PuTTY (http://www.chiark.greenend.org.uk/ ~ sgtatham / putty / download.html)
The terminal should be configured, you must enter the body (root @ alpine);
- Well, and immediately break the application. It must be purchased in
AppStore and operating normally at the time of Krak.
All the cooking is over. We shall now begin:

2) The collection of information.
In Terminal (all on PC) type:
otool-l (path to your program)
for example:
otool-l / var/mobile/Applications/F02B7479-78DH-4AA2-B33F-D27E098CB478/Test.app/Test
As podsmotret way popisyvat here, I will not, you have to define it and remember it.
You vyvalitsya KUCHA infy, among which some are looking for the following lines:
Load command 9
cmd LC_ENCRYPTION_INFO
cmdsize 20
cryptoff 4096
cryptsize 798720
cryptid 1
Ie Section 9 Load Command - LC_ENCRYPTION_INFO.
Save the following meanings:
cryptoff - offset (dec) from the beginning of the file from where begin encrypted data;
cryptsize - the length of encrypted data;
cryptid 1 - indicates that the file is encrypted data (if there is 0,
then any further steps until the signature is not necessary);

3) Run the victim.
Start your application on the body. Try not to go beyond the start menu;
Now we have to calculate the ID process. To do this in a terminal on the PC, type:
ps ax
Shows a long list of processes. We are looking for in the process familiar to us (by the way, there will be
that something like):
721?? s 0:00.00 / var/mobile/Applications/F02B7479-78DH-4AA2-B33F-D27E098CB478/Test.app/Test
So 721 it is we need ID. Store it.

4) Sdiranie skins.
Run GNU Debugger with the option to connect to the process:
gdb-p PID
where PID - ID process in step 3. Example:
gdb-p 721
Debugger loaded in the victim and raspolozhitya it. ATTENTION all this time, the "victim"
should be open on the body.
Now you have to make the dump command:
dump memory dump.bin 0 × 2000 (addr2)
where addr2 = (cryptsize 8192) -> HEX (!) = 798720 8192 = 806912 = 0xC5000
enter:
dump memory dump.bin 0 × 2000 0xC5000
Lezem to SSH in / var / root / and at the dump.bin vytaskivaem received by the PC.
Closing Debugger (quit) and closes at the sacrifice of the body. More they do not need us.

5) Preparirovanie victim.
Follow-up done on a PC in your favorite Hex-editor. I enjoyed HIEW.
We will need:
- The original program file (/ var/mobile/Applications/F02B7479-78DH-4AA2-B33F-D27E098CB478/Test.app/Test);
- Dump.bin, resulting in paragraph 5;
You take the original file and supersede it with a piece of deflection 0 × 1000 file dump.bin;
There is a bit - fix header. We are looking for at offset 0 × 800 ~ in the resulting file
Baitik type 0 × 01 0 × 00 and replaced by 0 × 00 0 × 00
(Simply put, are seeking around 0 × 800 lonely edinichku and replace it at zero);

6) to download all of the original application folder
(example: / var/mobile/Applications/F02B7479-78DH-4AA2-B33F-D27E098CB478/Test.app/Test)
and upload / Test.app in / Applications or / stash / Applications .* (one where)
remove the folder SC_Info (she no longer needed)
rewrites prepared in paragraph 5 zapusknoy file,
prescribe the right 755.

7) signing the application.
We just have to sign the application on the new site:
ldid-S myapp
Example:
ldid-S / Applications / Test.app / Test
If at some time, the terminal began Killed responsible for your actions, restart the phone and try again.

8) The completion.
Now you do restart and everything!