From 50f6b38530b0ec339170ee388f738e8eaa2d13de Mon Sep 17 00:00:00 2001 From: Vincent Andrae Date: Wed, 26 Feb 2025 16:46:49 +0100 Subject: [PATCH 1/2] Add iOS cross-compilation support - Updated CFLAGS and LDFLAGS. - Disabled signing of bin2c during cross-compilation. --- GNUmakefile | 2 +- frida_mode/GNUmakefile | 4 ++++ 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/GNUmakefile b/GNUmakefile index cc9bd1ea..9dae4dec 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -72,7 +72,7 @@ endif IS_IOS:=$(findstring ios, $(shell $(CC) --version 2>/dev/null)) ifdef IS_IOS - override CFLAGS += -DTARGET_OS_IPHONE -DTARGET_OS_IOS + override CFLAGS += -DTARGET_OS_IPHONE -DTARGET_OS_IOS -isysroot $(IOS_SDK_PATH) endif ifeq "$(findstring android, $(shell $(CC) --version 2>/dev/null))" "" diff --git a/frida_mode/GNUmakefile b/frida_mode/GNUmakefile index 88458525..545cde4f 100644 --- a/frida_mode/GNUmakefile +++ b/frida_mode/GNUmakefile @@ -114,6 +114,8 @@ ifdef IS_IOS ARCH := arm64 endif endif + override CFLAGS += -isysroot $(IOS_SDK_PATH) + override LDFLAGS += -L$(IOS_SDK_PATH)/usr/lib else ifeq "$(shell uname)" "Darwin" OS:=macos AFL_CFLAGS:=$(AFL_CFLAGS) -Wno-deprecated-declarations @@ -402,8 +404,10 @@ $(AFL_PERFORMANCE_OBJ): $(AFL_PERFORMANCE_SRC) $(BIN2C): $(BIN2C_SRC) $(HOST_CC) -D_GNU_SOURCE -o $@ $< ifdef IS_IOS +ifeq ($(HOST_CC),$(TARGET_CC)) @ldid -S../entitlements.plist $@ && echo "[+] Signed $@" || { echo "[-] Failed to sign $@"; } endif +endif $(JS_SRC): $(JS) $(BIN2C)| $(BUILD_DIR) cd $(JS_DIR) && $(BIN2C) api_js $(JS) $@ From 1d1aa3edec0688279e68e54fed998342cfc6874e Mon Sep 17 00:00:00 2001 From: Vincent Andrae Date: Wed, 26 Feb 2025 17:50:20 +0100 Subject: [PATCH 2/2] Add iOS installation instructions --- docs/INSTALL.md | 42 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 42 insertions(+) diff --git a/docs/INSTALL.md b/docs/INSTALL.md index ca268f6a..3840e083 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -169,3 +169,45 @@ and definitely don't look POSIX-compliant. This means two things: User emulation mode of QEMU does not appear to be supported on macOS, so black-box instrumentation mode (`-Q`) will not work. However, FRIDA mode (`-O`) works on both x86 and arm64 macOS boxes. + +## iOS on arm64 and arm64e + +**Option 1: Compilation on jailbroken iOS (recommended)** +To compile directly on a jailbroken iOS device, it is recommended to use a jailbreak that supports Procursus, +as Procursus provides up-to-date pre-built packages for the required tools. + +Ensure `openssh` is installed on your iOS device, then SSH into it. +Install the following packages: + +```shell +sudo apt install wget git make cmake clang gawk llvm ldid coreutils build-essential xz-utils +``` + +Configure the environment for compilation: + +```shell +export IOS_SDK_PATH="/usr/share/SDKs/iPhoneOS.sdk" +export CC=clang +export CXX=clang++ +``` + +Then build following the general Linux instructions. + +**Option 2: Cross-Compilation on macOS for Jailbroken iOS** +In addition to the packages required for a macOS build, install `ldid` for signing binaries: + +```shell +brew install ldid-procursus +``` + +Configure the environment for compilation: + +```shell +export IOS_SDK_PATH="$(xcrun --sdk iphoneos --show-sdk-path)" +export CC="$(xcrun --sdk iphoneos -f clang) -target arm64-apple-ios14.0" +export CXX="$(xcrun --sdk iphoneos -f clang++) -target arm64-apple-ios14.0" +export HOST_CC=cc +``` + +Then build following the general Linux instructions. +Finally, transfer the binaries to your iOS device.