Difference between revisions of "Cycript"

From AwkwardTV
Jump to: navigation, search
Line 1: Line 1:
'''cycript for jailbreakd based jailbreaks tvOS 10.2.2 - > 11.1 <br />  
+
'''cycript for jailbreakd based jailbreaks tvOS 10.2.2 - > 12.1.1 <br />  
Current Version: 0.9.7000 <br />
+
Current Version: 0.9.8000 <br />
  
 
[https://cycript.org Cycript] allows developers to explore and modify running applications on either iOS or Mac OS X using a hybrid of Objective-C++ and JavaScript syntax through an interactive console that features syntax highlighting and tab completion.
 
[https://cycript.org Cycript] allows developers to explore and modify running applications on either iOS or Mac OS X using a hybrid of Objective-C++ and JavaScript syntax through an interactive console that features syntax highlighting and tab completion.
Line 13: Line 13:
 
'''Step 2:''' ssh in to your appletv (if you need more instructions here, you probably arent ready for cycript)
 
'''Step 2:''' ssh in to your appletv (if you need more instructions here, you probably arent ready for cycript)
  
'''Step 3:''' Find the PID of your process ie:
+
'''Step 3:''' Run the new 'cycripter' bin to make it easier to inject our CycriptLoader.dylib into the target process
  ps awwwx | grep [P]ineBoard
+
  cycripter PineBoard &
 
   
 
   
 
yields:
 
yields:
  368  ?? Ss    0:06.93 /Applications/PineBoard.app/PineBoard
+
  [1] 1627
 +
  root@ (/var/root)# PineBoard PID is 1619
 +
Remote task: 0xa03
 +
Dylib Path Addr: 0x100ffc100
 +
our dir: /tmp/PineBoard
 +
center: <CFNotificationCenter 0x100601d90 [0x20af2fce0]>
 +
Start listening...Trying dlopen...
 +
dylib opened at addr: 0x282618e40
 +
No error occurred!
 +
we got a port! 1337
 +
cycript started on port: 1337, press return & then run the command to connect:
 +
cycript -r 127.0.0.1:1337
  
'''Step 4:''' Inject CycriptLoader.dylib into the process using inject_criticald from electra
+
'''Step 4:''' Hit return (will take you back to root@ (/var/root)# )
  
/electra/inject_criticald 368 /usr/lib/CycriptLoader.dylib
+
'''Step 5:''' Start cycript (the command to start cycript will be the last line of the prior commands output)
  
(note sub in your PID from step 3 where you see 368)
+
cycript -r 127.0.0.1:1337 (note your port number might be different, keep an eye on the output of the first command you run)
  
'''Step 5:''' Start cycript
+
'''Step 6:''' Profit!
  
cycript -r 127.0.0.1:1337
+
The latest version of the listener library will check to see if the default (1337) is bound already, if it is it will keep incrementing port numbers until it finds an available port.
 
 
'''Step 6:''' Profit!
 
  
Keep in mind since our listener library is hardcoded to port 1337 you can only inject one process at a time, and will need to tear that process down to reclaim the ability to use port 1337.
+
'''It is important to note that '&' is crucial to background cycripter, as soon as cycripter is exited it tears the entire process down for some reason (the process you have injected into).'''

Revision as of 02:34, 21 May 2019

cycript for jailbreakd based jailbreaks tvOS 10.2.2 - > 12.1.1
Current Version: 0.9.8000

Cycript allows developers to explore and modify running applications on either iOS or Mac OS X using a hybrid of Objective-C++ and JavaScript syntax through an interactive console that features syntax highlighting and tab completion. (It also runs standalone on Android and Linux and provides access to Java, but without injection.)

Special Notes for jailbreakd jailbreaks

Cycript can currently not be used the same way as you have always been used to, due to limitations of the new style of jailbreaks (no kpp bypass) some additional steps are necessary to get cycript working.

Step 1: Install cycript from featured section on nitoTV

Step 2: ssh in to your appletv (if you need more instructions here, you probably arent ready for cycript)

Step 3: Run the new 'cycripter' bin to make it easier to inject our CycriptLoader.dylib into the target process

cycripter PineBoard &

yields:

[1] 1627
root@ (/var/root)# PineBoard PID is 1619
Remote task: 0xa03
Dylib Path Addr: 0x100ffc100
our dir: /tmp/PineBoard
center: <CFNotificationCenter 0x100601d90 [0x20af2fce0]>
Start listening...Trying dlopen...
dylib opened at addr: 0x282618e40
No error occurred!
we got a port! 1337
cycript started on port: 1337, press return & then run the command to connect:
cycript -r 127.0.0.1:1337

Step 4: Hit return (will take you back to root@ (/var/root)# )

Step 5: Start cycript (the command to start cycript will be the last line of the prior commands output)

cycript -r 127.0.0.1:1337 (note your port number might be different, keep an eye on the output of the first command you run)

Step 6: Profit!

The latest version of the listener library will check to see if the default (1337) is bound already, if it is it will keep incrementing port numbers until it finds an available port.

It is important to note that '&' is crucial to background cycripter, as soon as cycripter is exited it tears the entire process down for some reason (the process you have injected into).