Adding custom binaries to jailbroken iOS 11.1.2 device

Used for discussing the various tools in the book as well as encouraging members to share tools

Adding custom binaries to jailbroken iOS 11.1.2 device

Postby razvand » Thu Mar 29, 2018 1:37 pm

Hi.

I'm trying to add sbtool to a jailbroken iOS 11.1.2 device. I've got a fat sbtool64 binary. I extracted the arm64 version, I extracted entitlements in plat.ent from the ls executable in binpack and then I used jtool to self sign the thin sbtool64.arch_arm64 binary:

Code: Select all
./jtool -arch arm64 --sign --ent plat.ent --inplace sbtool64.arch_arm64


But after copying the resulting executable on the jailbroken iOS device, I get the message:
Code: Select all
-bash-3.2# ./sbtool64.arch_arm64
-bash: ./sbtool64.arch_arm64: Operation not permitted


Any idea what the issue is?
razvand
 
Posts: 1
Joined: Thu Mar 29, 2018 1:30 pm

Re: Adding custom binaries to jailbroken iOS 11.1.2 device

Postby ladeshot » Thu Mar 29, 2018 8:40 pm

There seems to be something special about the /jb/usr/bin/ directory. Executables can run from there, but not if you move them out of it and into /var/root/. Try moving your now signed arm64 executable into /jb/usr/bin/ and then running it. This works for me.
ladeshot
 
Posts: 2
Joined: Mon Mar 12, 2018 7:02 pm

Re: Adding custom binaries to jailbroken iOS 11.1.2 device

Postby morpheus » Sat Mar 31, 2018 12:32 pm

The platform profile is preventing executing from /var outside a container. QiLin does not disable the platform profile (since this is an unpublished method). Just use /jb or any other / directory.
morpheus
Site Admin
 
Posts: 734
Joined: Thu Apr 11, 2013 6:24 pm


Return to Tools

Who is online

Users browsing this forum: No registered users and 3 guests