02/05/2016, Jonathan Levin, http://NewOSXBook.com/ @Morpheus______
What is this?
You already know that Apple releases most components of Darwin (at least, the trivial ones) as open sources on OpenSource.Apple.com. What you may or may not know is that compiling them often runs into annoying challenges, which stem from all sorts of #ifdef blocks and private headers. Some of the private headers are simply portable from XNU's own (usually along with a #define PRIVATE or #define KERNEL_PRIVATE to unlock them for user mode use). Others are not as simple to figure out, containing references to constants that need to be reverse-engineered out of the compiled binary.
iOS users have long relied on Cydia packages to bring back that functionality. I also did, for the longest time, but ran into minor annoyances, namely:
Aside from the "Erica Utilities" I couldn't find a compilation of all the "must-have" commonly used utilities. Everything is in separate packages. Not finding simple utilities like "more" on the device really riled me. I mean, what, as a separate download? Come on! I expect less, if not more!
The binaries in Cydia aren't always the exact Apple binaries. Sometimes they're GNU core utilities or other clones, which results in slightly different functionality. In some cases (notably, ls) that brings color but removes xattr support, and in others it results in slightly different behavior.
The binaries are 32-bit. I learned that the hard way when I %$#%$# up a 64-bit jailbroken phone - messing with its shared library cache, then effectively killing SSH, and a host of other apps.
Some are just .. wrong. Notable here is kextstat, which someone compiled way back without even bothering to check if works. It doesn't. the kmod_ API has been removed a long while ago. sysctl is also bad.
Not all the binaries I use are actually there. fs_usage, lsmp, and a host of other really useful binaries (which aren't at all easy to compile) can't be found on Cydia.
I do a LOT of work on the i-Devices directly, thus decided to compile my own versions. Before certain crazy attention-seeking libel-spreading (but nonethless highly talented) individuals accuse me of any piracy (false claims, but you never know), I'll state that what I'm doing is within the realms of the Apple Public Source License. In fact, I went to great lengths to maintain the source information. This will be evident in the LC_SOURCE_VERSION, and the little known but rather useful what(1) command (also included):
morpheus@Zephyr(~)$ jtool -arch arm64 -l ~/iOSBinaries/usr/bin/what | grep SOURCE_
LC 10: LC_SOURCE_VERSION Source Version: 187.0.0.0.0
morpheus@Zephyr(~)$ what ~/iOSBinaries/usr/bin/what
/Users/morpheus/iOSBinaries/usr/bin/what
Copyright (c) 1980, 1988, 1993 The Regents of the University of California. All rights reserved.
PROGRAM: what PROJECT:shell_cmds-187
Compiled by Jonathan Levin, http://NewOSXBook.com/
Copyright (c) 1980, 1988, 1993 The Regents of the University of California. All rights reserved.
PROGRAM: what PROJECT:shell_cmds-187
Compiled by Jonathan Levin, http://NewOSXBook.com/
PROGRAM: what PROJECT:shell_cmds-187
Compiled by Jonathan Levin, http://NewOSXBook.com/
Copyright (c) 1980, 1988, 1993 The Regents of the University of California. All rights reserved.
Now, why is that output shown three times? Because all commands I'm supplying here are multi-architecture fat binaries - x86_64, arm64, and arm32. That way you can plop them into any device (arguably, the x86_64 version is redundant..). If you need the disk space, simply use jtool -arch ... -e arch (or lipo -thin) to extract the architecture slice you need.
All binaries are also self signed (jtool --sign) for iOS, and with appropriate entitlements, if necessary. The OS X versions are not signed, because SIP on 10.11 will actually kill (invalid) self-signed binaries. And for the most part, you can use the default OS X binaries - at least in theory my binaries should be largely (up to addressing) identical.
List of binaries:
TL;DR
Dropbear - a minimal SSH clone which you can use instead of Cydia's OpenSSH. Note you will need to create your public key, etc
lsmp - a little known utility to list mach ports. Of course procexp ports does a far better job at it (including naming ports!) nowadays :-)
SCP to your iOS device, go to root directory (cd /), and tar -k xvf. BE CAREFUL NOT TO OVERRIDE ANY EXISTING BINARIES.
Q&A
Why can't I just use the cydia utilities? - I'm not saying you can't. But if you want 64-bit versions, Cydia has none (AFAIK). Plus I think mine are more recent.
Why don't you start a Cydia Repository for this? - I think .deb is an overkill. I like my Jailbroken iOS as close as possible to the stock version, too, which is why a simple tar xvf makes more sense for me.
Can I embed them in my own Cydia Repository/package? - ABSOLUTELY. Please do! While you're at it, it would be nice if someone took my other tools (procexp and jtool) and put them into a package too! It would be cool if you drop me a line and let me know, so I can link to you. And - If somebody can/wants to reach out to Saurik (hey, Jay, big fan :-) so he can replace the *_cmds packages with these binaries - even cooler!
Hey! a specific_binary is misbehaving/doesn't work/getting killed/etc - Err.. Might be the case for some 32 bit. Or a jtool --sign bug. I tested most on all platforms, but there's so many, and I stick to 64 myself. Let me know via the Book Forum and I'll fix.
Why isn't my_favorite_binary here? - Because apparently I don't use it as much as you do. Drop me a line via the Book Forum and I'll gladly compile and add it
When is MOXiI 2 coming out?!?!?! Volume III is out. Volume I will be out hopefully by July 2017. There is now an official update page here. In the interim, check out TechnoloGeeks' OSX/iOS training.
FOR THOSE PEOPLE NOT WATCHING THE FORUM:DO NOT BLINDLY OVERWRITE EXISTING BINARIES UNLESS YOU ARE USING A FULLY UNTETHERED JAILBREAK. Doing so will get those binaries killed on next reboot, and may prevent you from booting.
02/09/2015 - Fixed the screen binary (mismatch in signature for arm64 version corrected)..
02/12/2016 - Recompiled ls w/colors, added fs_usage(!), id, date (so that those of you using zsh won't get errors from /etc/zshrc)
02/29/2016 - Actually *signed* zsh. Somehow the version before that didn't have jtool --sign on it, which would make it bad if, say, you wanted a shell on certain devices :-) Also symlinked it as bash (it's compatible). Also signed df
03/01/2016 - Added useful command like grep, stat, [rm/mk]dir, tset/reset, tar (GNU) and gzip/gunzip and cat(1) - and even sqlite3, so you can analyze all those .db files right on the device.
03/04/2016 - Added /usr/share/terminfo so that procexp, vim, and zsh can work on the Apple TV 4G (AAPL, shame on you for not adding shell support files to it! :-). Created /etc/dropbear (empty directory, so SSH could install cleanly in an untethered TV JB). Also added hostname, killall, renice, sttywget (no SSL yet), and *sigh* bash.
03/09/2016 - Dropping x86_64 (aside from my own binaries and some non-Apple compiled ones, like wget:
and instead providing ARMv7k - for WatchOS! So now procexp and jtool work NATIVELY on the Apple Watch! How cool is that????????? Luca - I salute you!
03/10/2016 - Fixed broken links (those happen sometime when I forget to rebuild the universal), as per @avivmuss's request. Added seq and the trivial true/false
08/07/2016 - Fixed /usr/bin/login to be interoperable with MTerminal! (Important, since SSH post Pangu 9.2 is a tad flaky). Also updated my tools (jtool, procexp, jlaunchctl)
09/01/2017 - Updated with iOS 11 compatible SHA-256 hashes, 64-bit only