Frida-based ceserver.iOS analysis is possible with Cheat Engine.

Last update: Dec 30, 2022

Related tags

Third-party APIs Wrappers frida-ceserver

Overview

frida-ceserver

frida-based ceserver.
iOS analysis is possible with Cheat Engine.

Original by Dark Byte.

Usage

Install python library.

pip install packaging

Install frida on iOS.

python main.py Cydia

# or

python main.py com.saurik.Cydia

Then, connect to the Cheat Engine in network mode.

The debugger is not available!

Extended function

Run the frida javascript code from within AutoAssembler.

If a string is written to an address between 0 and 100, it will be interpreted as frida javascript code and executed.
The address is also mapped to a script number.
If you write "UNLOAD" with the same number, the script will be canceled.

{$lua}
[enable]
local jscode = [[
console.log("HELLO,WORLD!");
]]
writeString(0,jscode)
[disable]
writeString(0,[[UNLOAD]])

BinUtils

ARM64 Disassembler/Assembler

By default, Cheat Engine does not implement the ARM64 disassembler.
This can be supported by using the extension BinUtils.
Download android-ndk, change path_to_android_ndk in the script below to the destination and put it in the autorun folder.
Select View->BinUtils->ARM64 BinUtils to change the disassembly to ARM64.

local arm64config={}
arm64config.Name="ARM64"
arm64config.Description="BinUtils"
arm64config.Architecture="aarch64"
arm64config.Path=[[path_to_android_ndk\toolchains\aarch64-linux-android-4.9\prebuilt\windows-x86_64\bin]]
arm64config.Prefix="aarch64-linux-android-"
registerBinUtil(arm64config)

Config

target

If you specify it, you don't need to specify the name of the target app in the argument.

isMobile

0:Linux
1:Android or iOS

mode

spawn is only valid for mobile device.
0:spawn
1:attach

arch

0:i386
1:x86_64
2:arm
3:aarch64

fix_module_size

It is not possible to get the exact size of some modules in iOS.
In this case, the module size will be corrected to the actual file size in order to get a larger module size.
true:Enable the above function
false:Disable the above function

ceversion

Specify the version of the cheat engine itself.
Since the part related to communication between the main unit and the ceserver differs depending on the version, the setting is necessary.

Comments

Debugger support on iOS
The debugger is currently in a testing state and bugs may exist.

config.ini

{ "target": "", "targetOS": "ios", "mode": "attach", "arch": 1, "fix_module_size": false, "ceversion": "7.4", "manualParser": false, "javaDissect": false, "frida_server_ip":"", "native_ceserver_ip": "192.168.x.x:52734", "debugserver_ip": "192.168.x.x:1234", "custom_symbol_loader": "" }

arch must be 1. This must be set to x64 because Cheat Engine does not support arm64.

Configure BinUtils and set disassembler to arm64.

Run debugserver on iOS.

./debugserver 0.0.0.0:1234

native_ceserver must also be run. This is because frida's own memory read/write must hit a breakpoint.

Only arm64 devices are supported. Currently only 「find out what writes to this address」 and「find out what accesses this address」are valid. Have fun!

enhancement
opened by DoranekoSystems 23
Doesn't work on my device

Doesn't work on my device, the Python version I'm using is 3.8.2 and the Frida version is 14.2.14.

Can you tell me which version of Python and Frida you are using?

Thank you, brother.

opened by 6ag 22
Could you possibly give me the 7.4.1 Cheat Engine that you use?

I know that you said that you must compile the cheat engine to be able to use the debugger. Can you please give me the cheat engine that you use and maybe zip the folder and upload it to here? You would help me so much! Thanks!

opened by Thekidiacs 10
PointerScanning doesn't work sadly

I'm running an iPad air 4th generation on iOS 14.2. I was trying to cheat in a game and I found the values I needed but when I ran the pointerscan on the process "self" it didn't show any results after taking forever to generate the pointermap. I am so happy you created this project because I am praying that you will eventually get the debugger to work as well as pointer scanning. For years I have been hoping for a ceserver port of the real "Cheat Engine" on iOS. I hope you can maybe help me with this as I really think this is awesome what you made!

opened by Thekidiacs 7
How to embed so file into apk

Hi I saw on discord you saying that if ptrace is enabled in game you need to embed the ceserver so file into the apk. Do I need external tools to be able to do that? And if so which one? Thanks.

opened by Thekidiacs 2
ssh_auto error

HI, so I am trying to use the latest version with and it appears the ssh implementation is causing an error. This is the full log Traceback (most recent call last): File "main.py", line 153, in main(None, pid) File "main.py", line 56, in main ssh_auto = config["ssh_auto"] KeyError: 'ssh_auto' The previous commit before the ssh implementation worked fine with the debugger.

opened by Thekidiacs 1
Improved memory search speed on Android & iOS
3d03a6e4811a124c7481b6b4d6697255ca59c3cd

Android & iOS

config.toml custom_read_memory = true to enable it.

Eliminate memory leaks (probably).

Improved memory search speed (about 200%)

The above could have been achieved without using the native ceserver.
opened by DoranekoSystems 0

Owner

GitHub

A cs:go cheat/hack made in Python3.

Atomic ?? Cheat for cs:go written in Python. Features. Glow Esp No Flash Bunny Hop Third Person To-Do. It is prefered to start the cheat when you are

6 Feb 12, 2022

This python cheat utilizes PyMeow, PyMem, and others to enhance your CS:GO experience ;).

CSGO-Python-Cheat This python cheat utilizes PyMeow, PyMem, and others to enhance your CS:GO experience ;). Features Esp Tracers Chams (More to come)

1 Nov 30, 2021

Sunflower-farmers-automated-bot - Sunflower Farmers NFT Game automated bot.IT IS NOT a cheat or hack bot

Sunflower-farmers-auto-bot Sunflower Farmers NFT Game automated bot.IT IS NOT a

17 Nov 9, 2022

A Discord bot that automatically saves SHSH blobs for all of your iOS devices.

AutoTSS AutoTSS is a Discord bot that automatically saves SHSH blobs for all of your iOS devices. Want a CLI automatic blob saver? Check out AutoTSS-c

79 Dec 13, 2022

An API that uses NLP and AI to let you predict possible diseases and symptoms based on a prompt of what you're feeling.

Disease detection API for MediSearch An API that uses NLP and AI to let you predict possible diseases and symptoms based on a prompt of what you're fe

1 Jan 15, 2022

Autodrive is designed to make it as easy as possible to interact with the Google Drive and Sheets APIs via Python

Autodrive Autodrive is designed to make it as easy as possible to interact with the Google Drive and Sheets APIs via Python. It is especially designed

1 Oct 2, 2021

Senexia - A powerful telegram bot to manage your groups as effectively as possible

⚡ Kenechi bot ⚡ A Powerful, Smart And Simple Group Manager ... Written with AioG

2 Jan 11, 2022

A simple bot which using an API , detects reported discord scams and kicks the user if possible while deleting the message

3 Nov 16, 2022

OpenQuake's Engine for Seismic Hazard and Risk Analysis

OpenQuake Engine The OpenQuake Engine is an open source application that allows users to compute seismic hazard and seismic risk of earthquakes on a g

281 Dec 21, 2022

Fully Dockerized cryptocurrencies Trading Bot, based on Freqtrade engine. Multi instances.

Cryptocurrencies Trading Bot - Freqtrade Manager This automated Trading Bot is based on the amazing Freqtrade one. It allows you to manage many Freqtr

47 Dec 6, 2022

A Python library for the Docker Engine API

Docker SDK for Python A Python library for the Docker Engine API. It lets you do anything the docker command does, but from within Python apps – run c

6.1k Jan 3, 2023

Tesseract Open Source OCR Engine (main repository)

Tesseract OCR About This package contains an OCR engine - libtesseract and a command line program - tesseract. Tesseract 4 adds a new neural net (LSTM

48.3k Jan 5, 2023

A website application running in Google app engine, deliver rss news to your kindle. generate mobi using python, multilanguages supported.

Readme of english version refers to Readme_EN.md 简介这是一个运行在Google App Engine(GAE)上的Kindle个人推送服务应用，生成排版精美的杂志模式mobi/epub格式自动每天推送至您的Kindle或其他邮箱。此应用目前的主要

2.6k Jan 6, 2023

All in one Search Engine Scrapper for used by API or Python Module. It's Free!

All in one Search Engine Scrapper for used by API or Python Module. How to use: Video Documentation Senginta is All in one Search Engine Scrapper. Wit

33 Nov 21, 2022

domhttpx is a google search engine dorker with HTTP toolkit built with python, can make it easier for you to find many URLs/IPs at once with fast time.

domhttpx is a google search engine dorker with HTTP toolkit built with python, can make it easier for you to find many URLs/IPs at once with fast time

59 Dec 4, 2022

A Python interface between Earth Engine and xarray for processing weather and climate data

wxee What is wxee? wxee was built to make processing gridded, mesoscale time series weather and climate data quick and easy by integrating the data ca

160 Dec 31, 2022

Elkeid HUB - A rule/event processing engine maintained by the Elkeid Team that supports streaming/offline data processing

61 Dec 29, 2022

Grape - A webbrowser with its own Search Engine

Grape ?? A Web Browser made entirely in python. Search Engine ?? Installation: F

2 Sep 6, 2022

Explorer is a Autonomous (self-hosted) Bittorrent Network Search Engine.

Explorer Explorer is a Autonomous (self-hosted) Bittorrent Network Search Engine. About The Project Screenshots Supported features Number Feature 1 DH

51 Jun 14, 2022