├── .gitignore ├── Makefile ├── README.mdown ├── Resources └── Info.plist ├── ViewController.h ├── ViewController.m ├── control ├── main.m ├── sudoapp.sh └── sudoapp.template /.gitignore: -------------------------------------------------------------------------------- 1 | _ 2 | *.deb 3 | obj 4 | .DS_Store 5 | .theos -------------------------------------------------------------------------------- /Makefile: -------------------------------------------------------------------------------- 1 | include $(theos)/makefiles/common.mk 2 | 3 | APPLICATION_NAME = crackMe2 4 | crackMe2_FILES = main.m ViewController.m 5 | crackMe2_FRAMEWORKS = UIKit CoreGraphics 6 | 7 | include $(THEOS_MAKE_PATH)/application.mk 8 | 9 | before-package:: 10 | @sh sudoapp.sh 11 | -------------------------------------------------------------------------------- /README.mdown: -------------------------------------------------------------------------------- 1 | how to create a jailbreak iphone app that runs in root permission? 2 | ------------------------------------------------------------------------ 3 | This is a demo shows you how to build a app that can runs in root permission on your jailbreaked iPhone. 4 | 5 | http://ixhan.com 6 | 7 | 8 | -------------------------------------------------------------------------------- /Resources/Info.plist: -------------------------------------------------------------------------------- 1 | { 2 | CFBundleExecutable = "crackMe2"; 3 | CFBundleIconFile = icon.png; 4 | CFBundleIdentifier = "com.xhan.crackme2"; 5 | CFBundleInfoDictionaryVersion = 6.0; 6 | CFBundlePackageType = APPL; 7 | CFBundleSignature = "????"; 8 | CFBundleSupportedPlatforms = ( 9 | iPhoneOS 10 | ); 11 | CFBundleVersion = 1.0; 12 | DTPlatformName = iphoneos; 13 | DTSDKName = iphoneos3.0; 14 | LSRequiresIPhoneOS = 1; 15 | MinimumOSVersion = 3.0; 16 | } 17 | -------------------------------------------------------------------------------- /ViewController.h: -------------------------------------------------------------------------------- 1 | // 2 | // ViewController.h 3 | // crackMe 4 | // 5 | // Created by xhan on 9/27/12. 6 | // Copyright (c) 2012 xhan. All rights reserved. 7 | // 8 | 9 | #import 10 | 11 | @interface ViewController : UIViewController 12 | { 13 | Byte a; 14 | int16_t b; 15 | int32_t c; 16 | int64_t d; 17 | } 18 | @property (retain, nonatomic) IBOutlet UILabel *label; 19 | - (IBAction)onValueAdd:(id)sender; 20 | - (IBAction)onValueUpdate:(id)sender; 21 | @end 22 | -------------------------------------------------------------------------------- /ViewController.m: -------------------------------------------------------------------------------- 1 | // 2 | // ViewController.m 3 | // crackMe 4 | // 5 | // Created by xhan on 9/27/12. 6 | // Copyright (c) 2012 xhan. All rights reserved. 7 | // 8 | 9 | #import "ViewController.h" 10 | 11 | @interface ViewController () 12 | 13 | @end 14 | 15 | @implementation ViewController 16 | @synthesize label = _label; 17 | 18 | - (void)viewDidLoad 19 | { 20 | self.view.backgroundColor = [UIColor grayColor]; 21 | 22 | _label = [[UILabel alloc] initWithFrame:(CGRect){{20,20},{60,20}}]; 23 | [self.view addSubview:self.label]; 24 | { 25 | UIButton*btn = [UIButton buttonWithType:UIButtonTypeRoundedRect]; 26 | btn.frame = (CGRect){{20,80},{44,44}}; 27 | [btn setTitle:@"+" forState:0]; 28 | [btn addTarget:self 29 | action:@selector(onValueAdd:) 30 | forControlEvents:UIControlEventTouchUpInside]; 31 | [self.view addSubview:btn]; 32 | } 33 | { 34 | UIButton*btn = [UIButton buttonWithType:UIButtonTypeRoundedRect]; 35 | btn.frame = (CGRect){{70,80},{44,44}}; 36 | [btn setTitle:@"=" forState:0]; 37 | [btn addTarget:self 38 | action:@selector(onValueUpdate:) 39 | forControlEvents:UIControlEventTouchUpInside]; 40 | [self.view addSubview:btn]; 41 | } 42 | 43 | 44 | [super viewDidLoad]; 45 | a=10; 46 | b=100; 47 | c=1000; 48 | d=10000; 49 | // Do any additional setup after loading the view, typically from a nib. 50 | [self onValueUpdate:nil]; 51 | } 52 | 53 | - (void)didReceiveMemoryWarning 54 | { 55 | [super didReceiveMemoryWarning]; 56 | // Dispose of any resources that can be recreated. 57 | } 58 | 59 | - (void)dealloc { 60 | [_label release]; 61 | [super dealloc]; 62 | } 63 | - (IBAction)onValueAdd:(id)sender { 64 | a += 1; 65 | b += 10; 66 | c += 100; 67 | d += 1000; 68 | [self onValueUpdate:nil]; 69 | } 70 | 71 | - (IBAction)onValueUpdate:(id)sender { 72 | self.label.text = [NSString stringWithFormat:@"%d",a]; 73 | } 74 | @end 75 | -------------------------------------------------------------------------------- /control: -------------------------------------------------------------------------------- 1 | Package: com.xhan.crackme2 2 | Name: crackMe2 3 | Depends: 4 | Version: 0.0.1 5 | Architecture: iphoneos-arm 6 | Description: An awesome application! 7 | Maintainer: xhan 8 | Author: xhan 9 | Section: Utilities 10 | -------------------------------------------------------------------------------- /main.m: -------------------------------------------------------------------------------- 1 | #include "ViewController.h" 2 | @interface crackMe2Application: UIApplication { 3 | UIWindow *_window; 4 | ViewController *_viewController; 5 | } 6 | @property (nonatomic, retain) UIWindow *window; 7 | @end 8 | 9 | @implementation crackMe2Application 10 | @synthesize window = _window; 11 | - (void)applicationDidFinishLaunching:(UIApplication *)application { 12 | _window = [[UIWindow alloc] initWithFrame:[[UIScreen mainScreen] bounds]]; 13 | _viewController = [[ViewController alloc] init]; 14 | _window.rootViewController = _viewController; 15 | [_window makeKeyAndVisible]; 16 | } 17 | 18 | - (void)dealloc { 19 | [_viewController release]; 20 | [_window release]; 21 | [super dealloc]; 22 | } 23 | @end 24 | 25 | int main(int argc, char **argv) { 26 | setuid(0); 27 | setgid(0); 28 | NSAutoreleasePool *p = [[NSAutoreleasePool alloc] init]; 29 | int ret = UIApplicationMain(argc, argv, @"crackMe2Application", @"crackMe2Application"); 30 | [p drain]; 31 | return ret; 32 | } 33 | 34 | // vim:ft=objc 35 | -------------------------------------------------------------------------------- /sudoapp.sh: -------------------------------------------------------------------------------- 1 | project=$(grep APPLICATION_NAME Makefile | awk '{print $3}') 2 | echo "creating root-permission script for: $project" 3 | 4 | mkdir DEBIAN && cd DEBIAN && touch postinst && cd .. 5 | target=DEBIAN/postinst 6 | cp sudoapp.template $target 7 | perl -p -i -e "s,,$project,g" $target 8 | chmod 0555 $target 9 | -------------------------------------------------------------------------------- /sudoapp.template: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | cd "/Applications/.app/" 4 | 5 | # process origin binary 6 | mv _ 7 | chown root.wheel _ 8 | chmod +s _ 9 | 10 | cont=`cat <<"EOF" 11 | #!/bin/bash 12 | dir=$(dirname "$0") 13 | exec "${dir}"/_ "$@" 14 | EOF 15 | ` 16 | # create new fake binary 17 | echo -e "$cont" > 18 | chown root.wheel 19 | chmod +x 20 | --------------------------------------------------------------------------------