Help with jailbreaking and Cydia for iPhones, iPads, and iPod touches.

Pangu provides an iOS 9.0 untethered jailbreak. TaiG provides an iOS 8.4 and 8.3 untethered jailbreak.
Check @PanguTeam, @taig_jailbreak, @saurik, and /r/jailbreak for news and updates.
You can use Cydia Impactor if you need to un-jailbreak an 8.1-8.4 device without restoring.
Instructions for jailbreaking iOS 8.0-8.4.
Before asking a question, check Frequently Asked Questions to find quick answers!
How to fix some mysterious problems.

Anyone have a working version of GDB or LLDB for iOS 7 for on-device debugging? Is there a tweak that will force Xcode to attach to any process?

Right now it seems like Xcode is very likely to be verifying 'ownership' of any process I attach to. Not mine = failure to connect.

Cycript is working good to get information about Objective C usage but I would like to dig deeper in any PID.

asked 16 Jan '14, 14:18

Tatsh's gravatar image


Hi Tatsh! There aren't many developers who hang out on JailbreakQA. Instead, I'd suggest asking on Stack Overflow or on the #iphonedev IRC channel.

(16 Jan '14, 19:24) britta britta's gravatar image

The build of GDB from Xcode 4.4 ( can be pseudosigned with ldid and run on a 32-bit device with reasonable success. Apple no longer maintains gdb (as it being GPL would have required them to release source code for it) nor have they released any source code for anything in Xcode 5 (including lldb, and it sounds like for LLVM they are only semi-interested in contributing their ARM64 backend... so we'll have to see on that one...); in essence, we are currently "out of luck" with regards to debugging on 64-bit devices unless someone burns a bunch of time porting or writing a debugger themselves. It sounds like you got close doing remote debugging from Xcode, though: maybe someone (you?) could work on a Substrate extension to whatever is checking process ownership on the device (probably the lldb moral equivalent of gdb-server) and publish instructions on the dev wiki?

(edit:) On the remote debugging front, crash-x indicates there might be useful instructions for getting a remote lldb to connect through debugserver in the following presentation:


answered 17 Jan '14, 07:09

saurik's gravatar image

saurik ♦♦

edited 17 Jan '14, 07:10

(I think you get an e-mail if I comment, but not if I edit, so I'm commenting in addition to editing.)

(17 Jan '14, 07:11) saurik ♦♦ saurik's gravatar image

Thank you. I got that version of gdb-arm-apple-darwin going on iOS 7 but it's not quite as good as back on iOS 5 when it showed all the Objective-C stuff (maybe I'm doing something wrong; info functions shows good stuff). I can finally explore in memory whatever I find in Cycript. And hopefully block structures are visible in GDB because that's mostly what I am trying to analyse.

logify only logs the address of the (hopefully) block structure. Cycript understandably cannot really help here as it gets a little lower-level than Objective-C.

I will try and see about modifying to let any process get debugged remotely by LLDB. Now with GDB it should be a little easier to figure out what's going.

(17 Jan '14, 17:23) Tatsh Tatsh's gravatar image

Can you be more clear as to what you are trying to accomplish with blocks that is not possible currently using Cycript? Is it that you want to view the extended layout, just get the type signature, or is there some other more esoteric thing I'm misunderstanding about blocks?

(17 Jan '14, 17:50) saurik ♦♦ saurik's gravatar image

I'm trying to see the code for a block that is a callback to -[NSData enumerateByteRangesUsingBlock:(void (^)(const void *bytes, NSRange byteRange, BOOL *stop)]

(17 Jan '14, 17:57) Tatsh Tatsh's gravatar image

Interesting; I failed to realize I should expose the invocation pointer... I should allow .valueOf() on a block in the same way I do for a lambda. I'll make certain that gets into the new release. Unrelated: do you know who calls it? I usually find it very easy to just walk through the blocks in a disassembler (you always see a load of the isa pointer, and either right above or right below that is generally a PC-relative address that is the code for the block).

(17 Jan '14, 18:01) saurik ♦♦ saurik's gravatar image

It's in a game as part of a decryption of assets routine, during a Blowfish (looks like) handling class.

-[NSData initWithContentsOfFile:@"someFile"]
- [BFCodec decipher:nsdata_ptr]
-[NSData enumerateByteRangesUsingBlock:block_ptr]
(17 Jan '14, 18:34) Tatsh Tatsh's gravatar image

@saurik How would one go about debugging lockdownd or is that simply not possible? I run the debugserver as root, hooking onto lockdownd but when I do this the debugserver segfaults (lockdownd lives through this).

(21 Jan '14, 21:31) Tatsh Tatsh's gravatar image


I have updated some info on how to get the debugserver going: and


answered 17 Jan '14, 17:47

crashx's gravatar image


Your answer: (please use the "add new comment" button unless you are actually answering the original question)
toggle preview

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text]( "Title")
  • image?![alt text](/path/img.jpg "Title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported



Asked: 16 Jan '14, 14:18

Seen: 7,682 times

Last updated: 21 Jan '14, 21:31

JailbreakQA is by chpwn and comex.
About JailbreakQA. Powered by OSQA.