Follow the instructions here. I tried building it myself both ways but neither works on iOS 13.4.1 iPad Air 2. The previous version (2.0.3) works, however, it throws some errors. Trying to run inject /usr/bin/Clutch
resulted in broken jb and I had to boot with the volume up key pressed to flush and then - rejailbreak.
`# prerequisites xcode-select --install
# disable SDK code signing requirement killall Xcode cp /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/SDKSettings.plist ~/ sudo /usr/libexec/PlistBuddy -c "Set :DefaultProperties:CODE_SIGNING_REQUIRED NO" /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/SDKSettings.plist sudo /usr/libexec/PlistBuddy -c "Set :DefaultProperties:AD_HOC_CODE_SIGNING_ALLOWED YES" /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS.sdk/SDKSettings.plist
# build. Option 1 xcodebuild clean build
# build. Option 2 mkdir build cd build cmake -DCMAKE_BUILD_TYPE**=Release -DCMAKE_TOOLCHAIN_FILE=../cmake/iphoneos.toolchain.cmake .. make -j$(sysctl -n hw.logicalcpu)# install on iDevice scp ./build/Clutch root@[iDevice.ip]**:/usr/bin/Clutch`
❌ Error: Segmentation error 11 🤔 Why? Somewhere there is a memory access violation like a buffer is to be overflow. ✅ Fix 1: try ulimit -n 512 on iDevice before launching clutch ✅ Fix 2: Launch clutch with root ✅ Fix 3. Try older version
For installation steps see here. For usage see here. Works on its own. Doesn’t laucnch the application.
Doesn’t decrypt everything. Also couldn’t properly install the latest version.
To ensure that the binary was decrypted, I ran:
rabin2 -I **[**my_decrypted_binary**]** | grep "crypto" rabin2 -I **[**my_encrypted_binary**]** | grep "crypto"
The first one is /var/tmp/clutch/GUID/[Bundle_name]/bundle_name
and the second is /var/containers/Bundle/Application/[GUID]/[Bundle_name]/bundle_name
.
In my case, rabin2 (rabin usage here and here) detected both to be valid Mach-O
files (which is an equivalent to PE on Windows systems) and the first one was crypto true
while the second - crypto false
.
NB! The strings appear to be unencrypted. So, you can retrieve strings with rabin2 -z [my_encrypted_binary] . Also, the compilation flags are not affected.
Also, we can test with r2 disassembler to see whether there was any difference.
r2 **[**my_decrypted_binary**]** *# can be disassembled* r2 **[**my_encrypted_binary**]** *# can't be disassembled*