Dev:Debugging on iOS 7

To get remote debugging working on iOS 7 and 64-bit devices, see the instructions at debugserver (under "Alternative Instructions (64-bit compatible)").

You may also be interested in this explanation of "how to run lldb if you are familiar with the gdb command set".

You can follow these instructions http://www.peterfillmore.com/2013/01/disabling-aslr-on-individual-ios.html to disable ASLR for a process. This means methods will be at the same addresses as what IDA or Hopper are showing.

State of debuggers on iOS 7
saurik commented on JailbreakQA: The build of GDB from Xcode 4.4 (Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/usr/libexec/gdb/gdb-arm-apple-darwin) can be pseudosigned with ldid and run on a 32-bit device with reasonable success. Apple no longer maintains gdb (as it being GPL would have required them to release source code for it) nor have they released any source code for anything in Xcode 5 (including lldb, and it sounds like for LLVM they are only semi-interested in contributing their ARM64 backend... so we'll have to see on that one...); in essence, we are currently "out of luck" with regards to debugging on 64-bit devices unless someone burns a bunch of time porting or writing a debugger themselves. It sounds like you got close doing remote debugging from Xcode, though: maybe someone (you?) could work on a Substrate extension to whatever is checking process ownership on the device (probably the lldb moral equivalent of gdb-server) and publish instructions on the dev wiki? (edit:) On the remote debugging front, crash-x indicates there might be useful instructions for getting a remote lldb to connect through debugserver in the following presentation: https://speakerd.s3.amazonaws.com/presentations/43ca7dd05d120131795d129291fe58eb/Taking_Advantage_of_the_Runtime.pdf

The information at debugserver is partially based on that presentation.

For details on running gdb and pseudo-signing it with ldid for running on 32-bit devices, see pod2g's instructions, but you'll probably want to use lldb instead.

Class-dumping private frameworks
Since iPhoneOS 3.1, all default (private and public) libraries have been combined into a big cache file to improve performance in /System/Library/Caches/com.apple.dyld/dyld_shared_cache_armX. If you want to class-dump private frameworks you can either install xcode and class-dump the frameworks on your Mac or you can use Limneos' classdump-dyld, which works right on your device: https://github.com/limneos/classdump-dyld

Class-dumping App Store Apps
Since App Store apps are encrypted you cannot simply class dump it. Luckily Limneos created a bunch of cycript scripts that can be loaded into a running process and used to class-dump even encrypted apps.

More details here: http://iphonedevwiki.net/index.php/Cycript_Tricks#Weak_Classdump_.28Cycript_based_class-dump.29