MarzSyndrome, on 29 January 2012 - 08:19 PM, said:
Well I've tried many times to get the hang of that guide, but just can't make head nor tail of it. Not to mention many similar sites I've come across seem to concentrate wholly on decrypting executables when that's not what I'm after. =P
Anyone with an iPhone/iPad and programming knowledge able to help out?
Most people with iPhone/iPad programming knowledge will NOT be able to help out. Using GDB on jailbroken devices is nothing like using the GDB debugger via XCode. The biggest difference is anyone who is doing development is going to have source level debugging, which you're not going to get loading someone else's binaries up. You're limited to direct memory address dumps and breakpoints. Regardless, I took the time to learn this side of things when Sonic CD came out, which is how I got a couple of the ogg's out a week before Glitch released his extractor. (He beat me to that part, since I only had the decryption part of it done when he released his tool) So here is some information that may or may not help you.
In an ideal world, you could just dump everything and look through the complete dump. The problem with GDB is that you need as much memory free as you want to dump. If you want to dump 12MB of RAM, 12MB needs to be free. I was using a jailbroken 1st gen iPod touch running iOS 3, because 4 and up have address layout randomization and iOS 3 didn't have that yet. (I'm not sure if this is a problem on jailbroken iOS 4+ devices or not.) But the 1st gen devices have only 128MB of ram, so any time I tried to dump more than a few megs of RAM either the device would freeze or the game would crash and you wouldn't be able to resume from the current breakpoint. What I ended up doing to get the music from memory was dumping the decrypted executable by following those instructions, then I loaded that dump into IDA (the free version will do, it supports iPhone executables) and found the relevant code that loads and decrypts data. Then I set a breakpoint after a file had been decrypted and looked at the address in the stack pointing at where the data had been decrypted to. That helped me isolate the 1MB or so I needed to dump.
If you have a newer device, you might just be able to dump random regions to find what you're looking for, provided there is enough memory free.
The "mach-regions" command will list every memory region in use by the application running. There will be many of them. Just go ahead and dump each region one by one until you find what you're looking for inside one of the dumps. It's very likely that what you're looking for will be somewhere in the first ~15 regions. I found that with Sonic CD, the higher regions just seemed to have OS level stuff for frameworks the game linked against, whereas the lower regions were the game's actual heap.
Does that help? Don't dump outside of the valid regions listed by the "mach-regions" command, the device usually locks up when you try to do that.