iOS 13 arm64e support is broken

[jack980517]

Apparently the arm64e identifier changed between iOS 13 and iOS 14: https://www.reddit.com/r/jailbreak/comments/rk7n8l/help_diskprobe_error_incompatible_cpusubtype/hp93y9x/

I encountered the same message as the OP in the linked post. Googling led me to that post.

iPhone SE 2
iOS 13.7
unc0ver 6.0.0

[dlevi309]

Download this python script and make sure you grab the entitlements from fouldecrypt before you run the tool. These are the steps:
ldid -e fouldecrypt > ent.xml (for the entitlements backup)
python3 cpu-swipe.py fouldecrypt
you should get a message says it’s been converted successfully to the old format
ldid -Sent.xml fouldecrypt
then you should be good.

here’s the script: https://gist.github.com/dlevi309/cdde58d749bbce5c070ced56af510997

[jack980517]

@dlevi309 I looked up the Mach-O specs. Your script only works with thin executables, not fat ones. The executable provided by Misty is fat. I tried changing the CPU subtype and then run ldid, but the version of ldid on iOS changes it back to 80000002, so what you said won't work anyway. To make things worse, the version of lipo on iOS doesn't recognize arm64e, so I can't even thin it to arm64e.

If I thin it to arm64, the system now complains that code signature invalid for '/usr/lib/libkrw.0.dylib'.

[dlevi309]

@jack980517 why not run lipo fouldecrypt -thin arm64e -output fouldecrypt.arm64e ? and what version of lipo are you running? it works for me just fine

[dlevi309]

and if you’re on iOS 13.7, you should be using the tfp0 version of fouldecrypt, you don’t need to use the libkrw version

[jack980517]

@dlevi309

To make things worse, the version of lipo on iOS doesn't recognize arm64e, so I can't even thin it to arm64e.

Here's what happens if I specify arm64e:

error: lipo: unknown architecture specification flag: arm64e in specifying thin operation: -thin arm64e
lipo: known architecture flags are: any little big ppc64 x86_64 x86_64h arm64 ppc970-64 ppc i386 m68k hppa sparc m88k i860 veo arm ppc601 ppc603 ppc603e ppc603ev ppc604 ppc604e ppc750 ppc7400 ppc7450 ppc970 i486 i486SX pentium i586 pentpro i686 pentIIm3 pentIIm5 pentium4 m68030 m68040 hppa7100LC veo1 veo2 veo3 veo4 armv4t armv5 xscale armv6 armv6m armv7 armv7f armv7s armv7k armv7m armv7em arm64v8

I have tried all three versions of ldid I can find in Cydia. All have the same behavior of changing the subtype back to 80000002.

• repo: apt.bingner.com
• package name: ldid
• friendly name: Link Identity Editor

• repo: tigisoftware.com/cydia
• package name: am.ldid
• friendly name: ldid for Apps Manager

• repo: repo.packix.com
• package name: org.coolstar.ldid
• friendly name: ldid (CoolStar Standalone Fork)

I don't know anything about tfp0 and libkrw. I'm just using the binary shipped by Misty, in Misty's repo, and it's identical to the one in the releases section of this repo. And I don't have a Mac so I can't compile (or use a better version of ldid and/or lipo).

[jack980517]

Sorry, confused ldid and lipo for a bit there. For lipo I used CoolStar's build, available on BigBoss as org.coolstar.cctools.

[dlevi309]

Sorry, confused ldid and lipo for a bit there. For lipo I used CoolStar's build, available on BigBoss as org.coolstar.cctools.

it’s okay, and that one’s super old, install the one available on sbingners repo (also named Darwin CC Tools) and you should be able to thin arm64e

[jack980517]

Yep, just found that out. I was just used to installing that one, as it was better than the one in the Saurik repo in the old jailbreaks.

New problem:

$ ./test2
dyld: Library not loaded: /usr/lib/libkrw.0.dylib
  Referenced from: /private/var/mobile/./test2
  Reason: no suitable image found.  Did find:
        /usr/lib/libkrw.0.dylib: arm64 dylibs cannot be loaded into arm64e processes
        /usr/lib/libkrw.0.dylib: arm64 dylibs cannot be loaded into arm64e processes
        /usr/lib/libkrw.0.dylib: arm64 dylibs cannot be loaded into arm64e processes
        /usr/lib/libkrw.0.dylib: arm64 dylibs cannot be loaded into arm64e processes
Abort trap: 6

[dlevi309]

Yep, just found that out. I was just used to installing that one, as it was better than the one in the Saurik repo in the old jailbreaks.

New problem:

$ ./test2
dyld: Library not loaded: /usr/lib/libkrw.0.dylib
  Referenced from: /private/var/mobile/./test2
  Reason: no suitable image found.  Did find:
        /usr/lib/libkrw.0.dylib: arm64 dylibs cannot be loaded into arm64e processes
        /usr/lib/libkrw.0.dylib: arm64 dylibs cannot be loaded into arm64e processes
        /usr/lib/libkrw.0.dylib: arm64 dylibs cannot be loaded into arm64e processes
        /usr/lib/libkrw.0.dylib: arm64 dylibs cannot be loaded into arm64e processes
Abort trap: 6

So I got the version of fouldecrypt that should run for you and have attached it here fouldecrypt.tar.gz, I’d just extracted it from this project, although if it doesn’t work and you want my advice, since you’re on iOS 13 you might as well just use flexdecrypt 🤷🏻‍♂️

and I was looking around about the libkrw issue, apparently the latest version is broken for arm64e on iOS 13.

[jack980517]

flexdecrypt doesn't work for some apps:

2022-02-19 17:18:26.945 flexdecrypt[1334:29766] thread_get_state error: 0x4 (os/kern) invalid argument
Error: message("Failed to find executable address")

Which is why I'm looking for alternative solutions. It's really a pain to find dumping solutions on iOS 12 and up that are easy to use and work reliably.

[dlevi309]

Did the version I send end up working for you?

[jack980517]

It does run and dump apps, even those that flexdecrypt can't decrypt.