Skip to content
/ LiveContainer Public
forked from khanhduytran0/LiveContainer

Run unsigned iOS app without actually installing it!

License

Apache-2.0 license
2 stars 186 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

Spidy123222/LiveContainer

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

59 Commits
.github/workflows
.github/workflows
 
 
Resources
Resources
 
 
fishhook @ 3320300
fishhook @ 3320300
 
 
.gitignore
.gitignore
 
 
.gitmodules
.gitmodules
 
 
AppInfo.h
AppInfo.h
 
 
AppInfo.m
AppInfo.m
 
 
FixCydiaSubstrate.c
FixCydiaSubstrate.c
 
 
LCAppDelegate.h
LCAppDelegate.h
 
 
LCAppDelegate.m
LCAppDelegate.m
 
 
LCConfigTableViewController.h
LCConfigTableViewController.h
 
 
LCConfigTableViewController.m
LCConfigTableViewController.m
 
 
LCGuestAppConfigViewController.h
LCGuestAppConfigViewController.h
 
 
LCGuestAppConfigViewController.m
LCGuestAppConfigViewController.m
 
 
LCRootViewController.h
LCRootViewController.h
 
 
LCRootViewController.m
LCRootViewController.m
 
 
LICENSE
LICENSE
 
 
MBRoundProgressView.h
MBRoundProgressView.h
 
 
MBRoundProgressView.m
MBRoundProgressView.m
 
 
Makefile
Makefile
 
 
README.md
README.md
 
 
UIKitPrivate.h
UIKitPrivate.h
 
 
control
control
 
 
dyld_bypass_validation.m
dyld_bypass_validation.m
 
 
entitlements.xml
entitlements.xml
 
 
main.m
main.m
 
 
unarchive.h
unarchive.h
 
 
unarchive.m
unarchive.m
 
 
utils.h
utils.h
 
 
utils.m
utils.m
 
 

Repository files navigation

LiveContainer

Run unsigned iOS app without actually installing it!

  • Allows you to install unlimited apps (10 apps limit of free developer account do not apply here!)
  • Codesigning is entirely bypassed (requires JIT), no need to sign your apps before installing.

Building

export THEOS=/path/to/theos
git submodule init
git submodule update
make package

Usage

Requires SideStore; AltStore does not work because it expects the app opened before enabling JIT.

  • Build from source or get prebuilt ipa in the Actions tab
  • Open LiveContainer, tap the plus icon in the upper right hand corner and select IPA files to install.
  • Choose the app you want to open in the next launch.
  • Tap the play icon, it will jump to SideStore and exit.
  • In SideStore, hold down LiveContainer and tap Enable JIT. If you have SideStore build supporting JIT URL scheme, it jumps back to LiveContainer with JIT enabled and the guest app is ready to use.

How does it work?

Patching guest executable

  • Patch __PAGEZERO segment:
    • Change vmaddr to 0xFFFFC000 (0x100000000 - 0x4000)
    • Change vmsize to 0x4000
  • Change MH_EXECUTE to MH_DYLIB.

Patching @executable_path

  • Call _dyld_get_image_name(0) to get image name pointer.
  • Overwrite its content with guest executable path.

Patching NSBundle.mainBundle

  • This property is overwritten with the guest app's bundle.

Bypassing Library Validation

dlopening the executable

  • Call dlopen with the guest app's executable
  • Find the entry point
  • Jump to the entry point
  • The guest app's entry point calls UIApplicationMain and start up like any other iOS apps.

Limitations

  • Entitlements from the guest app are not applied to the host app. This isn't a big deal since sideloaded apps requires only basic entitlements.
  • App Permissions are globally applied.
  • Guest app containers are not sandboxed. This means one guest app can access other guest apps' data.
  • arm64e executable is untested. It is recommended to use arm64 binary.
  • Only one guest app can run at a time. This is much more like 3 apps limit where you have to disable an app to run another (switching between app in LiveContainer is instant).
  • Remote push notification might not work. If you have a paid developer account then you don't even have to use LiveContainer
  • Querying URL schemes might not work(?)

TODO

  • Isolating NSFileManager.defaultManager and NSUserDefaults.userDefaults
  • Auto lock orientation
  • Simulate App Group(?)
  • More(?)

License

Apache License 2.0

Credits

About

Run unsigned iOS app without actually installing it!

Resources

Readme

License

Apache-2.0 license
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

1 tags

Packages

No packages published

Languages

  • Objective-C 96.3%
  • Makefile 2.1%
  • C 1.6%