IOS Scripts

1. This assume you have the following already done and possible:
2. Have Mitmproxy setup on computer.
3. Have Frida installed on device.
4. SSL Unpin on Dokkan (what ever the version that the same)
5. Shadow (or jailbreak hider for Dokkan japan)
6. A way to handle packet yourself with mitmproxy.
7.  
8. What this will do :
9. Add SSH to the device (change default password for root as it will always be alpine, if that a device that never leave home and you do not care you can skip changing password but for good practice you should)
10. Add few shortcuts / commands for SSH (Nimbus)
11. Add AutoTouch software (ability to script things like tap here or here launch this or this app)
12. Add Activator software (This one is used both by SSH command (home button/lock/unlock and power button.) and autotouch, this software be the one to trigger the script to be launched)
13. You will need 3 unused app (in this example I will use 3 app included on ios 13 and more. but can be anything till you know their bundleID (don't use Dokkan as well this example will run dokkan so it would double run the script and make a nice loop ...)
14.  
15. Okay so let install stuff required :
16. Both Activator and OpenSSH are free and can be found on generic Cydia source.
17. So install them
18. For AutoTouch you need a crack app (except if you wanna pay for it that as you wish.)
19. You will need to add a source into Cydia (or sileo if that even work there) to download it :
20. Paid version : http://apt.bingner.com/
21. Cracked version : http://www.classic.net/
22. Add one of these and search for AutoTouch (blue icon with lightblue circle in it like home button icon.)
23.  
24. Now the trickiest part:
25. Installing Nimbus.
26. To do that on Device go on that github (or send file in device with FTP or something as you prefer)
27. https://github.com/ArtikusHG/nimbus/
28. There you will see a file "nimbus"
29. Add this file into
30. ```/usr/bin/```
31. now give it perm 777 (connect into device with SSH with username root and your password (default : alpine) and do chmod 777 /usr/bin/nimbus
32. Now in ssh if you do
33. ```nimbus help```
34. it should show you list of added shortcuts.
35.  
36. Now we can start the fun :
37. We will create our 4 Triggers
38. Detect when certain apps is launched (do use these 3 scripts)
39. Open Activator.
40. Select "Anywhere" menu (top)
41. in Anywhere on top right menu tap "Build Events"
42. Then Application Launch
43. then select your apps that will trigger your script later on.
44. Also for one of these App (for me Health)
45. Once you have pressed Save to save the trigger get back in Anywhere list and seatch for Launch Your_app
46. Assign "lock/unlock" to it
47. the rest of lauch trigger will be made for AutoTouch.
48. For me that :
49. #Health ----> com.apple.Health -----------> lock/unlock device.
50. #Shortcuts -> com.apple.shortcuts --------> Dump Dokkan GLB Tokens.
51. #Files -----> com.apple.DocumentsApp -----> Dump Dokkan JPN Tokens.
52. #Wallet ----> com.apple.Passbook ---------> Dump Dokkan GLB&JPN Tokens
53. Now you can close Activator.
54.  
55. Launch one time AutoTouch and close it
56. Now drag and drop these scripts :
57. https://www.baoulettes.fr/Uploads/j1jtk65q5pwh2494mhawzg25j.zip
58.  
59. into your device in this path :
60. ```/var/mobile/Library/AutoTouch/Scripts/```
61. it should decompress 3 folders
62. ```DumpDokkanToken_both.at
63. DumpDokkanToken_glb.at
64. DumpDokkanToken_jpn.at```
65.  
66. Now you can open again AutoTouch and see it have your script.
67. If you tap on the name of the script you can see it's content
68. for example let see what both version do. (I brievly commented it)
69. Once you tap it you see twi js files one index and one worker
70. The one I modified is worker.
71. tape on it to see it's content
72. Change Health bundle id if you use another trigger app for Lock/Unlock and this for all 3 script.
73. to test a Script go back to AutoTouch Main menu to see your 3 script.
74. Press the play arrow and it should instantly launch the game you wanted.
75. And do the press for you so in short it should be okay to continue.
76. If that do not work properly you may need to tweak usleep delay.
77.  
78. If that work fine let continue and link the script to app launch.
79. in your script list press "i" in circle next to play arrow of your script.
80. Select "Playing Settings"
81. Then in the next menu select Custom Trigger with Activator
82. Now you can select your "Launch YourApp"
83. Do that for both your scripts.
84. And to check if that working manually launch that app and see how it perform if that perform well you can now use SSH power to launch your app.
85.  
86. Now to test everything:
87. Lock you device for 30s
88. Connect to it with SSH
89. and send this command :
90. ```nimbus powerbutton```
91. it should bring it back from sleep mode. if not OpenSSH or Nimbus not properly installed.
92. If that work fine you can now use two command to unlock it (I will not make it in one lione so you can see the process)
93. ```nimbus powerbutton
94. nimbus home```
95. This should fully unlock your device from sleep (disable any passcode to do so else that too tricky but you could still make a scrippt that enter the password itself.)
96. and now you can launch your app with this command :
97. ```nimbus open com.apple.shortcuts```
98. Now change the bundle id to what you wish.
99. If everything is okay you can create a discord bot or anything to trigger these ssh command for my use I use this discord bot :
100.  
101. -----------------------------------------------------------------------------------------------------------------------------------
102. import os
103. import time
104. import discord
105. import asyncio
106. from pexpect import pxssh
107. WebHookCID = 111111111111111 #Channel ID
108. Discord_BotID = "App -> bot -> token" #something like oeruidRDSfsd.YhQwxA.sdfcc-ssd574541cvs8d <- random.
109. SSH_IP = "192.168.1.36" #Device local ip to go in (in cydia both Activator/Nimbus/OpenSSH should be install
110. SSH_PSW = "alpine"
111. SSH_User = "root"
112. #com.apple.Health -----------> Lock/Unlock.
113. #com.apple.shortcuts --------> Dump Dokkan GLB Tokens.
114. #com.apple.DocumentsApp -----> Dump Dokkan JPN Tokens.
115. #com.apple.Passbook ---------> Dump Dokkan GLB&JPN Tokens
116.  
117. class MyClient(discord.Client):
118. async def on_ready(self):
119. print('Logged on as', self.user)
120.  
121. async def on_message(self, message):
122. # don't respond to ourselves
123. if message.author == self.user:
124. return
125. if (message.channel.id == WebHookCID):
126. if message.content == 'glb':
127. await message.channel.send("Loading Dokkan GLB for Token")
128. s = pxssh.pxssh()
129. s.login (SSH_IP, SSH_User, SSH_PSW)
130. s.sendline ('nimbus powerbutton')
131. s.sendline ('nimbus home')
132. s.sendline ('nimbus open com.apple.shortcuts')
133. s.logout()
134. s.close()
135. await message.channel.send("Your tokens should be there in some seconds. (sleeping for 5 minutes.)")
136. time.sleep(300)
137. if message.content == 'jpn':
138. await message.channel.send("Loading Dokkan JPN for Token")
139. s = pxssh.pxssh()
140. s.login (SSH_IP, SSH_User, SSH_PSW)
141. s.sendline ('nimbus powerbutton')
142. s.sendline ('nimbus home')
143. s.sendline ('nimbus open com.apple.DocumentsApp')
144. s.logout()
145. s.close()
146. await message.channel.send("Your tokens should be there in some seconds. (sleeping for 5 minutes.)")
147. time.sleep(300)
148. if message.content == 'both':
149. await message.channel.send("Loading Dokkan both version for Token")
150. s = pxssh.pxssh()
151. s.login (SSH_IP, SSH_User, SSH_PSW)
152. s.sendline ('nimbus powerbutton')
153. s.sendline ('nimbus home')
154. s.sendline ('nimbus open com.apple.Passbook')
155. s.logout()
156. s.close()
157. await message.channel.send("Your tokens should be there in some seconds. (if you need only GLB or JPN token use corresponding commands (glb for Global version and jpn for Japanese version.)) (sleeping for 5 minutes.)")
158. time.sleep(300)
159. if message.content == 'usage':
160. await message.channel.send('Type "glb", "jpn" or "both" to have corresponding Token (Please do not spam, only one request per 5min. if you need both use both else you will have to wait 5 minutes.)')
161.  
162. print('Starting Dokkan Token Discord Bot')
163. client = MyClient()
164.  
165. client.run(Discord_BotID)