Skip to content

Instantly share code, notes, and snippets.

@tonycoco

tonycoco/jit.md

Last active January 2, 2026 14:20
Show Gist options

  • Select an option

    Learn more about clone URLs
  • Save tonycoco/66b08eea237ff64bf7becb54afb2e04d to your computer and use it in GitHub Desktop.

Select an option

Learn more about clone URLs
Save tonycoco/66b08eea237ff64bf7becb54afb2e04d to your computer and use it in GitHub Desktop.
Download ZIP
Enable JIT on iOS and tvOS from the command line
Raw
jit.md

Install https://github.com/doronz88/pymobiledevice3.

Get your device's UUID:

xcrun xctrace list devices

Mount the disk image:

sudo pymobiledevice3 mounter auto-mount

Start the tunnel:

sudo pymobiledevice3 remote start-tunnel --script-mode

Keep the tunnel running. Open the app you are trying to enable JIT on your device. Keep the screen alive.

Now, paste the output of that command as the RSD connection to start a debug server:

sudo pymobiledevice3 developer debugserver start-server --rsd <YOUR_CONNECTION_DETAILS>

Get the PID:

sudo pymobiledevice3 processes pgrep <YOUR_APP_NAME> --udid <YOUR_UUID>

Open lldb to start debugging:

lldb

Run the following commands:

(lldb) platform select remote-ios
(lldb) process connect connect://<YOUR_CONNECTION_DETAILS>
(lldb) settings set target.memory-module-load-level minimal
(lldb) attach -p <YOUR_PID>
(lldb) detach
(lldb) exit
@iiasceri
Copy link

iiasceri commented Apr 18, 2025

If you're using AltStore you can just make sure you install the dependencies to the Python install that Xcode uses:

/Applications/Xcode.app/Contents/Developer/usr/bin/python3 -m pip install -U pymobiledevice3==2.30.0 construct==2.10.69 qh3==0.15.1

Guys don't do this just execute with python3 no path needed if you installed it via homebrew also if you see anny erros just do: 'pip3 install [insertMissingDependency]'

@TimPGamer
Copy link

TimPGamer commented Jan 2, 2026

[Update for newer IOS/IPadOS]
I used IPadOS 26

Install https://github.com/doronz88/pymobiledevice3.

Get your device's UUID:

xcrun xctrace list devices

Mount the disk image:

sudo pymobiledevice3 mounter auto-mount

Start the tunnel:

sudo pymobiledevice3 lockdown start-tunnel --script-mode

Keep the tunnel running. Open the app you are trying to enable JIT on your device. Keep the screen alive.

Now, paste the output of that command as the RSD connection to start a debug server:

sudo pymobiledevice3 developer debugserver start-server --rsd <YOUR_CONNECTION_DETAILS>

Get the PID:

sudo pymobiledevice3 processes pgrep <YOUR_APP_NAME> --udid <YOUR_UUID>

Open lldb to start debugging:

lldb

Run the following commands:

(lldb) platform select remote-ios
(lldb) process connect connect://<YOUR_CONNECTION_DETAILS>
(lldb) settings set target.memory-module-load-level minimal
(lldb) attach -p <YOUR_PID>
(lldb) detach
(lldb) exit

Footnotes:

  • in lldb when using connect u need to use "[your-address]:port" with the brackets being part of the address.
  • connection type tcp is no longer accepted (idk why)
  • since ios 17.4 lockdown is available to use, says pymobiledevice3 in their docs, but from my knowledge it is required now (thats why i use "lockdown start-tunnel" not "remote start tunnel")
  • in lldb after "attach" i had to use the command "continue" to continue the app. Also i did not detach. But that is optional

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment