Get the key!

cxb.xm

#include <substrate.h>
#define CROSSxBEATS "/var/mobile/Applications/0211900B-5F61-4E4F-A068-2E53BD1869AE/crossbeatjp.app/crossbeatjp"

void (*__ZN8MtCipher12setKeyStringEPKc)(void *, void *);
MSHook(void, __ZN8MtCipher12setKeyStringEPKc, void *s, void *key) {
    NSLog(@"s = %s, key = %s", (char *)s, (char *)key);
    return __ZN8MtCipher12setKeyStringEPKc(s, key);
}

template <typename Type_>
static void nlset(Type_ &function, struct nlist *nl, size_t index) {
    struct nlist &name(nl[index]);
    uintptr_t value(name.n_value);
    if ((name.n_desc & N_ARM_THUMB_DEF) != 0) {
        value |= 0x00000001;
    }
    function = reinterpret_cast<Type_>(value);
}

MSInitialize {
    if (dlopen(CROSSxBEATS, RTLD_LAZY | RTLD_NOLOAD) != NULL) {
        struct nlist nl[2];
        bzero(&nl, sizeof(nl));
        NSLog(@"Zeroing of nl success");
        nl[0].n_un.n_name = (char *)"__ZN8MtCipher12setKeyStringEPKc";
        NSLog(@"Set n_name to __ZN8MtCipher12setKeyStringEPKc");
        nlist(CROSSxBEATS, nl);
        NSLog(@"nlist() success");
        nlset(__ZN8MtCipher12setKeyStringEPKc, nl, 0);
        NSLog(@"nlset() success");
        MSHookFunction(__ZN8MtCipher12setKeyStringEPKc, MSHake(__ZN8MtCipher12setKeyStringEPKc));
    }
}

MtCipher-setKeyString.S

; MtCipher::setKeyString(char  const*)
; EXPORT __ZN8MtCipher12setKeyStringEPKc
; __ZN8MtCipher12setKeyStringEPKc
PUSH            {R4,R7,LR}
MOV             R4, R0
MOV             R0, R1  ; char *
ADD             R7, SP, #4
STR             R1, [R4,#4]
BLX             _strlen
STR             R0, [R4,#8]
POP             {R4,R7,PC}