They are great tools to start learning the internals of an iOS application and some of the bugs developers have introduced in the past, but I think many of the issues shown there are just theoretical or impractical and can be compared to a " self-hack ".
I wanted to show vulnerabilities that can harm the company who created the application or its end users. Skip to content. Star 2. Branches Tags. Could not load branches. Could not load tags. Latest commit. Git stats 19 commits. Failed to load latest commit information.
View code. One more thing you should pay special attention to before you learn how to reverse engineer a macOS or iOS app is the architecture it was designed for. Modern desktop devices usually use x CPUs. Knowledge of instruction sets is important when reverse engineering algorithms.
Nowadays, all system frameworks and dynamic libraries are merged into a single file called the shared cache. These are the basic things you need to know about before doing any reverse engineering. Below are standard command-line tools for reverse engineering iOS and macOS apps.
These tools are available out of the box on Mac:. The program has a free evaluation version with limited functionality. MachOView is a utility that works similarly to the otool and nm console tools.
The key difference is that MachOView does have a GUI, so you can browse the structure of mach-o files in a more comfortable way. In fact, MachOView was used to make most of the screenshots you see in this article. Class-dump is a free command-line utility for analyzing the Objective-C segment of mach-o files. With class-dump, you can get pretty much the same information as from otool but in the form of standard Objective-C declarations.
In particular, class-dump creates declarations for classes, categories, and protocols. Hopper is an interactive tool for disassembling, decompiling, and debugging software and applications. Similarly to IDA, Hopper has a free version with a limited set of features in addition to a paid version. Hopper was designed for Linux and macOS and works best for retrieving Objective-C specific information from the analyzed binary. When extracting data, the utility saves the locations and original names of all extracted objects.
Ghidra is an open-source reverse engineering framework provided by the NSA. It supports macOS, Windows, and Linux. It can be customized with the help of scripts and plugins written in Java or Python.
Read also: 9 Best Reverse Engineering Tools for Within this article, we focus on the peculiarities of reverse engineering solutions written in Objective-C and Swift. It relies on a specific C runtime, which somewhat simplifies the process of reverse engineering.
This example demonstrates the basics of object allocation and messaging. Every call to every method is performed by calling the runtime:. One of the best ways to understand the behaviour of an iOS app is to read the interfaces exposed when dumping it's classes.
As you probably know by now, iOS apps are no longer exclusively written in Objective-C , they now can also be written and Apple is encouraging developers to do so in Swift or a mix of both. This means the tools we used before to dump iOS apps classes won't work when there is Swift code in the binary, because of this I have 2 versions of class-dump.
You can download them from here Objc class-dump and here Swift class-dump. The Starbucks app has swift code in it so you'll have to use the Swift version of class-dump. Having the name of the classes, methods and instance variables is a great way to start RE an iOS app, but we are still missing the core of the application, its business logic. We need to understand what is happening inside the methods? I've been using Hopper Disassembler for a few years now and I love it, it's perfect for beginners like me.
MIT License. Releases No releases published. Packages 0 No packages published. Contributors 2. You signed in with another tab or window. Reload to refresh your session.
0コメント