Difference between revisions of "Reverse Engineering Tools"

From iPhone Development Wiki
Jump to: navigation, search
(Created page with "'''This is a draft that needs your help. Can you help fix it? Add some details!''' The process for developing a tweak for jailbroken iOS can include: using a combination of c...")
 
(Added info about weak_classdump)
Line 10: Line 10:
  
 
When working with App Store apps, you may need something like [https://github.com/stefanesser/dumpdecrypted dumpdecrypted].
 
When working with App Store apps, you may need something like [https://github.com/stefanesser/dumpdecrypted dumpdecrypted].
 +
 +
== Class-dump'ing encrypted binaries ==
 +
 +
When binaries are encrypted with fairplay (e.g App Store apps), class-dump[-z] will produce garbage data. Therefore, it is necessary to use a runtime tool such as [https://github.com/limneos/weak_classdump weak_classdump].
 +
 +
weak_classdump can be used to dump a single class, like so:
 +
 +
<source lang=javascript>
 +
iPhone$ cycript -p Skype weak_classdump.cy; cycript -p Skype
 +
'Added weak_classdump to "Skype" (1685)'
 +
cy# weak_classdump(SkypeAppDelegate, "/tmp/")
 +
"Wrote file to /tmp/SkypeAppDelegate.h"
 +
</source>
 +
 +
It can also be used to dump all the classes in a bundle (in this case, the main bundle):
 +
<source lang=javascript>
 +
iPhone$ cycript -p Skype weak_classdump.cy; cycript -p Skype
 +
'Added weak_classdump to "Skype" (1685)'
 +
cy# weak_classdump_bundle([NSBundle mainBundle], "/tmp/SkypeHeaders")
 +
</source>

Revision as of 00:34, 5 March 2014

This is a draft that needs your help. Can you help fix it? Add some details!

The process for developing a tweak for jailbroken iOS can include: using a combination of class-dump, IDA, and GDB to locate functions/methods, using Cycript to prototype the tweak, and finishing it with Theos.

See Getting Started#Looking at classes and Debugging on iOS 7#Class-dumping

See Debugging on iOS 7 for using GDB/LLDB.

Logify might help you.

When working with App Store apps, you may need something like dumpdecrypted.

Class-dump'ing encrypted binaries

When binaries are encrypted with fairplay (e.g App Store apps), class-dump[-z] will produce garbage data. Therefore, it is necessary to use a runtime tool such as weak_classdump.

weak_classdump can be used to dump a single class, like so:

iPhone$ cycript -p Skype weak_classdump.cy; cycript -p Skype
'Added weak_classdump to "Skype" (1685)'
cy# weak_classdump(SkypeAppDelegate, "/tmp/")
"Wrote file to /tmp/SkypeAppDelegate.h"

It can also be used to dump all the classes in a bundle (in this case, the main bundle):

iPhone$ cycript -p Skype weak_classdump.cy; cycript -p Skype
'Added weak_classdump to "Skype" (1685)'
cy# weak_classdump_bundle([NSBundle mainBundle], "/tmp/SkypeHeaders")