Reverse Engineering Tools

From iPhone Development Wiki
Revision as of 00:34, 5 March 2014 by Cykey (talk | contribs) (Added info about weak_classdump)
Jump to: navigation, search

This is a draft that needs your help. Can you help fix it? Add some details!

The process for developing a tweak for jailbroken iOS can include: using a combination of class-dump, IDA, and GDB to locate functions/methods, using Cycript to prototype the tweak, and finishing it with Theos.

See Getting Started#Looking at classes and Debugging on iOS 7#Class-dumping

See Debugging on iOS 7 for using GDB/LLDB.

Logify might help you.

When working with App Store apps, you may need something like dumpdecrypted.

Class-dump'ing encrypted binaries

When binaries are encrypted with fairplay (e.g App Store apps), class-dump[-z] will produce garbage data. Therefore, it is necessary to use a runtime tool such as weak_classdump.

weak_classdump can be used to dump a single class, like so:

iPhone$ cycript -p Skype weak_classdump.cy; cycript -p Skype
'Added weak_classdump to "Skype" (1685)'
cy# weak_classdump(SkypeAppDelegate, "/tmp/")
"Wrote file to /tmp/SkypeAppDelegate.h"

It can also be used to dump all the classes in a bundle (in this case, the main bundle):

iPhone$ cycript -p Skype weak_classdump.cy; cycript -p Skype
'Added weak_classdump to "Skype" (1685)'
cy# weak_classdump_bundle([NSBundle mainBundle], "/tmp/SkypeHeaders")