Reverse Engineering Tools: Difference between revisions

From iPhone Development Wiki
(Created page with "'''This is a draft that needs your help. Can you help fix it? Add some details!''' The process for developing a tweak for jailbroken iOS can include: using a combination of c...")
 
(Added info about weak_classdump)
Line 10: Line 10:


When working with App Store apps, you may need something like [https://github.com/stefanesser/dumpdecrypted dumpdecrypted].
When working with App Store apps, you may need something like [https://github.com/stefanesser/dumpdecrypted dumpdecrypted].
== Class-dump'ing encrypted binaries ==
When binaries are encrypted with fairplay (e.g App Store apps), class-dump[-z] will produce garbage data. Therefore, it is necessary to use a runtime tool such as [https://github.com/limneos/weak_classdump weak_classdump].
weak_classdump can be used to dump a single class, like so:
<source lang=javascript>
iPhone$ cycript -p Skype weak_classdump.cy; cycript -p Skype
'Added weak_classdump to "Skype" (1685)'
cy# weak_classdump(SkypeAppDelegate, "/tmp/")
"Wrote file to /tmp/SkypeAppDelegate.h"
</source>
It can also be used to dump all the classes in a bundle (in this case, the main bundle):
<source lang=javascript>
iPhone$ cycript -p Skype weak_classdump.cy; cycript -p Skype
'Added weak_classdump to "Skype" (1685)'
cy# weak_classdump_bundle([NSBundle mainBundle], "/tmp/SkypeHeaders")
</source>

Revision as of 00:34, 5 March 2014

This is a draft that needs your help. Can you help fix it? Add some details!

The process for developing a tweak for jailbroken iOS can include: using a combination of class-dump, IDA, and GDB to locate functions/methods, using Cycript to prototype the tweak, and finishing it with Theos.

See Getting Started#Looking at classes and Debugging on iOS 7#Class-dumping

See Debugging on iOS 7 for using GDB/LLDB.

Logify might help you.

When working with App Store apps, you may need something like dumpdecrypted.

Class-dump'ing encrypted binaries

When binaries are encrypted with fairplay (e.g App Store apps), class-dump[-z] will produce garbage data. Therefore, it is necessary to use a runtime tool such as weak_classdump.

weak_classdump can be used to dump a single class, like so:

iPhone$ cycript -p Skype weak_classdump.cy; cycript -p Skype
'Added weak_classdump to "Skype" (1685)'
cy# weak_classdump(SkypeAppDelegate, "/tmp/")
"Wrote file to /tmp/SkypeAppDelegate.h"

It can also be used to dump all the classes in a bundle (in this case, the main bundle):

iPhone$ cycript -p Skype weak_classdump.cy; cycript -p Skype
'Added weak_classdump to "Skype" (1685)'
cy# weak_classdump_bundle([NSBundle mainBundle], "/tmp/SkypeHeaders")