![]() Have a hunch that someone used an open-source project without giving credit? Disassembler and Decompiler This can give you a lot of clues about how the app is implemented and architected. These can generate lists of types and their methods for Objective-C or Swift binaries, which end up looking kinda like header files or generated interfaces. For this you’ll have to install Frida and OpenSSH. These are encrypted by the App Store with FairPlay before they’re sent to your device when you install them, and they’re only decrypted when you launch the application. The really cool thing you can do with a jailbroken device is getting a decrypted copy of an App Store app on to your computer for inspection. If you’ve ever accidentally tried and failed to debug your own app when it was built for distribution then you’ve hit one of iOS’s restrictions (the get_task_allow entitlement) that can be worked around on a jailbroken device. A lot of reverse engineering will depend on this because it gives you access and control you can’t replicate another way. There are options to jailbreak devices running iOS 13 now, though. I use my previous carry phone that tops out at iOS 12, which works with Unc0ver. ![]() Depending how much of an apps behaviour depends on its API this might get you as far as you need to go. This will let you see what an app is uploading and downloading from an API. Tools HTTP proxy that can MITM TLS connections You don’t have to be a fancy hacker to do these things, and I think knowing these techniques can make you a better app developer. I’m by no means a reverse engineering or information security expert, and I still feel like I’m just bashing rocks together trying to make fire, but I hope that this serves as a jumping off point to better resources and a nudge for anybody that thinks they can’t do this themselves. ![]() I do this infrequently enough that having this post is as valuable for me as anyone else. Now is as good a time as any to write up the tools that I’ve since learned to use and the steps I take to do this. Recently I wanted to investigate an app released by my regional government to verify a hunch about how it worked. The idea that I would be able to do this myself seemed unreachable. For a lot of my time as an iOS developer I would see prominent people in the industry sharing details about how the internals of UIKit or other parts of the operating system worked, and it always seemed like magic.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |