reversing ios apps for fun and profit [alt tech talks berlin 2013]
DESCRIPTION
My intro to reverse engineering, especially focused on reversing iOS apps, which I presented at the Alt Tech Talks Berlin event in 2013.TRANSCRIPT
Reversing iOS apps for fun and profit
Alt Tech Talks Berlin 2013 !
Kuba Brecka @kubabrecka
What is reverse engineering?
• Forward engineering
• Source code → Compiler → Binary
• Source code → Optimizations → High-level intermediate code → Optimizations → Assembly instructions → Optimizations → Binary
• Reverse engineering
• Source code → Optimizations → High-level intermediate code → Optimizations → Assembly instructions → Optimizations → Binary
Why should I care?• Maybe you’re just curious
• Security analysis
• Malware analysis
• Undocumented APIs
• Lost source code
• Black-hat reasons
Tools of trade• IDA Pro
• Hopper
• classdump
• otool
• LLDB
• radare2
Assembly crash courseARM (32-bit):
MOV R0, #0xA20 ADD R0, PC LDR R1, [R0] BLX some_procedure B loc_9060 CMP R0, #0 BEQ loc_9060 CBZ loc_9060
x86 (32-bit):
mov eax, ebx add eax, 44h mov eax, [eax+10h] call some_procedure jmp loc_2EB5 cmp eax, 0 jz loc_2EB5
Demo
What you get for free• List of classes and categories in the app
• and their methods and types and signatures and properties and ivars and …
• List of used external classes, frameworks, APIs
• List of used constant strings in the app
• List of used selectors
What you get with a little more effort
• List of 3rd-party libraries bundled in the binary
• Complexity of methods, what branches and loops they contain
• Where are external APIs and classes used
IPAs and encryption• Apps from the App Store are encrypted (FairPlay
DRM)
• Binary is decrypted only in memory
• To obtain a decrypted binary:
• jailbreak
• run the app
• dump its memory
Language does matterbytecode /
native
meta information in binary
obfuscation
C native zero usually no
Java bytecode lots quite common
Objective-C native lots usually no
Thank you.Kuba Brecka @kubabrecka