Questions tagged [ios]

The operating system by apple for mobile devices

Use this tag for questions about reverse engineering the iOS operating system, runtime, or applications.

130 questions

votes

2 answers

Decrypt iOS standard encryption without device

In order to remove the encryption from an iOS binary on the App Store, it first has to be executed on a ARM capable device. Is there a way to do this without access to a device?

ios

asked Mar 23 '15 at 10:33

Nederealm

votes

1 answer

Trying to use Cycript to access element in the current windpws

I am using cycript,but I have tried some of these commands and not sure where I went wrong. cy# UIApp.windows[0] #"; layer =

ios

asked Mar 05 '23 at 16:26

A O

votes

1 answer

How can a video file cause an iOS device to crash or hang?

There have been reports of a malformed h264 video file causing iOS devices to hang or crash (I've added the link in plaintext to avoid accidental clickthroughs, play at your own risk: http://www.apps4iphone.net/videocrash.html). I am trying to…

ios

asked Nov 22 '16 at 19:02

JAL

votes

0 answers

Recovering .ipa file for TestFlight app on iOS 8 (not jailbroken)

Normally if I want to see the binary and resources for an app, I connect my iPhone to my Macbook, sync with iTunes, and then all of my apps are in /Users/cybergibbons/Music/iTunes/iTunes Media/Mobile Applications as .ipa files which I can extract as…

ios

asked Jan 29 '15 at 15:12

Cybergibbons

1,762
2
17
26

votes

2 answers

In iOS, how can I find all hooked functions in substrate tweak

I'm trying to reverse a compiled tweak. As a first step, I want to find out all the functions it hooks. I can find all the calls to substrate framework functions, but I didn't figure out which functions are hooked (r0). What is the best way to do…

ios

asked Sep 01 '14 at 11:23

c c

votes

0 answers

db section in hopper

There is a db section in hopper, which cause the code not being able to go to control follow graph mode Do advise what cause this issue: ; Section __cstring ; Range: [0x10000a2c0; 0x10000a4d5[ (533 bytes) ; File offset :…

ios

asked Mar 05 '23 at 15:40

A O

votes

1 answer

Hopper - no CFG leaving procedure at this address

Where is it that, when I am at a procedure with a lot of db, hopper will not show the control flow graph. How do I make the db change to a regular assembly symbol like mov,add,ret etc. What cause the db not to show the control flow graph …

ios

asked Mar 05 '23 at 12:57

A O

votes

1 answer

Does anyone know the purpose of the malware,ios,social_engineering file on iOS

I have a jailbroken iPhone, and I noticed that it contains a file called social_engineering,ios,url_expression at the path: /private/var/mobile/Library/Caches/com.apple.Safari.SafeBrowsing/Google/social_engineering,ios,url_expression The file is…

ios

asked Dec 04 '22 at 01:13

user2279952

votes

1 answer

How does Apple enforce the expiration of beta apps distributed through TestFlight

A beta app expired after a period of time. But after some investigated on the ipa file, both the certificate and the mobile provisioning profile embedded in the bundle are not expired. How can Apple enforce beta app expiration and how the test…

ios

asked Mar 16 '17 at 14:00

Karl

votes

4 answers

Reverse engineering from binary or ipa

I lost the code of an app I wrote some years ago...the game structure was pretty cool and would be good to have it back... So can I reverse a binary into...something? I mean at least class tree... I've this and the ipa (yes I saved it and not the…

ios

asked Feb 18 '14 at 05:13

Michele

votes

0 answers

Reverse Engineer Using Class-dump

I have tried to look into the class-dump of a decompiled ipa file, can I assume that only : TtCC29XYZ18JailbreakDetection12RuntimeClass is of remarkable because it has - (long long)runtimeModifiedFunction; @interface _TtC29XYZ18JailbreakDetection :…

ios

asked Mar 09 '23 at 08:47

A O

votes

0 answers

Input file (Hello_World) is neither a Mach-O file nor a fat archive: Class-dump

I am trying to use class-dump in iPhone 14.3. However, there is an error. Can you advise? ANT-iPhone:/var/containers/Bundle/Application/61669A90-8CF9-4991-943F-5E9F097A3A5B/Hello_World.app root# otool -Vh Hello_World Hello_World: Mach header …

ios

asked Mar 05 '23 at 11:47

A O

votes

1 answer

iOS entitlements for enable calling to private API

I'd like to analyze iOS private framework that broke commonly used GitHub project called AppLister. Here's some info about the API: Framework : MobileCoreServices.framework. Class: LSApplicationWorkspace. Method: allApplication. Starting from…

ios

asked Oct 25 '17 at 07:51

Zohar81

votes

0 answers

Analysis Apps for iOS10/64Bit

I need to analyze an iOS app. Since it's iOS 10 64Bit (jailbroken) this time, I'm desperately looking for good analysis tools for injecting, manipulating, anti-anti-jailbreak, tracing, and so on. I previously used tools iRet and iSpy and so on, but…

ios

asked May 12 '17 at 13:24

Kunibert Bertikun

votes

1 answer

How can I decompile and inspect a Safari Extension?

There is a suspect safari extension on a computer I'm investigating. How can I locate its install location, and possibly read the source code of the extension? Also, is there an easy way to tell if an extension either came from the developer site,…

ios

asked Oct 15 '15 at 00:09

makerofthings7

2 Next