iOS App Reverse Engineering

Categories:

Recommended

Introduction to iOS reverse engineering

Although the recipe of Coca-Cola is highly confidential, some other companies can still copy its taste. Although we don’t have access to the source code of others’ Apps, we can dig into their details by reverse engineering.

1.1   Prerequisites of iOS reverse engineering

iOS reverse engineering refers to the process of reverse analysis at software-level. If you want to have strong skills on iOS reverse engineering, you’d better be familiar with the hardware constitution of iOS and how iOS works. Also, you should have rich experiences in developing iOS Apps. If you can infer the project scale of an App after using it for a while, its related technologies, its MVC pattern, and which open source projects or frameworks it references, you can announce that you have a good ability on reverse engineering.

Sounds demanding? Aha, a bit. However, all above prerequisites are not fully necessary. As long as you can keep a strong curiosity and perseverance in iOS reverse engineering, you can also become a good iOS reverse engineer. The reason is that during the process of reverse engineering, your curiosity will drive you to study those classical Apps. And it is inevitable that you will encounter some problems that you can’t fix immediately. As a result, it takes your perseverance to support you to overcome the difficulties one by one. Trust me, you will surely get your ability improved and feel the beauty of reverse engineering after putting lots of efforts on programming, debugging and analyzing the logic of software.

1.2  What does iOS reverse engineering do

Metaphorically speaking, we can regard iOS reverse engineering as a spear, which can break the seemingly safe protection of Apps. It is interesting and ridiculous to note that many companies that develop Apps are not aware of the existence of this spear and think their Apps are unbreakable.

For IM Apps like WeChat or WhatsApp, the core of this kind of Apps is the information they exchange. For software of banks, payment or e-commerce, the core is the monetary transaction data and customer information. All these core data have to be securely protected. So developers have to protect their Apps by combining anti-debugging, data encryption and code obfuscation together. The aim is to increase the difficulty of reverse engineering and prevent similar security issues from affecting user experience.

However, the technologies currently being used to protect Apps are not in the same dimension with those being used in iOS reverse engineering. For general App protections, they look like fortified castles. By applying the MVC architecture of Apps inside the castle with thick walls outside, we may feel that they are insurmountable, as shown in figure 1-1.

But if we step onto another higher dimension and overlook into the castle where the App resides, you find that structure inside the castle is no longer a secret, as shown in figure 1-2.

All Objective-C interfaces, all properties, all exported functions, all global variables, even all logics are exposed in front of us, which means all protections have became useless. So if we are in this dimension, walls are no longer hindrances. What we should focus on is how can we find our targets inside the huge castle.

At this point, by using reverse engineering techniques, you can enter the low dimension castle from any high dimension places without damaging walls of the castle, which is definitely tricky while not laborious. By monitoring and even changing the logics of Apps, you can learn the core information and design details easily.

Sounds very incredible? But this is true. According to the experiences and achievements I’ve got from the study of iOS reverse engineering, I can say that reverse engineering can break the protection of most Apps, all their implementation and design details can be completely exposed.

The metaphor above is only my personal viewpoint. However, it vividly illustrates how powerful iOS reverse engineering is. In a nutshell, there are two major functions in iOS reverse engineering as below:

  • Analyze the target App and get the core information. This can be concluded as security related reverse engineering.
  • Learn from other Apps’ features and then make use of them in our own Apps. This can be concluded as development related reverse engineering.
Category:

Attribution

snakeninny, hangcom [Translated by Ziqi Wu, 0xBBC, tianqing and Fei Cheng] (2015), IOS App Reverse Engineering, URL: https://github.com/iosre/iOSAppReverseEngineering

This work is licensed under the MIT license:  (https://github.com/iosre/iOSAppReverseEngineering/blob/master/LICENSE).

VP Flipbook Maker

Time to share your work in an interesting way as a flipbook! Visual Paradigm Online Flipbook Maker is a professional tool for you to convert your work to a digital flipbook. You can also customize your work with its design tool. Try it now!