Home > iPhone > Basic Reverse Engineering

Basic Reverse Engineering

It turns out that reverse engineering native iPhone apps (calc, mobile safari, mobile mail or anything that is on the phone by default and not from the app store) can be quite an involved process for those not familiar with the ARM architecture or Objective-C. Here I will give a brief introduction to the tools needed for the job and some links to further information.

Native applications are stored in the “/Applications” directory on the iPhone. In here you will find folders such as AppStore.app, MobileMail.app, MobileSafari.app, etc. These are the native applications. Beginning reverse engineering on these is very simple. For example, if we enter the MobileSafari.app directory, among other files we find the “MobileSafari” binary file. Open this with your favorite disassembler (HT Editor, IDA pro, etc) or use otool (arm-apple-darwin-otool if you have installed the desktop toolchain) with the -Vt option to dump the assembly.

Since the binaries run on the ARM platform, it is necessary to understand the ARM instruction-set. I have found the following links helpful:

Objective-C is a little bit of a different beast than it’s C counterpart. In the assembly you will see calls to sendmsg scattered throughout the entire program. This is really the way Objective-C calls class methods. Anyways, a basic knowledge of Objective-C is needed to understand the assembly. There are plenty of iPhone development books out there, which I’m sure are all fine. I am starting to read iPhone Open Application Development by Jonathan Zdziarski.

Finally, I ran into a good tutorial paper on iPhone native app reversing called Primer on Reversing Jailbroken iPhone Native Applications v1.0. It seems pretty good and definitely worth the read.

Another place to start reverse engineering on the iPhone is in the shared libraries. In “/usr/lib” we can find a bunch of dylib files. These are the libraries to start looking at and can be reversed as described above. There are also some interesting files in “/Library” we can look in to.

Categories: iPhone Tags:
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: