Teach you to decompile other people's apps

Although the iOS system is relatively safe compared to other mobile phone operating systems, this security is not absolute, I have always believed that however persuasive outsmart. This article would like to start with a practical example, to tell you how to decompile an app, and from a certain point of view, iOS does not have the legendary "security."

Here is the simplest conclusion to everyone, the specific principle and the detailed use of tools, please yourself Google, why do it, because I want to use the simplest language, so that no assembly based on the students can understand.

Here are a few things to illustrate my point:

• IOS app can be "conditionally" decompile
• Take off the coat that the App store puts on the "secondary file"
• How to use tools to decompile
• Generate pseudo-code where you are interested
• How to prevent anti-compilation

IOS app can be "conditionally" decompile

First, let's tell you the unfortunate news that the app on the app store has been encrypted by Apple. So the title is "conditional" in order to decompile, it is gratifying that in the production of the IPA under Debug or release of the IPA package or the channel package (the various application market can be under the IPA package) can be directly decompile.

Take off the coat that the App store puts on the "secondary file"

Of course, the introduction has been said, however persuasive outsmart, even the apple-encrypted IPA, in fact, can be anti-compilation, but relatively troublesome.
Come on and give you a few tools to get rid of Apple encryption.

• Clutch
• dumpdecrypted
• Gdb
• Appcrackr

Because Appcrackr is a lot of developers to spit, this fool-type decryption will seriously lead to piracy, so this tool has been very bad use.
The demo is not shown here, and I feel like my programmer's career is about to end if I send it back to the Internet on the App Store.

How to use tools to decompile

Two tools class-dump and Hopper disassemblerare introduced here.
First, make a mouse out of one of the simplest apps. (contains binary file &dump results)
Look at the picture, that's it, I just changed the Viewcontroller class.

ViewController.h
Viewcontroller.m

As can be seen from the code, I have written two methods testClassDump and testHideClassDump the latter is not declared in. h (PS: I want to experiment with this to be able to be deserialized to).

OK, the foreplay is finished, you can start to work.

We run the project and open the Decompilingtest.app directory under the Products folder, displaying the contents of the package, and getting the binary file .

binary files

Then I copy to the desktop and execute the following command to get the. h file in the project.

Execute command

OK, get the following results, we look at the ViewController.h inside, can get what method

Results

It turns out that the method of not declaring is also being dump out.

The next step is to see if we can get the concrete implementation of these two methods, and then we'll try it with Hopper disassembler .

The usage of Hopper disassembler is simple, just drag the binary file in. Look at the results after dragging in.

After anti-compilation

At this time 10,000 grass mud horse flew over, what ' s the fk!! A bunch of assembly language baby can not understand AH. (Of course that RET should be return meaning I guess)

Generate pseudo-code where you are interested

Don ' t worry! Point to the upper right corner of if (b) f (x); button, we can see the pseudo-code of this method, most of the time we can see the information we need from the pseudo-code.

The results are as follows:

Pseudo Code 1
Pseudo Code 2

At this point, two methods have been decompile!!

It is important to note that even if the method is not declared in. h, it can be dump and then be deserialized.

How to prevent anti-compilation

Having said so much, we have to prevent the need to add all kinds of complicated confusion like java.

In fact, I think it is not necessary, the cost of anti-compilation itself is very large, code so much, one after the other anti-compilation is in the egg, even if there are pseudo-code also need to understand, and some code even if there are pseudo-code is difficult to understand.

As long as the core code, do a good job of confusing, such as involving the password, the core algorithm.

Summarize:

There is no absolute security system, and no hacker can not break the system, all it takes is just time.

Original link: http://www.jianshu.com/p/10873c5c1e08

Teach you to decompile other people's apps