iOS app reverse engineering learning Note (iv) iOS program type

The most common programs in Jailbreak iOS are application, the Dynamic library, and the daemon three categories.

1.Application

In addition to the traditional app, there are two app forms on the jailbreak iOS platform: Weeapp (attached to the Notificationcenter app) and Preferencebundle (attached to the Settings app), Common in Cydia platforms.

The bundle of common apps holds executable programs and required resources, while the bundle in the framework holds dynamic-link libraries.

Focus on the three parts of the app:

1.info.plist: This file records basic information about the app, such as bundle identifier, executable file name, icon file name, and so on.

2. Executable program: One of the main targets of the attack.

3.Resouces (Resource file): The various localized strings (strings) are important clues to locating the reverse target.

The/applications directory stores system apps and apps downloaded from Cydia, and the/var/mobile/applications directory is an app downloaded from the App Store.

The directory structure is not very different, but the former is the main user and the main group is generally root and admin, and the latter is the main user and the main group is mobile, the permissions of the two are different.

In addition, the format of the app installation package in the/applications directory is the format of the app installation package in the Deb,/var/mobile/applications directory as an IPA.

which

The Deb format is the Debian system-specific installation package format, and the installation package in this format often involves the underlying operation of the system, which allows for higher permissions. Apps downloaded from Cydia are all in the Deb format.

The IPA format is the only official installation package format that Apple has in iOS.

2.Dynamic Library The difference between a dynamic library file and a static library file is that the static library file is loaded at once and resides in memory. Dynamic library files are loaded into memory only when the app is used by the library. The kernel launches dynamic Loader (/USR/LIB/DYLD) to load the dynamic library that the app needs into the app's memory space. Note the permissions of the dynamic library and the available memory space are determined by the app that loads it.

3.Daemon

The iOS system's Daemon (daemon) consists primarily of an executable file and a plist file. Where the plist file records the basic information of daemon.

The root process of iOS is/SBIN/LAUNCHD, which checks all of the plist files in/system/library/launchdaemons and/library/daemons in accordance with the formatting requirements when powering on or receiving commands. Then start the corresponding daemon as needed.

From the reverse engineering of iOS applications, the website is http://iosre.com/

The above contents may be changed, and all the original books shall prevail. Thanks to the author for sharing.