How does IOS reverse engineering work? -Self-Knowledge

From: http://www.zhihu.com/question/20317296

I'm lucky to be invited to answer this question, but I don't know how deeply you want to know about the 'System system?
According to the intention and depth, there are several ways and resources:
To learn the framework and improve the development level, you can look at the list of private APIs. Each private API of IOS (cocoa touch) can be viewed through runtime. You can write a method browser by yourself. If you feel trouble, you can go to GitHub to see the ready-made, I collected two: https://github.com/kennytm/iphone-private-frameworks and https://github.com/nst/iOS-Runtime-Headers, but still recommend yourself to get in real time, because iOS in the update, the API is also updated. Using private APIs in app store products violates Apple's regulations. Therefore, using these Apis is a reflection of IOS engineers.
For IOS engineers, (1) is similar. If you have a lot of love and want to know the following APIs, you can still use the obj-C runtime. You can see http://opensource.apple.com/source/objc4/objc4-493.11/runtime/ here, especially objc-runtime.m, which provides a lot of learning tools ". For example, the classic method_exchangeimplementations (), you can use it to study the ins and outs of many black box processes. It is worth mentioning that this method swizzling is valid and can be used in app store! Apple sent an email to developers who used the related skills, indicating that it is best not to use it for security and stability, but it is not prohibited.
If you are interested in the system, try to escape from jail. Similar to Mac OS X, IOS is a UNIX System Based on Darwin. After jailbreak, you have the root permission. You can install terminal and install GCC. Haha ~ The next step is just as if you were studying Linux. With the root permission, developers can write some system tweak or global code. Naturally, they can also be used to gain a deep understanding of systems and native apps. I haven't tried this for a long time, so I dare not say anything about it.
If you want to be an iOS hacker, there is a popular book recently: http://www.amazon.com/iOS-Hackers-Handbook-Charlie-Miller/ I don't have time to read, don't know, but the author is very god. In addition, now IOS jailbreak community has their own conference, you can look at the "jailbreak Dream Team" speech and documents: http://absinthejailbreak.com/dream-team-presentation-at-hitbsecconf-videos. If you still do not meet, you can look at the hardware from the reverse engineering and debugging, share a favorite of my baby: http://wenku.baidu.com/view/dae22c30eefdc8d376ee32c9.html
In addition, IOS code is not completely correct when the source is closed or closed. Apple is a big flag in the open source field, such as WebKit. IOS components are also open source, can be seen on the official website http://opensource.apple.com/, the latest IOS 5.1.1 In this: http://opensource.apple.com/release/ios-511. But as you can see, there is no iOS operating system code, but some libraries, compilers, debuggers... among them, javascriptcore and WebCore are very useful. These two are the basis of WebKit. It can be said that WebKit is one of the most important components of IOS. As of iOS 5 (6 I haven't gotten down yet = ___ = ), all controls with more than one line of text are actually WebKit standard (incredible ?!). Many IOS hack jobs start from here. Speaking of WebKit, COMEX's spirit jailbreak (the "slide to jailbreak") is to use the safari-> WebKit-> pdf engine-> tiff Font Vulnerability to implement code injection! Therefore, every system component may be a breakthrough in IOS reverse/hack!
The level is limited. Please correct and supplement any errors or omissions