"iOS reverse engineering" from shelling to acquiring source code

iOS-side apps are added to the App store by adding a binary file, similar to the Android obfuscation, to prevent decompile, but sometimes for reasons that are not descriptive, we imagine some Daniel learning some experience and saying, "Reading books is not stealing, With a critical heart, I learned the reverse-compiling technique, which makes a simple record (manual antics).
In general, the reverse compilation technology can be summed up in the following steps: Shell access to the source code. h file Get care of pseudocode for shelling

The shell is to remove the app's binary encryption casing to get the app's IPA package process. There are a number of third-party tools, here to introduce a call clutch things, easy to use.
(Friendship tip: If your mobile phone does not escape, see here can be completed, because the next step requires a jailbreak cell phone)
First go to github download clutch:https://github.com/kjcracks/clutch/releases
Download the latest version directly. After downloading, name the file you downloaded as clutch, and then use Itools, Ifunbox and other tools to put your clutch files into the Device->usr->bin directory of the Jailbreak cell phone.

Attention:
1. Not user, usr ... Don't ask me why I'm here to remind you. I also have a pain in the egg ...
2. You may not name your clutch xx.x.x as a clutch, but be sure to remember what your clutch file is called because the following operation requires you to enter a filename corresponding to it.

The preparation for this phone end is complete. (surprised not surprised.) No surprises. Not happy.
next to confirm that your phone is connected to WiFi and that your Mac is connected to the same wifi. OK continue, turn on the phone's settings –> Wireless LAN find your linked WiFi, click on the rightmost I to view your IP address.
then open your Mac terminal and enter the command: SSH root@xx.xx.xx.xx, (xx.xx.xx.xx) for your phone's IP address. Next, you will need to enter the password, note that this time the password is not your Mac password, nor your iphone password, is a default password: Alpine (who has been in the pit who know ...)
and then the CD to your Bin directory: root# cd/usr/bin So you can use the clutch command. Enter Clutch-i to see all of your apps that can be shelled.

No surprises the system will be for you to list all the app that can be shelled, want to take off who turn over whose brand it ~
to give a chestnut, you want to turn 2nd app brand, input Clutch-b 2 back to the car can ~ is not flattered ~
effect is as follows:
Get the. h file

After the last step, you will see that the Purple section has a finish ... to ... The words, it tells us that we go to the shell after the file where, with this path, it is very simple, we used to use what black technology clutch put into our mobile phone (itools/ifunbox/...) ), now also use what black technology to this directory to the shell file to take out a good ~
Through the shell step, you can get to the IPA package, in fact, the IPA package is a compression package format, you can use the decompression tool to extract directly. The binary executable of the app can be obtained after decompression, and the. App package (if you can't extract it, try to change the suffix name to. zip). On the Mac on the app package "view package Content", you can see the package executable files, unprocessed resource files (such as sound, pictures, etc.), bundle resource files, as well as compiled nib layout files.
After you get the executable file for the IPA package, you can use the tool to disassemble the Mac. Often
See the Disassembly tool has class-dump,hopper disassembler and so on.
Install the tutorial take Class-dump as an example, see this can, here will not introduce more installation.
After the installation completes Class-dump, you can use the following command to Decompile:

Class-dump-h/applications/your app name. App-o/users/aa/bb/cc

Where aa/bb/cc This string is you want to output the folder path, so that the return run can go to this path down to find the reverse compiled. h file

PS. There may be a problem where class-dump does not have permissions to run, which allows you to select the DMG file download, copy the class-dump from the DMG file to the/usr/bin directory, and execute the sudo in terminal
The chmod xxx/usr/bin/class-dump command gives it permission to execute. where xxx is your Mac username.

Above, we can get back to compile the header file content, thanks for reading ~