Dumping App with Clutch + IDA


#1

hello!

I am using Clutch to dump an app I want to RE using IDA. The problem is that the resulting file is 64bit and cannot be opened by the free version of IDA (the licence is so expensive…).

My first question would be: is there a way to get a 32bit executable?

Or else, what tool would you suggest me to use instead of IDA. (I’ve read a bit about radare2 --> anyone using it??)

Thank you!

Carlo


#2
  1. u could use Clutch on iPhone5 (armv7) , then the resulting file is 32bit .
  2. Hopper maybe an alternative. https://www.hopperapp.com/

#3

This is due to app thinning in iOS9. Download the ipa using desktop version of iTunes. Install, then Clutch.

And you will have 32bit


#4

Hi Carlo

hxxp://forum.exetools.com
Search the forum you’ll find an link for IDA full version 6.8.1 we guess.
Hope the link still works.

I’m using radare2 but still ARM is an problem. Search for hex bytes, dumping is all extremely awesome.

jtool is amazing tool for static analysis & many things. Its like 10 utilities in one. I use it very frequently to undertand the Mach-o file format.

Download from below site all the utility its an must for iOS RE .
hxxp://newosxbook.com/index.php?page=downloads

One more thing order the book by J which is going to get released soon. It would be worth the money for sure.

Also learn ROP programming its an must for sure once we need to inject our code in mach-o.

Question: If any one has an good link for ROP programming specifically for iOS with example please share.

Note: Its easy to read the slide information but need an example how to assemble gadgets & GadgetChain etc… etc…

Thanks


#5

it would be nice to gain access to the exetools forum, but they have a “invitation only” registration process that is blocking me… :frowning:

I’ll definitely check the ROP programming (Return-oriented programming if I’m correct?).