Recommendation (by DHowett)
Preface
Foreword
Part I Concepts
Chapter 1 Introduction to iOS reverse engineering
1.1 Prerequisite of iOS reverse engineering
1.2 What does iOS reverse engineering do
1.2.1 Security related iOS reverse engineering
1.2.2 Development related iOS reverse engineering
1.3 The process of iOS reverse engineering
1.3.1 System Analysis
1.3.2 Code Analysis
1.4 Tools for iOS reverse engineering
1.4.1 Monitors
1.4.2 Disassemblers
1.4.3 Debuggers
1.4.4 Development kit
1.5 Conclusion
Chapter 2 Introduction to Jailbroken iOS
2.1 iOS System Hierarchy
2.1.1 iOS filesystem
2.1.2 iOS file permission
2.2 iOS file types
2.2.1 Application
2.2.2 Dynamic Library
2.2.3 Daemon
2.3 Conclusion
Part II Tools
Chapter 3 OSX toolkit
3.1 class-dump
3.2 Theos
3.2.1 Introduction to Theos
3.2.2 Install and configure Theos
3.2.3 Use Theos
3.2.4 An example tweak
3.3 Reveal
3.4 IDA
3.4.1 Introduction to IDA
3.4.2 Use IDA
3.4.3 An analysis example of IDA
3.5 iFunBox
3.6 dyld_decache
3.7 Conclusion
Chapter 4 iOS toolkit
4.1 CydiaSubstrate
4.1.1 MobileHooker
4.1.2 MobileLoader
4.1.3 Safe mode
4.2 Cycript
4.3 LLDB and debugserver
4.3.1 Introduction to LLDB
4.3.2 Introduction to debugserver
4.3.3 Configure debugserver
4.3.4 Process launching and attaching using debugserver
4.3.5 Use LLDB
4.3.6 Miscellaneous LLDB
4.4 dumpdecrypted
4.5 OpenSSH
4.6 usbmuxd
4.7 iFile
4.8 MTerminal
4.9 syslogd to /var/log/syslog
4.10 Conclusion
Part III Theories
Chapter 5 Objective-C related iOS reverse engineering
5.1 How does a tweak work in Objective-C
5.2 Methodology of writing a tweak
5.2.1 Look for inspiration
5.2.2 Locate target files
5.2.3 Locate target functions
5.2.4 Test private methods
5.2.5 Analyze method arguments
5.2.6 Limitations of class-dump
5.3 An example tweak using the methodology
5.3.1 Get inspiration
5.3.2 Locate files
5.3.3 Locate methods and functions
5.3.4 Test methods and functions
5.3.5 Write tweak
5.4 Conclusion
Chapter 6 ARM related iOS reverse engineering
6.1 Introduction to ARM assembly
6.1.1 Basic concepts
6.1.2 Interpretation of ARM/THUMB instructions
6.1.3 ARM calling conventions
6.2 Advanced methodology of writing a tweak
6.2.1 Cut into the target App and find the UI function
6.2.2 Locate the target function from the UI function
6.3 Advanced LLDB usage
6.3.1 Look for a function’s caller
6.3.2 Change process execution flow
6.4 Conclusion
Part IV Practices
Chapter 7 Practice 1: Characount for Notes 8
7.1 Notes
7.2 Tweak prototyping
7.2.1 Locate Notes’ executable
7.2.2 class-dump MobileNotes’ headers
7.2.3 Find the controller of note browsing view using Cycript
7.2.4 Get the current note object from NoteDisplayController
7.2.5 Find a method to monitor note text changes in real time
7.3 Result interpretation
7.4 Tweak writing
7.4.1 Create tweak project “CharacountforNotes8” using Theos
7.4.2 Compose CharacountForNotes8.h
7.4.3 Edit Tweak.xm
7.4.4 Edit Makefile and control files
7.4.5 Test
7.5 Conclusion
Chapter 8 Practice 2: Mark user specific emails as read automatically
8.1 Mail
8.2 Tweak prototyping
8.2.1 Locate and class-dump Mail’s executable
8.2.2 Import headers into Xcode
8.2.3 Find the controller of “Mailboxes” view using Cycript
8.2.4 Find the delegate of “All Inboxes” view using Reveal and Cycript
8.2.5 Locate the refresh completion callback method in MailboxContentViewController
8.2.6 Get all emails from MessageMegaMall
8.2.7 Get sender address from MFLibraryMessage and mark email as read using MessageMegaMall
8.3 Result interpretation
8.4 Tweak writing
8.4.1 Create tweak project “iOSREMailMarker” using Theos
8.4.2 Compose iOSREMailMarker.h
8.4.3 Edit Tweak.xm
8.4.4. Edit Makefile and control files
8.4.5 Test
8.5 Conclusion
Chapter 9 Practice 3: Save and share Sight in WeChat
9.1 WeChat
9.2 Tweak prototyping
9.2.1 Observe Sight view and look for cut-in points
9.2.2 Get WeChat headers using class-dump
9.2.3 Import WeChat headers into Xcode
9.2.4 Locate the Sight view using Reveal
9.2.5 Find the long press action selector
9.2.6 Find the controller of Sight view using Cycript
9.2.7 Find the Sight object in WCTimeLineViewController
9.2.8 Get a WCDataItem object from WCContentItemViewTemplateNewSight
9.2.9 Get target information from WCDataItem
9.3 Result interpretation
9.4 Tweak writing
9.4.1 Create tweak project “ iOSREWCVideoDownloader” using Theos
9.4.2 Compose iOSREWCVideoDownloader.h
9.4.3 Edit Tweak.xm
9.4.4 Edit Makefile and control files
9.4.5 Test
9.5 Easter eggs
9.5.1 Find the Sight in UIMenuItem
9.5.2 Historical transition of WeChat’s headers count
9.6 Conclusion
Chapter 10 Practice 4: Detect And Send iMessages
10.1 iMessage
10.2 Detect if a number or email address supports iMessage
10.2.1 Observe MobileSMS and look for cut-in points
10.2.2 Find placeholder using Cycript
10.2.3 Find the 1st data source of placeholderText using IDA and LLDB
10.2.4 Find the Nth data source of placeholderText using IDA and LLDB
10.2.5 Restore the process of the original data source becoming placeholderText
10.3 Send iMessages
10.3.1 Observe MobileSMS and look for cut-in points
10.3.2 Find response method of “Send” button using Cycript
10.3.3 Find suspicious sending action in response method
10.4 Result Interpretation
10.5 Tweak writing
10.5.1 Create tweak project “iOSREMadridMessenger” using Theos
10.5.2 Compose iOSREMadridMessenger.h
10.5.3 Edit Tweak.xm
10.5.4 Edit Makefile and control files
10.5.5 Test with Cycript
10.6 Conclusion
Jailbreaking for Developers, An Overview (By rpetrich)
Evading the Sandbox (By rpetrich)
Tweaking is the new-age hacking (By Optimo)
For any book related questions, please feel free to ask at here