iOS App Reverse Engineering - Table of Contents

Recommendation (by DHowett)

Preface

Foreword

Part I Concepts

Chapter 1 Introduction to iOS reverse engineering

1.1 Prerequisite of iOS reverse engineering

1.2 What does iOS reverse engineering do

1.2.1 Security related iOS reverse engineering

1.2.2 Development related iOS reverse engineering

1.3 The process of iOS reverse engineering

1.3.1 System Analysis

1.3.2 Code Analysis

1.4 Tools for iOS reverse engineering

1.4.1 Monitors

1.4.2 Disassemblers

1.4.3 Debuggers

1.4.4 Development kit

1.5 Conclusion

Chapter 2 Introduction to Jailbroken iOS

2.1 iOS System Hierarchy

2.1.1 iOS filesystem

2.1.2 iOS file permission

2.2 iOS file types

2.2.1 Application

2.2.2 Dynamic Library

2.2.3 Daemon

2.3 Conclusion

Part II Tools

Chapter 3 OSX toolkit

3.1 class-dump

3.2 Theos

3.2.1 Introduction to Theos

3.2.2 Install and configure Theos

3.2.3 Use Theos

3.2.4 An example tweak

3.3 Reveal

3.4 IDA

3.4.1 Introduction to IDA

3.4.2 Use IDA

3.4.3 An analysis example of IDA

3.5 iFunBox

3.6 dyld_decache

3.7 Conclusion

Chapter 4 iOS toolkit

4.1 CydiaSubstrate

4.1.1 MobileHooker

4.1.2 MobileLoader

4.1.3 Safe mode

4.2 Cycript

4.3 LLDB and debugserver

4.3.1 Introduction to LLDB

4.3.2 Introduction to debugserver

4.3.3 Configure debugserver

4.3.4 Process launching and attaching using debugserver

4.3.5 Use LLDB

4.3.6 Miscellaneous LLDB

4.4 dumpdecrypted

4.5 OpenSSH

4.6 usbmuxd

4.7 iFile

4.8 MTerminal

4.9 syslogd to /var/log/syslog

4.10 Conclusion

Part III Theories

Chapter 5 Objective-C related iOS reverse engineering

5.1 How does a tweak work in Objective-C

5.2 Methodology of writing a tweak

5.2.1 Look for inspiration

5.2.2 Locate target files

5.2.3 Locate target functions

5.2.4 Test private methods

5.2.5 Analyze method arguments

5.2.6 Limitations of class-dump

5.3 An example tweak using the methodology

5.3.1 Get inspiration

5.3.2 Locate files

5.3.3 Locate methods and functions

5.3.4 Test methods and functions

5.3.5 Write tweak

5.4 Conclusion

Chapter 6 ARM related iOS reverse engineering

6.1 Introduction to ARM assembly

6.1.1 Basic concepts

6.1.2 Interpretation of ARM/THUMB instructions

6.1.3 ARM calling conventions

6.2 Advanced methodology of writing a tweak

6.2.1 Cut into the target App and find the UI function

6.2.2 Locate the target function from the UI function

6.3 Advanced LLDB usage

6.3.1 Look for a function’s caller

6.3.2 Change process execution flow

6.4 Conclusion

Part IV Practices

Chapter 7 Practice 1: Characount for Notes 8

7.1 Notes

7.2 Tweak prototyping

7.2.1 Locate Notes’ executable

7.2.2 class-dump MobileNotes’ headers

7.2.3 Find the controller of note browsing view using Cycript

7.2.4 Get the current note object from NoteDisplayController

7.2.5 Find a method to monitor note text changes in real time

7.3 Result interpretation

7.4 Tweak writing

7.4.1 Create tweak project “CharacountforNotes8” using Theos

7.4.2 Compose CharacountForNotes8.h

7.4.3 Edit Tweak.xm

7.4.4 Edit Makefile and control files

7.4.5 Test

7.5 Conclusion

Chapter 8 Practice 2: Mark user specific emails as read automatically

8.1 Mail

8.2 Tweak prototyping

8.2.1 Locate and class-dump Mail’s executable

8.2.2 Import headers into Xcode

8.2.3 Find the controller of “Mailboxes” view using Cycript

8.2.4 Find the delegate of “All Inboxes” view using Reveal and Cycript

8.2.5 Locate the refresh completion callback method in MailboxContentViewController

8.2.6 Get all emails from MessageMegaMall

8.2.7 Get sender address from MFLibraryMessage and mark email as read using MessageMegaMall

8.3 Result interpretation

8.4 Tweak writing

8.4.1 Create tweak project “iOSREMailMarker” using Theos

8.4.2 Compose iOSREMailMarker.h

8.4.3 Edit Tweak.xm

8.4.4. Edit Makefile and control files

8.4.5 Test

8.5 Conclusion

Chapter 9 Practice 3: Save and share Sight in WeChat

9.1 WeChat

9.2 Tweak prototyping

9.2.1 Observe Sight view and look for cut-in points

9.2.2 Get WeChat headers using class-dump

9.2.3 Import WeChat headers into Xcode

9.2.4 Locate the Sight view using Reveal

9.2.5 Find the long press action selector

9.2.6 Find the controller of Sight view using Cycript

9.2.7 Find the Sight object in WCTimeLineViewController

9.2.8 Get a WCDataItem object from WCContentItemViewTemplateNewSight

9.2.9 Get target information from WCDataItem

9.3 Result interpretation

9.4 Tweak writing

9.4.1 Create tweak project “ iOSREWCVideoDownloader” using Theos

9.4.2 Compose iOSREWCVideoDownloader.h

9.4.3 Edit Tweak.xm

9.4.4 Edit Makefile and control files

9.4.5 Test

9.5 Easter eggs

9.5.1 Find the Sight in UIMenuItem

9.5.2 Historical transition of WeChat’s headers count

9.6 Conclusion

Chapter 10 Practice 4: Detect And Send iMessages

10.1 iMessage

10.2 Detect if a number or email address supports iMessage

10.2.1 Observe MobileSMS and look for cut-in points

10.2.2 Find placeholder using Cycript

10.2.3 Find the 1st data source of placeholderText using IDA and LLDB

10.2.4 Find the Nth data source of placeholderText using IDA and LLDB

10.2.5 Restore the process of the original data source becoming placeholderText

10.3 Send iMessages

10.3.1 Observe MobileSMS and look for cut-in points

10.3.2 Find response method of “Send” button using Cycript

10.3.3 Find suspicious sending action in response method

10.4 Result Interpretation

10.5 Tweak writing

10.5.1 Create tweak project “iOSREMadridMessenger” using Theos

10.5.2 Compose iOSREMadridMessenger.h

10.5.3 Edit Tweak.xm

10.5.4 Edit Makefile and control files

10.5.5 Test with Cycript

10.6 Conclusion

Jailbreaking for Developers, An Overview (By rpetrich)

Evading the Sandbox (By rpetrich)

Tweaking is the new-age hacking (By Optimo)


For any book related questions, please feel free to ask at here :wink:

1 个赞

great post
tell me how can i get this book?

It’s available at here:grinning_face_with_smiling_eyes: