Hi there,
I’m new to reverse engineering world, so this might be a silly question. Anyway, I’m trying for a few days to successfully implement this without success.
I’m trying to discover how an application creates a checksum that is sent on every request to a remote server. I’ve already decrypted the application with dumpdecrypted, dumped the classes with class-dump-z and disassembled the code both in IDA Free and Hopper. I found where is the point that I need to hook:
__attribute__((visibility("hidden")))
@interface Util : NSObject {
}
+(id)gerarcheckSum:(id)sum;
}
Inside this method, there are calls to this other one:
__attribute__((visibility("hidden")))
@interface JFBCrypt : NSObject {
int* _p;
int* _s;
}
+(id)generateSaltWithNumberOfRounds:(long)rounds;
+(id)hashPassword:(id)password withSalt:(id)salt;
+(int*)integerArrayWithOriginal:(int*)original ofLength:(long)length;
+(long)streamToWord:(id)word off:(int*)off;
+(id)decode_base64:(id)a64 ofMaxLength:(long)maxLength;
+(BOOL)char64of:(unsigned short)of;
+(id)encodeData:(id)data ofLength:(long)length;
+(id)bCrypt;
-(id)hashPassword:(id)password withSalt:(id)salt rounds:(long)rounds;
-(void)enhanceKeyScheduleWithData:(id)data key:(id)key;
-(void)key:(id)key;
-(void)initKey;
-(void)encipher:(int*)encipher off:(long)off;
-(void)dealloc;
@end
Based on the disassembled code (available here), I think I might need to hook the “hashPassword:withSalt:” to dump the passed parameters. The problem is, when I attach to process using cycript, although I can find the class, I can’t find any instance of JFBCrypt:
cy# JFBCrypt
JFBCrypt
cy# choose(JFBCrypt)
[]
Another question that I was wondering, is it possible to determine which parameters are passed to this method with only static tools like IDA, or a dynamic analysis tool like Cycript is required?
Thanks in advance,
a newbie reverser
Thanks again