Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Reverse Engineering iOS Apps

Reverse Engineering iOS Apps

Talk given at Swift Language User Group in SF on 20 August 2015

If you've ever needed to know how another piece of code works, or if you've ever been at the mercy of someone else's bugs – you can always look at the source code... unless you don't have it. I'll be giving an introduction to the art of reverse engineering on iOS and OS X, including Swift apps. I'll be cover sniffing network traffic as well as static and dynamic analysis, with tools like Charles, cycript, IDA, Hopper and class-dump.

Conrad Kramer

August 20, 2015

More Decks by Conrad Kramer

Other Decks in Programming


  1. Frame the ques,on Why does this bug occur? What component

    do they use in their UI? What does the app's REST API look like?
  2. What is in the Ly, app? • Metadata • Assets

    • Executable (Encrypted) • Lots of frameworks (Encrypted)
  3. What can we work with? • When it is running

    • Network traffic • Injec6ng code • When it isn't running • Inspec6ng the binaries
  4. Cycript JavaScript/Objec/ve-C hybrid Interact with the app using the REPL,

    live: var application = [UIApplication sharedApplication]; [application openURL:[NSURL URLWithString:@"https://google.com"]];
  5. Looking at -applica.on:openURL: _TZFV4Lyft15DeepLinkManager13handleOpenURLfMS0_FC So5NSURLSb • _T -> Swi( symbol

    • F -> Func3on • 4Lyft -> Module name • A lot more informa3on (see Mike Ash's Friday Q&A)
  6. Looking at -applica.on:openURL: var url = NSURL(string: "lyft://") var manager

    : Lyft.DeepLinkManager = ... manager.handleOpenURL(url)
  7. Looking at Ly+.DeepLinkManager • DeepLinkRequest • DeepLinkable • DeepLinkToRide •

    DeepLinkToHelp • DeepLinkToSe6ngs • DeepLinkToDriveMode • etc.