issuhub.com

Microsoft Word - iOSAppReverseEngineering.docx

(Romina) #1

nothing is more appropriate than Apps. As a result, in the following sections, we will take Apps


as examples, and try to refine “locate target functions” with ARM level reverse engineering, as


well enhance the methodology of writing a tweak.


6.2.1 Cut into the target App and find the UI function


For an App, what we’re interested in are regularly presented on UI, which exhibits


execution processes and results. The relationship between function and UI is very tight, if we


can get the UI object that interests us, we can find its corresponding function, which is referred


to as “UI function”. The process of getting the programmatic UI object of our interested visual


UI control object, then further getting the UI function of the programmatic UI object is usually


implemented with Cycript, with the magic private method “recursiveDescription” in UIView


and the undervalued public method “nextResponder” in UIResponder. In the rest of this


chapter, I will explain this process by taking Mail as the example to summarize the


methodology, and then apply the methodology to MobilePhoneSettings to give you a deeper


impression. All the work is finished on iPhone 5, iOS 8.1.



  1. Inject Cycript into Mail


Firstly use the skill mentioned in section “dumpdecrypted” to locate the process name of


Mail, and inject with Cycript:


FunMaker-5:~ root# ps -e | grep /Applications

363 ?? 0:06.94 /Applications/MobileMail.app/MobileMail

596 ?? 0:01.50

/Applications/MessagesNotificationViewService.app/MessagesNotificationViewService

623 ?? 0:08.50 /Applications/InCallService.app/InCallService

713 ttys000 0:00.01 grep /Applications

FunMaker-5:~ root# cycript -p MobileMail


  1. Examine the view hierarchy of “Mailboxes” view, and locate “compose”


button


The private method [UIView recursiveDescription] returns the view hierarchy of UIView.


Normally, the current view is consists of at least one UIWindow object, and UIWindow inherits


from UIView, so we can use this private method to examine the view hierarchy of current view.


Its usage follows this pattern:


cy# ?expand

expand == true
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.