id a = function(dataSource);
id b = function(a);
id c = function(b);
...
id z = function(y);
NSString *myPhoneNumber = function(z); // tail
The variable is already known, and we’re at the tail of the call chain. Reverse engineering, as
its name suggests, enables us to track from the tail back to the head. In this process we will find
out every function in this chain, so that we can regenerate the whole algorithm. In a nutshell, to
regenerate the algorithm is to record every data source (data source’s data source, and so on.
Hereafter referred to as the Nth data source) and the trace of function calls along the trip. When
the Nth data source of the variable is a determined data (say in this chapter, the Nth data source
is the SIM card), the functions between Nth data source and variable is the algorithm. Confused?
It’ ll become clearer after this example.
- Find the UI function of the top cell
Figure 6-16 MVC design pattern, taken from Stanford CS 193P
According to MVC design pattern (as shown in figure 6-16), M stands for model, namely,
the data source, which is unknown; V stands for view, namely, the top cell, which is known; C
stands for controller, which is unknown. M and V has no direct relations, while C can directly
access both M and V, hence is the communication center of MVC. If we can make use of the
known V to acquire C, can’t we access M via C to get the data source? This method is logically
accessible, is it practicable?
Based on my professional experiences so far, getting C from V is 100% doable; the key is the
public method [UIResponder nextResponder], which has the same position to
recursiveDescription in my heart. Its description is: