{
if (arg3 == clear) Get7Up();
else if (arg3 == orange) GetMirinda();
return GetRegular(arg2);
}array GetDrinks(sugar arg1, color arg2) // UIFunction
{
drink coke = GetCoke(arg1, 100, arg3);
drink pepsi = GetPepsi(arg1, 105, arg3);
return ArrayWithComponents(coke, pepsi)
}We don’t want to be served with coke and pepsi at the same time (you can regard them as
UI functions). If we only want to drink 7Up (data), we need to find Get7Up (target function
which generates the data); if we want to know how Zero is made (function), we need to find
MakeZero (target function which provides function). Actually, the “nest” of nested called
functions are also consists of chains, so if we can get to know any link of the chain, we can
regenerate the whole chain by reverse engineering, and the tools we mainly use are IDA and
LLDB. Let’s continue with the previous 2 examples to learn how to find target functions of
“compose email” and “get my number” by referring to [ComposeButtonItem
_sendAction:withEvent:] and [PhoneSettingsController tableView:cellForRowAtIndexPath:].
- Look for the target function of “compose email”
Drag and drop MobileMail in IDA, and search [ComposeButtonItem
_sendAction:withEvent:] in functions window, as shown in figure 6-18.
Figure 6-18 [ComposeButtonItem _sendAction:withEvent:] is not found
Where is [ComposeButtonItem _sendAction:withEvent:]? Now that ComposeButtonItem
doesn’t implement this method, it’s supposed to be implemented in its super class. Open
ComposeButtonItem.h and see which class it inherits from:
@interface ComposeButtonItem : LongPressableButtonItem