Figure 10- 3 Real conversion from dataSource to placeholder
dataSource must be converted multiple times to become placeholder, their relationship is
very intricate. If we start from dataSource, how can we know which of the 4 routines leads to
placeholder? Under such circumstance, because there is only one placeholder, it’s more efficient
and doable to start from placeholder and trace back to dataSource to reproduce the whole
process.
In conclusion, the ideas of this practice are: first use Cycript to locate placeholder, then trace
the Nth data source of placeholder using IDA and LLDB, until we get dataSource. Finally
reproduce the process of how dataSource becomes placeholder. Looks as easy as a regular 3-step
job? Actions not only speak louder than words, but also implement harder than words, you’ll
feel it soon.
10.2.2 Find placeholder using Cycript
Open MobileSMS and create a new message; enter “bbs.iosre.com” as the address and then
tap “return” on keyboard to end editing, as shown in figure 10-4.