issuhub.com

Microsoft Word - iOSAppReverseEngineering.docx

(Romina) #1 
* thread #1: tid = 0x19052, 0x30230668 IMCore`IMChatCalculateServiceForSendingNewCompose

+ 688, queue = 'com.apple.main-thread, stop reason = breakpoint 6.1

frame #0: 0x30230668 IMCore`IMChatCalculateServiceForSendingNewCompose + 688

IMCore`IMChatCalculateServiceForSendingNewCompose + 688:




  • 0x30230668: blx 0x302a03b0 ; symbol stub for: objc_msgSend
    0x3023066c: mov r5, r0
    0x3023066e: add r0, sp, #44
    0x30230670: mov r1, r5
    (lldb) po $r2
    <__NSArrayM 0x17820560>(
    tel:+86PhoneNumber
    )





OK, we can now turn back to Cycript to verify our assumption:


FunMaker-5:~ root# cycript - p MobileSMS

cy# [[IDSIDQueryController sharedInstance]

_currentIDStatusForDestinations:@[@"mailto:[email protected]",

@"mailto:[email protected]", @"tel:bbs.iosre.com", @"mailto:bbs.iosre.com",

@"tel:911", @"tel:+86PhoneNumber"] service:@"com.apple.madrid"

listenerID:@"__kIMChatServiceForSendingIDSQueryControllerListenerID"]

@{"tel:bbs.iosre.com":2,"mailto:[email protected]":1,"tel:911":2,"mailto:bbs.iosre.co

m":2,"mailto:[email protected]":1,"tel:+86PhoneNumber":1}

Aha, the output clearly supports our statements: 2 iMessage supportive emails and 1


iMessage supportive phone number all return 1, while the other 3 iMessage unsupportive


addresses return 2. What’s more, we know the code name of iMessage is “Madrid”. Mission


complete! Cheers!


10.3 Send iMessages


Through the baptism of section 10.2, I believe many of you may share the same feeling with


me: debugging with LLDB step by step is of course rigorous and precise, but the workload along


with it is overwhelmingly heavy. Reverse engineering is full of error checks, don’t be afraid of


making mistakes. In this section, we’ll jump out and step up with wild guesses to achieve our


goal; we’ll try to avoid massive analysis with LLDB, instead make use of class-dump to filter


suspicious methods, and test them with IDA and Cycript to finally achieve our goal of sending


iMessages.


10.3.1 Observe MobileSMS and look for cut-in points


In comparison with detecting iMessages, cut-in point of sending iMessages is more


noticeable. In figure 10-55, the bold blue “Send” button is Apple’s gift for this section.

Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.