Figure 10- 55 “Send” button
We can send an iMessage by pressing “Send”, and the whole process will be animated on
UI. Like what we did in section 10.2, let’s consider how to turn clues on UI into ideas in reverse
engineering:
“Send” button is supposed to be a UIView object, or more specifically and possibly, a
UIButton object; we press this button to call its response method; overall response actions
include refreshing UI, sending the iMessage, adding a sending record and so on. That’s to say,
the action of sending iMessages is only a subset of all response actions.
In “New Message” view, our inputs include recipient addresses and message contents,
they’re the original data source. Since we can get all response actions, and the action of sending
iMessages is supposed to take the original data source as arguments, so they can be references
for us to filter the action of sending iMessages out of all response actions. Unlike what we’ve
done in the last section, which was tracing back from tail to head, in the following sections,
we’re tracing from head to tail, showing you another common scenario of iOS reverse
engineering.
In a nutshell, our thoughts are: first uncover response method of “Send” button with
Cycript, then overview all response actions with IDA and class-dump, as well filter those
suspicious methods out. Finally, test the filtered methods and locate our target.