Binary file
/Users/snakeninny/Code/iOSSystemBinaries/8.1_iPhone5//System/Library/PrivateFrameworks/I
MCore.framework/IMCore matchesYou may have already guessed from the results that both IMCore and ChatKit are in charge
of iMessage related operations, but IMCore is lower level than ChatKit; ChatKit receives the
commands from the user and hands them to IMCore for processing, then IMCore passes the
result back to ChatKit for UI animation. By way of analogy, you can consider MobileSMS as a
restaurant, ChatKit as the waiter and IMCore as the cook. Can you get it?
Naturally, drag and drop IMCore into IDA and search for
“__kIMChatRegistryDidRegisterChatNotification” globally, the results are shown in figure 10-
Figure 10- 82 Occurrences of “__kIMChatRegistryDidRegisterChatNotification” in IDA
Good. Let’s double click the first row and take a look at its context, as shown in figure 10-83.
Figure 10- 83 loc_2908423E
After seeing the keyword “PostNotification”, we know the notification that ChatKit
received is right from here. Since IMChat is the 2nd argument, i.e. R3, and R3 comes from [SP,
#0x98+var_60]. You know what to do by referring to figure 10-84 and figure 10-85.