close IDA immediately, and never open it again. This perplexed feeling is similar to the first time
when you write code. In fact, it is like every project needs a main function, in iOS reverse
engineering, we also need to specify the entry function that we are interested in. Double click
this entry function in function window, main window will show the function body, then select
main window and press space key, the main window will become much clearer and more
readable as shown in figure 3-35.
Figure 3- 35 Graph view
There are 2 display modes in main window, i.e. graph view and text view, which can be
switched by space key. Graph view focuses on the logics; you can use control button and mouse
wheel on it to zoom in and out. Graph view provides intuitive visualization of the relationship
among different subroutines. Execution flows of different subroutines are presented by lines
with arrows. When there’s a conditional branch, subroutine that meets the condition will be
connected with green line, otherwise with red line; for an unconditional branch, the next
subroutine will be connected with blue line. For example, in figure 3-36, when the execution
flow comes to the end of loc_1C758, it judges whether R0 is equal to 0, if R0 != 0, the condition
of BNE is satisfied, it will branch to the right, otherwise it will branch to the left. This is one
difficult point of IDA; it will be explained again and again in the following examples.