issuhub.com

Microsoft Word - iOSAppReverseEngineering.docx

(Romina) #1 
Preferences`-[PSListController tableView:cellForRowAtIndexPath:] + 972:




  • 0x317aa9b0: movw r0, #60822
    0x317aa9b4: mov r2, r11
    0x317aa9b6: movt r0, #1736
    0x317aa9ba: add r0, pc
    (lldb) po [$r6 detailTextLabel]
    <UITableViewLabel: 0x15f7e490; frame = (0 0; 0 0); userInteractionEnabled = NO; layer =
    <_UILabelLayer: 0x15fd1c90>>
    (lldb) ni
    ......
    Process 268587 stopped






  • thread #1: tid = 0x4192b, 0x317aa9c0 Preferences-[PSListController tableView:cellForRowAtIndexPath:] + 988, queue = ‘com.apple.main-thread, stop reason = instruction step over frame #0: 0x317aa9c0 Preferences-[PSListController
    tableView:cellForRowAtIndexPath:] + 988
    Preferences`-[PSListController tableView:cellForRowAtIndexPath:] + 988:





  • 0x317aa9c0: blx 0x31825f04 ; symbol stub for:
    ____NETRBClientResponseHandler_block_invoke
    0x317aa9c4: movw r0, #4312
    0x317aa9c8: movt r0, #1737
    0x317aa9cc: add r0, pc
    (lldb) po [$r6 detailTextLabel]
    <UITableViewLabel: 0x15f7e490; frame = (0 0; 0 0); userInteractionEnabled = NO; layer =
    <_UILabelLayer: 0x15fd1c90>>
    (lldb) ni
    Process 268587 stopped






  • thread #1: tid = 0x4192b, 0x317aa9c4 Preferences-[PSListController tableView:cellForRowAtIndexPath:] + 992, queue = ‘com.apple.main-thread, stop reason = instruction step over frame #0: 0x317aa9c4 Preferences-[PSListController
    tableView:cellForRowAtIndexPath:] + 992
    Preferences`-[PSListController tableView:cellForRowAtIndexPath:] + 992:





  • 0x317aa9c4: movw r0, #4312
    0x317aa9c8: movt r0, #1737
    0x317aa9cc: add r0, pc
    0x317aa9ce: ldr r0, [r0]
    (lldb) po [$r6 detailTextLabel]
    <UITableViewLabel: 0x15f7e490; frame = (0 0; 0 0); text = ‘+86PhoneNumber’;
    userInteractionEnabled = NO; layer = <_UILabelLayer: 0x15fd1c90>>





Obviously, my number appears after objc_msgSend at 0x317aa9c0. Because 0x317aa9c0 -


0x6db3000 = 0x2A9F79C0, we can locate this address in IDA, as shown in figure 6-41.


Figure 6-41 The configuration objc_msgSend


As it name suggests, this method refreshes the cell contents with something specific. Let’s


uncover this “something specific”: set a breakpoint at this objc_msgSend, then trigger it and


print its argument:


(lldb) br s -a 0x317AA9C0

Breakpoint 11: where = Preferences`-[PSListController tableView:cellForRowAtIndexPath:]

+ 988, address = 0x317aa9c0

Process 268587 stopped
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.