iOS App Reverse Engineering: iOS App Shelling Technology

News 2023-09-11 22:25:49 views: null

In iOS reverse engineering, there is a key technology called "iOS App Decryption". Since the iOS 5 version, Apple has introduced an application encryption mechanism, which requires most applications to be shelled for reverse analysis. Therefore, developers, reverse engineers, and security researchers all need to understand this technology, because it is an essential process for iOS reversal. Let’s first look at the concepts of packing and unpacking in a broad sense.

Packing and unpacking

Packing and unpacking are concepts related to software security and reverse engineering. They are not only limited to the iOS platform, but also apply to other operating systems and platforms. They involve software protection and analysis technologies. The basic meaning of these two concepts will be introduced to you below.

Packaging

Packing refers to merging an executable file (such as an application, library file, etc.) with one or more additional shells (shells) to form a new executable file. The main purpose of this shell is to increase the security of the software, prevent unauthorized access and modification, and perform anti-debugging and anti-reverse engineering of the software. Packing technology is usually used by software developers or manufacturers to protect their intellectual property and source code.

On the Windows platform, special algorithms are used to change the encoding of EXE executable programs or DLL dynamic link library files (such as compression and encryption) to reduce file size or encrypt program encoding, or even avoid detection by anti-virus software. . Currently, the more commonly used shells include UPX, ASPack, PePack, PECompact and UPack, etc.

Unpacking

Unpacking refers to restoring a packed executable file to its original unpacked state so that it can be further analyzed, reverse engineered, or modified. Unpacking is usually used by security researchers, reverse engineers or hackers to bypass the protection mechanism of the packed software in order to obtain the internal logic of the protected software.

What is iOS shelling?

Insert image description here

 

Compared to the iOS platform, the packing process comes from Apple’s official website. iOS shelling is when a reverse engineer strips an application of its encryption protection and restores it to an unencrypted version. Through this process, reverse engineers can obtain the original binary of the application, making code analysis and modification easier. Shell smashing provides reverse engineers with the ability to delve into the inner workings of an application, but it also requires operating within a legal and ethical framework.

iOS shell smashing tool

Implementing iOS shelling usually requires the use of specific tools that can help reverse engineers analyze and decrypt application binaries. Here are some commonly used tools:

Clutch: This is a commonly used iOS shell smashing tool that can help reverse engineers automatically decrypt applications. It supports multiple CPU architectures for easy use on different devices.
dumpdecrypted: This is another popular shell smashing tool that can be run on jailbroken devices to help extract decrypted versions of apps.
frida-ios-dump: A tool based on the Frida framework that can be used to decrypt iOS applications and export unencrypted binaries.

What can you do after breaking the shell?

Once the application has been successfully shelled, the reverse engineer can do more. The specific uses of shell smashing are:

Code analysis: Reverse engineers can gain an in-depth understanding of the application's logic and algorithms by reading unencrypted code, helping developers learn new technologies.
Customized development: After shelling, developers can develop customized functions, plug-ins and extensions for the application to enrich the functionality of the application.
Modify behavior: Reverse engineers can modify the behavior of the application, such as disabling ads, bypassing paid verification, etc.
Vulnerability discovery: After shelling, security researchers can more easily analyze applications and discover potential vulnerabilities and security risks.

Example: Using Clutch for iOS Shelling

The following is an example of using the Clutch tool to crack the iOS shell:

First, make sure your iOS device is jailbroken and the Clutch tool is installed. Open a terminal and connect to your device using SSH. Run the following command to unpack the specified application:

Clutch -i

This will list all installed apps and their app IDs.

Select the application you want to unshell and run the following command:

Clutch -d 应用ID

This will start the shelling process, decrypting the app’s binaries.

After the shelling is completed, you can find the decrypted application in the specified directory.

Guess you like

Origin blog.csdn.net/zh405123507/article/details/132472843
Recommended
Ranking
ElasticSearch-- data modeling best practices
Permission Maintenance - Shadow User Backdoor
Refactor the code using MVP mode
Quantitative investment-fundamental model-PVC multi-factor model
Spark Big Data Processing Lecture Notes 3.2 Mastering RDD Operators
Blazor page components (2)
Erlernen von Kenntnissen zur Android-Entwicklung – Kodierung, Verschlüsselung, Hash, Serialisierung und Zeichensätze
About Qi high in JAVA study notes SORM summary detailed personal explanation
Will you calculate the accuracy of the rope displacement sensor in the measurement?
OPENJTAG debugging learning (3): debugging using the gdb command line
Daily
More
2024-05-01(4)
2024-04-30(36)
2024-04-29(5)
2024-04-28(12)
2024-04-27(29)
2024-04-26(22)
2024-04-25(32)
2024-04-24(30)
2024-04-23(30)
2024-04-22(5)

Code World

© 2018 codetd.com