-> Get signing identity
applesign -L
-> Signing app .ipa
applesign -i <signing_identity> <app.ipa> -m embedded.mobileprovision
In the case of iOS, apps are written in languages like Objective-C or Swift and are compiled directly to machine code, specifically for the processor architecture being used on the device (usually ARM). When disassembling an .ipa file, the resulting code is often displayed in assembly language specific to the iOS device's processor architecture, such as ARMv7 or ARM64 assembly. This assembly language is a low-level representation of machine code, showing the fundamental instructions that are executed directly by the processor.
On iOS, the disassembly process is typically performed using tools such as Hopper Disassembler, IDA Pro, or Ghidra, which convert machine code to assembly or other readable representation for analysis.
-> Hopper Disassembler
https://www.hopperapp.com/
https://www.hopperapp.com/tutorial.html
-> IDA Pro
https://hex-rays.com/ida-pro/
-> Ghidra
https://github.com/NationalSecurityAgency/ghidra
-> Radare2
https://github.com/radareorg/radare2
https://github.com/nygard/class-dump
-> Class-dump is a command-line tool that parses the Objective-C segment of Mach-O files, generating declarations for classes, categories, and protocols.
Mach-O files are used on Mach kernel-based systems such as macOS and iOS. They contain information needed to run programs, including executable code, data, and linking information. .ipa files, used to distribute iOS applications, are zip files that contain application components, including the executable binary, which is a Mach-O file. The Mach-O binary is the core of the application, responsible for running the software when launched on an iOS device.
-> Rename application .ipa to .zip
-> Extract the .zip
-> Get the binary file inside the folders with the application name.
./class-dump <ipa_binary>
When working with applications written in Swift, the names of symbols (such as function names, variables and types) are "mangled" (or obfuscated) to include information about their types and context. The swift-demangle tool can be used to convert these obfuscated names back into a readable format.
Extract the Swift binary from the .ipa application as described above. Use the swift-demangle tool to convert the symbol names.
Imagine we have a function in Swift with the following nomenclature.
_$s10Foundation10URLRequestV19_bridgeToObjectiveCSo12NSURLRequestCyF
Using the swift-demangle tool, we can obtain the demangled form of this function.
Foundation.URLRequest._bridgeToObjectiveC() -> __C.NSURLRequest
A common example of use would be to combine the nm binary with the swift-demangle, but you can also dump the symbols in another way and pass them to the swift-demangle to get the same result.
nm <binary> | xcrun swift-demangle