I'm assuming that you are using our dear Kali Linux, but this works almost the same way in Windows and Mac OSX. IDA Pro is available for Linux, Mac OSX and Windows, while Hopper is officially available only for Mac OSX and Linux. I'm going to use HxD (supported by wine, the windows emulator) on Linux. The software I'm going to use for the demonstration is Interactive Disassembler, better known as IDA Pro (though I'm going to mention Hopper Disassembler's extremely useful features).įor the tutorial, demo version of IDA is enough, though one part of the article requires a hex editor to save you work (don't worry, I got you covered if you don't have one). So we are mostly talking about Reverse Engineering. The uses are infinite and go from games mods to decrypt obfuscated code, patch security holes, backdooring and iOS applications modding. In some special cases updates may knowingly break the functionality, for instance, by removing components for which the update provider is no longer licensed or disabling a device. This includes fixing security vulnerabilities and other bugs, and improving the usability or performance. Here I'm quoting the definition of "patch" from Wikipedia, evading any eventual misunderstanding:Ī patch is a piece of software designed to update a computer program or its supporting data, to fix or improve it. Some of you probably know what I'm talking about, but might not know how far can we go with binary patching. Today I'm going to talk about binary patching and why this is an important piece of computer knowledge. If you prefer to read C code, you can get a C-like decompilation of the procedure by pressing Option-Return, or clicking Pseudo Code in the toolbar.What if the code you are trying to reverse engineer is obfuscated or somehow corrupted? What if no way is left? Here comes what I like to call (wrongly and ironically) the "brute force of reverse engineering".īefore I even start, as always, I wanted to apologize for any unclear part of the article, due to eventual wrong english grammar or basic concepts errors. You can scroll around, zoom in and out, and even drag the components to different places to get the best view of what's going on. Press the space bar or click Show CFG while in the procedure, and Hopper breaks it into its component pieces and shows it in a separate window: If control flow is what we're interested in, we can get a really nifty graph view of the procedure. Hopper inserts arrows like these to show control flow, which makes it much easier to follow code. If you scroll down a bit, you'll notice a blue arrow pointing from the je 0x10000197A instruction to its target. Select either the symbol name or the first byte underneath it and mark it as a procedure by pressing the P key (again, no Command key) or clicking Mark As Procedure in the toolbar. The contents of this method start off as "unexplored", so they're displayed as raw bytes. The one that starts with objc_sel_ is a symbol for the selector, which is less interesting. The one which starts with methImpl_ is the one we want. Press shift-N (no Command key here, Hopper's key commands are a bit eccentric) to get a symbol search window. It's annoying to scroll around searching for it, but of course Hopper knows all about the symbols in your app. Let's find the initWithName:number: method. Fortunately, it's really easy to tell it how to interpret something. In particular, it doesn't identify Objective-C methods as code. It makes some effort to pick out code and treat it as code, but doesn't get everything right. Fundamentally, some sections of the executable are code and some are data, but you can have Hopper interpret any part in any way. Hopper fundamentally treats all bytes in the executable equally. Tell Hopper to open the executable created from the above code, and it will load it and perform some preliminary analysis: These documents can be saved separately, preserving any comments or annotations you've added from one session to the next.Ĭlick Read Executable in the toolbar or select it from the File menu to get started. Hopper has a concept of documents separate from the binaries you inspect. When you first start Hopper, you get a blank document window. clang -framework Cocoa -fobjc-arc test.m #import M圜lass : NSObject
0 Comments
Leave a Reply. |