如何反编译iOS应用程序？ [英] How to decompile iOS apps?

问题描述

我想查看一个iOS应用程序的代码。

我下载的应用程序是.deb。

第一个问题：是否可以在iOS上安装.deb文件，或者我下载了错误的文件？

解压缩.deb文件后，我得到了一些文件，包括.nib，.storyboard和其他一些文件。

我的主要问题是，如何反编译这些.nib文件。文件？

我尝试使用NibToXibConverter来反编译这些文件，但是我没有成功。

解决方案

回答第一个问题：

我认为您下载了错误的文件。 iOS的 .deb 文件在越狱社区中很常见，而在应用程序中则不常见，我认为所有Cydia的内容都打包在 .deb 。如果您的应用程序是专门为越狱场景制作的，则可以尝试使用 Cydia在越狱设备上的自动安装功能。

回答您的主要问题：

^{这是有关反编译和修改iOS应用程序的常规信息（并非特定于笔尖，但您可能仍会发现它有用）。}

iOS应用程序发布在 .ipa 存档中，这些存档是普通的zip存档。它们通常包含一个Mach-O文件形式的可执行文件，以及 .plist 之类的资源，声音，图像-您包含在xcode项目中的每个资源。仅在越狱的iDevice上才可以对可执行文件进行反编译，因为它特别针对当前设备进行了加密，并且解密二进制文件的魔术密钥已在设备CPU内燃烧，据我所知，没有软件可以读取该密钥。这里的加密系统称为 FairPlay 。

<简而言之，解密该二进制文件的一种方法是将应用程序安装在越狱的设备上，然后使用可从Cydia下载的调试器（gdb）从命令行启动该应用程序。您必须在某个地方设置一个断点，并且当代码执行在断点处暂停时，您正在对设备ram进行内存转储-这就是您解密的bin。

因此，如果您拥有解密的二进制文件，则可以运行一个名为 class-dump的工具，如果应用程序是用目标C编写的，则可以获取已声明的类及其方法的信息。一旦知道了这些信息，就可以更改实现应用程序中使用 Cydia Subtstrate（又称为 Mobile Substrate）的类中给定方法的定义。实际上，这就是进行所有越狱的iOS调整的方式。基本上，您要挂接到一个方法调用，并且当该方法被调用时，它会使用您的实现。此外，您的实现可以调用原始实现，如果您想添加一些小的代码，这真的很有用。

我不确定在Swift中是否可以实现这些功能，但是，如果您正在处理混合应用程序（例如使用cordova，phonegap等完成的混合应用程序），则可以看到其所有javascript源，因为它作为资源永久保存在 ipa文件中。此外，如果您有越狱设备，还可以直接更改该javascript代码，并找到应用程序在文件系统上的安装位置（通常为 / var / containers / Bundle / Application / uuid_for_your_app / ）。但是，我认为没有办法获得该补丁的版本并重新分发它（如果我错了，请纠正我）。

I want to see the code of an iOS app.

The app I downloaded is .deb.

First question: Is it possible to install .deb file on iOS or I downloaded a wrong file?

After unpacking the .deb file, I got some files, including .nib, .storyboard and some other files.

My main question is, How to decompile these .nib files?

I tried to decompile these files using NibToXibConverter, but I didn't succeed.

解决方案

Answer to your first question:

I think you downloaded the wrong file. .deb files for iOS are common for jailbreak community and not for apps, I think all of the Cydia stuffs are packed into .deb's. If your app is especially made for the jailbreak scene then you may try to install it using Cydia's auto install feature on a jailbroken device.

Answer to your main question:

^{This is general info about decompiling and modifying iOS apps (not specific for nibs, but you may still find it useful).}

iOS apps are distibuted in .ipa archives, which are ordinary zip archives. They contain, usually one executable in the form of Mach-O file, and resources like .plist, sounds, images - every resource you include in your xcode project. Decompiling the executable file is only possible on jailbroken iDevice, because it is encrypted especially for the current device and the magic key to decrypt the binary is burned inside the device CPU and as far as I know there is no software way to read that key. The encryption system here is called FairPlay.

Briefly described, one way to decrypt that binary is to have the app installed on a jailbroken device, and launch it from command line using a debugger (gdb) which you can download from Cydia. You have to set a breakpoint somewhere, and when your code execution pauses at the breakpoint, you are doing a memory dump of the device ram - and that is your decrypted bin.

So when you have the decrypted binary, you can run one tool called "class-dump", and get the information for declared classes and their methods if the app is written in Objective C. Once you know this information you can alter the implementation of given method from some class used in your app using "Cydia Subtstrate" a.k.a "Mobile Substrate". In fact that is the way all of the jailbroken iOS tweaks are made. Basically you are hooking a method call, and when that method get invoked, it uses your implementation. Furthermore your implementation can call the original implementation, and that is really useful if you want to make some small code addition.

I am not sure whether those things possible in Swift, but if you are dealing with a Hybrid app like the ones done with cordova, phonegap, etc., then you can see all of its javascript source because it is persisted as a resource inside the "ipa" file. In addition you can alter that javascript code directly if you have a jailbroken device and find where the app is installed on file system (usually /var/containers/Bundle/Application/uuid_for_your_app/). However, I think there is no way to get that patched version and redistribute it (correct me if I'm wrong).

这篇关于如何反编译iOS应用程序？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！