从解密的iOS应用程序可执行文件中查找常量 [英] Finding constants from a decrypted iOS app executable
问题描述
我正在尝试从iOS应用程序内部找到一个常量(类似于秘密令牌),以便使用未记录的Web API构建应用程序(顺便说一句,我不是非法的东西)。到目前为止,我在我的Mac上有解密的应用程序可执行文件(越狱+ SSH +转储解密的可执行文件作为文件)。我可以使用strings命令获取可读的字符串列表,我可以使用类转储工具( http://stevenygard.com/projects/class-dump/ )获取类的接口定义(标题)列表。虽然这让我对应用程序的内部工作有所了解,但我仍然无法找到我正在寻找的东西:我正在寻找的常数。在strings命令转储中有数千个字符串定义。有没有办法以我可以拥有NSString常量的名称及其值的方式转储字符串。我不需要方法的实现细节,我知道它已编译,我所能得到的只是汇编代码。但是,如果我可以获取字符串常量的名称(在字符串转储和类转储中)以及字符串值(在字符串转储中),我认为可能有一种方法将它们关联在一起。
I'm trying to find a constant (something like a secret token) from inside of an iOS app in order to build an app using an undocumented web API (by the way, I'm not into something illegal). So far, I have the decrypted app executable on my Mac (jailbreak + SSH + dumping decrypted executable as file). I can use the strings command to get a readable list of strings, and I can use the class-dump tool (http://stevenygard.com/projects/class-dump/) to get a list of interface definitions (headers) of the classes. Although this gives me an idea of the app's inner workings, I still can't find what I'm searching for: the constants I'm looking for. There are literally thousands of string definitions in the strings command dump. Is there any way to dump the strings in a way that I can have the names of the NSString constants with their values. I don't need the implementation details of the methods, I know that it's compiled and all I can get is assembly code. But if I can get the names of the string constants (both in strings dump and class dump) and also the string values (in strings dump), I think there may be a way to associate them together.
谢谢,
可以。
推荐答案
不幸的是,不,除非有一些我不知道的黑魔法工具,或者除非可执行文件是用调试符号构建的(可能不是这种情况)。如果有调试符号,您应该能够通过调试器运行它并获取变量名称。
Unfortunately, no, unless there's some black magic tool out there that I'm unaware of, or unless the executable was built with debug symbols (which is likely not the case). If there are debug symbols, you should be able to run it through a debugger and get variable names.
在编译时,编译器剥离常量的名称,并将代码中所有出现的常量替换为其在内存中的位置地址(这是通常与可执行文件内部相同的字节偏移量。因此,常量的原始变量命名将丢失,只留下该值。因此,你无法在任何地方找到常数的原因。
At compile time, the compiler strips off the name of the constant, and replaces all occurrences of the constant in the code with the address of its location in memory (which is usually the same byte offset as inside the executable). Because of this, the original variable naming of the constant is lost, leaving only the value. Hence, the reason you can't find the constants anywhere.
我试图找到秘密令牌的一些事情是捕获应用程序的所有数据流量创建,然后在二进制文件中查找相同的模式。如果令牌确实在那里,并且它不会以某种方式被混淆,那么至少会为你缩小它。
Something that I would do to try to find the secret token, is capture all the data traffic that the app creates, and then look for the same patterns in the binary. If the token is indeed in there, and it isn't obfuscated somehow, then at least that narrows it down for you greatly.
祝你好运! RE可以是非常有益的,但有时真的很糟糕。
Good luck! RE can be very rewarding but sometimes it really sucks.
这篇关于从解密的iOS应用程序可执行文件中查找常量的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
