Help/Support We can't clutch stock Apple apps?

[osakaboy 0 10]

Hi

 

Wow what an amazing forum this is. I am relatively new to pen-testing and stumbled upon this forum via googling clutch/class-dump-z etc.

 

I have been successful with clutch, class-dump, gdb, etc but some details elude me.

 

1. Clutch doesn't list stock Apple apps so how are we supposed to clutch them? Via grep PID? 

 

2a. All of this pen-testing produces only class header methods and property names etc? What about the REAL data that's in the methods defined in the .m files such as domain addresses, beacon UIDs, method definitions etc?

 

2b. So gdb gives us @selector names which are the names of the functions/methods but how are we supposed to work with the function names if we don't have the method definition? 

 

 

I was sort of disappointed with the results of my first days of pen-testing because I thought I could learn more about coding via dumped .m files where all the valuable syntax is located.  It was the whole point of starting to learn pen-testing. 

 

Are there any tools to view the actual code of a binary? Btw, all this stuff is fine for Obj-C but what about Swift binaries? Cycript is the way to go?

 

I've been reading tons of tutorials on iOS security but a lot of them seem to pre-date iOS 8. Some say use class-dump, some say use class-dump-z etc. Are there any current tutorials that are super thorough from basic of clutch all the way up to hooking into runtime?

 

Thanks

 

 

[Diversityy 32.3k iPhone 7 Plus 10.2]

Hi

 

Wow what an amazing forum this is. I am relatively new to pen-testing and stumbled upon this forum via googling clutch/class-dump-z etc.

 

I have been successful with clutch, class-dump, gdb, etc but some details elude me.

 

1. Clutch doesn't list stock Apple apps so how are we supposed to clutch them? Via grep PID? 

 

2a. All of this pen-testing produces only class header methods and property names etc? What about the REAL data that's in the methods defined in the .m files such as domain addresses, beacon UIDs, method definitions etc?

 

2b. So gdb gives us @selector names which are the names of the functions/methods but how are we supposed to work with the function names if we don't have the method definition? 

 

 

I was sort of disappointed with the results of my first days of pen-testing because I thought I could learn more about coding via dumped .m files where all the valuable syntax is located.  It was the whole point of starting to learn pen-testing. 

 

Are there any tools to view the actual code of a binary? Btw, all this stuff is fine for Obj-C but what about Swift binaries? Cycript is the way to go?

 

I've been reading tons of tutorials on iOS security but a lot of them seem to pre-date iOS 8. Some say use class-dump, some say use class-dump-z etc. Are there any current tutorials that are super thorough from basic of clutch all the way up to hooking into runtime?

 

Thanks

What do you mean by "actual code"? There's thing called IDA which lets you encrypt the binary. That is how we hack.

[osakaboy 0 10]

Ok well IDC/IDA is all new to me. I don't want to do any hacking per se. I just want to view the original code that was created with the IDE. Is the closest we can get the header files with class-dump?

 

Also how do we clutch stock Apple apps?

[Tricerariel 467 iPhone 5 10.2.1]

Ok well IDC/IDA is all new to me. I don't want to do any hacking per se. I just want to view the original code that was created with the IDE. Is the closest we can get the header files with class-dump?

 

Also how do we clutch stock Apple apps?

so like your gonna make an stock.ipa and put it in appstore 

[osakaboy 0 10]

so like your gonna make an stock.ipa and put it in appstore 

HaHa and make billions$.

 

I guess no one on iOS Gods is actually a god then  

 

No one is going to teach me how to clutch stock apps?

Updated October 10, 2015 by osakaboy

[castix 18.5k iPhone X 12.1.1]

Who's this noob DiDA you're talking about?

 

Jk

 

Class Dump is the closest you can get like in every Windows form application.

 

The latest Class Dump is classdump-dyld from limneos for iOS 8.

 

You can't see the stock apps in Clutch because they are not listed as mobile. The permissions are still on root however you can try to clutch the executable name of the stock app or try Flex 2 which displays them also.

[KingRalph 816 9.3.5]

@osakaboy

All the .m and source files are compiled into a binary.

If you want the code, you can only reverse engineer it with clutch and read the ARM instructions (using IDA) in the decrypted binary.

Decrypting & Disassembling the binary and getting the source code in plain text is just not possible.

Updated October 10, 2015 by KingRalph

[osakaboy 0 10]

@osakaboy

All the .m and source files are compiled into a binary.

If you want the code, you can only reverse engineer it with clutch and read the ARM instructions (using IDA) in the decrypted binary.

Decrypting & Disassembling the binary and getting the source code in plain text is just not possible.

So to clarify we CAN read the .m source code by using clutch then using IDA?  Are the ARM instructions the same as the method definitions? i.e. the code the programmer wrote?

Who's this noob DiDA you're talking about?

 

Jk

 

Class Dump is the closest you can get like in every Windows form application.

 

The latest Class Dump is classdump-dyld from limneos for iOS 8.

 

You can't see the stock apps in Clutch because they are not listed as mobile. The permissions are still on root however you can try to clutch the executable name of the stock app or try Flex 2 which displays them also.

But how do you clutch the executable if its number value i.e. 1-23 isn't listed in clutch? i.e. "clutch 2". And are you saying I should use classdump-dyld instead of the older class-dump tools? Classdump-dyld is specifically written for iOS 8?

[KingRalph 816 9.3.5]

So to clarify we CAN read the .m source code by using clutch then using IDA?  Are the ARM instructions the same as the method definitions? i.e. the code the programmer wrote?

Absolutely not. 

The closest you can get to the source code is reading the binary's ARM processor code.

You cannot read the code in plain objective c code.

If you want to find out more info about the app's code, you can debug it using FLEXible.

[castix 18.5k iPhone X 12.1.1]

But how do you clutch the executable if its number value i.e. 1-23 isn't listed in clutch? i.e. "clutch 2". And are you saying I should use classdump-dyld instead of the older class-dump tools? Classdump-dyld is specifically written for iOS 8?

I don't think it has to be listed when you type Clutch "Binaryname". Clutch 1.4.7 has it I believe. Anyway I read somewhere that you don't need to crack the stock apps to use class dump

 

Yea cd-dyld is faster and does not generate errors because of some iOS 8 structures.