Welcome to iOS Reverse Engineering
Dive deep into the heart of iOS with this comprehensive guide to reverse engineering. From beginners to experts, there’s something for everyone. This reference provides practical tools, scripts, and techniques to analyze, understand, and dissect iOS applications.Fundamentals
Learn the essential knowledge and skills needed before starting your iOS reverse engineering journey
Setup & Tools
Get your environment ready with Ghidra, Swift demanglers, and other essential tools
Ghidra Scripts
Automate your workflow with custom Python scripts for Swift demangling and swizzling detection
Example IPAs
Practice with real-world examples showcasing various obfuscation techniques
What You’ll Learn
This reference covers the complete iOS reverse engineering workflow:Binary Analysis
Binary Analysis
- Understanding Mach-O file format
- Analyzing Swift and Objective-C binaries
- Working with stripped symbols and obfuscated code
- Identifying key sections in iOS binaries
Decompilation & Deobfuscation
Decompilation & Deobfuscation
- Using Ghidra for iOS app analysis
- Demangling Swift function names
- Detecting and analyzing method swizzling
- Understanding control flow flattening
Runtime Analysis
Runtime Analysis
- Detecting runtime manipulation techniques
- Identifying swizzled methods
- Understanding dynamic code modification
- Analyzing app behavior at runtime
Automation
Automation
- Custom Ghidra scripting with Python
- Automating symbol restoration
- Batch processing iOS binaries
- Creating reusable analysis workflows
Key Features
Custom Ghidra Scripts
Python scripts specifically designed for iOS reverse engineering workflows
Real Examples
Actual IPA files demonstrating common obfuscation techniques
Swift Support
Specialized tools for demangling and analyzing Swift code
Detection Tools
Scripts to identify swizzling and other runtime manipulation
Open Source
All scripts and examples are freely available on GitHub
Community Driven
Continuously updated with new techniques and improvements
Ghidra Scripts
This repository includes powerful Ghidra scripts to accelerate your iOS reverse engineering workflow:Swift Name Demangler
Automatically demangles Swift class, function, and variable names in your Ghidra project. This script:- Renames functions with human-readable Swift names
- Processes labels and symbols throughout the binary
- Preserves original mangled names in comments
- Works on both macOS and Linux
The Swift Name Demangler requires Swift to be installed on your machine and may take some time for larger applications.
Swizzling Detector
Detects whether an iOS app uses method swizzling and prints all references. This script identifies:method_exchangeImplementationscallsclass_getInstanceMethodusageclass_getClassMethodusagemethod_setImplementationcalls
Example Applications
Practice your skills with real IPA files showcasing various obfuscation techniques:No Tampering
Baseline application without obfuscation for comparison
Objective Swizzling
Demonstrates Objective-C method swizzling techniques
Control Flow Flattening
Shows control flow obfuscation to complicate analysis
Get Started
Check Prerequisites
Review the prerequisites to ensure you have the necessary background knowledge
Setup Your Environment
Follow the setup guide to install Ghidra and configure your tools
Community & Contributions
Join the community and help evolve the landscape of iOS Reverse Engineering. This repository is continuously updated with new information, scripts, and techniques.Explore the Wiki
The comprehensive iOS RE Wiki contains detailed guides and information for kickstarting your iOS reverse engineering journey
About This Project
Created by @lauriewired, this reference aims to make iOS reverse engineering more accessible to security researchers, developers, and enthusiasts.
