Awesome
IDAObjcTypes
A collection of (public and private) types and functions definitions useful for iOS/macOS binaries analysis.
Why even?
Would you rather re-define the same functions or types over and over as you work with different binaries?
Usage (IDA Pro 8+)
- Go to
File > Load file > Parse C header file
then chooseIDA.h
to import everything at once. Or, run this IDA command:idaapi.idc_parse_types("/path/to/IDAObjcTypes/IDA.h", idc.PT_FILE)
. - Copy
IDA.til
andIDA32.til
totil
folder inside IDA application directory. - In IDA Pro, open
Type Libraries
window viaView > Open subviews > Type libraries
or pressShift + F11
. - Right-click the type list and select
Load type library...
. - Select
IDA
(orIDA32
if you target 32-bit binaries) and clickOK
button.
TIL created via this command:
tilib -c -hIDA.h IDA.til -D__EA64__ -P -tIDAObjcTypes
tilib -c -hIDA.h IDA32.til -P -tIDAObjcTypes32
Usage (IDA Pro 7)
Go to File > Load file > Parse C header file
then choose IDA.h
to import everything at once.
Or, run this IDA command: idaapi.idc_parse_types("/path/to/IDAObjcTypes/IDA.h", idc.PT_FILE)
Usage (Binary Ninja)
- Go to
Analysis > Import Header File...
. - In
Header File(s)
, browse forIDA.h
in this project. - In
Compiler Flag(s)
, add-D__EA64__ -D__BINJA__
. - Click
Import
button.
Usage (Ghidra)
- Go to
File > Parse C Source
. - (Go to 6. if it's not the first time you do this) Clone
objc_mac_carbon.prf
profile into a new profile, calledOBJC.prf
, for example. - Remove everything in
Source files to parse
, and addIDA.h
in this project to the list. - Add two additional flags:
-D__EA64__ -DGHIDRA
to Parse Options. - Save
OBJC.prf
profile as you might use it later. - Click
Parse to Program
, clickProceed
if anything pops up. - Check
Data Type Manager
window (at bottom-left), (long) right-click at<your-binary-name>
and selectApply Function Data Types
.
Ghidra limitation
You have to manually specify the size of enum members if what you get is incorrect.
iOS version-specific analysis
Uncomment // #define IOS14
inside IDA.h
before you import it if you are reversing iOS 14 or lower binaries.
Included Frameworks/Libraries
More to be added as the owner reverses more binaries.
- AppSupport
- AssetsLibraryServices
- AudioToolbox
- AVFCapture
- AVFoundation
- CommonCrypto
- CoreAnimation
- CoreAudio
- CoreFoundation
- CoreGraphics
- CoreMedia
- CoreServices
- CoreText
- CoreVideo
- CydiaSubstrate (if you ever want to RE tweaks)
- Darwin
- Foundation
- GraphicsServices
- IOMobileFramebuffer
- IOKit
- IOSurface
- Kernel
- MediaRemote
- MobileGestalt
- PowerLog
- Security
- SoftLinking
- SpringBoard
- SpringBoardHome
- Swift (WIP, PRs welcome)
- System (libSystem)
- SystemConfiguration
- UIKit
- dyld
- icu
- objc
- os
- pthread
- sandbox
- sqlite
- xpc
- fishhook