The objc_helper script we presented earlier in Objective-C Reversing Part I has been updated. Check the new version in Zynamics’ GitHub. This is a summary of the main changes and fixes:
- Fixed a problem when tracking R0 register that was modified by previous calls. Now if the script is tracking R0 and finds a BX/BLX, it assumes that is modifying R0 and stops, marking the tracking as failed.
- Changed the way the script parses the data references so it works both with release and debug binaries. Instead of getting the raw offset we now use recursive calls to idautils.DataRefsFrom(). For the references to work properly we had to make a pre-process converting all dwords to offsets in the classrefs and superrefs sections (similar to the offsetize() used by KennyTM).
- In some cases, compiler can decide to use LR as a general register so the search for R0..R15 fails. Now the script includes the handling of this special case.
- Added check of Thumb/non-Thumb code for patching the calls correctly.
- Fixed bug that was getting the incorrect parameters for other flavours of msgSend(). Now it should be easier to add others.
Thanks a lot to everybody that reported bugs, and also to the betatesters!
Soon we will come with the Objective-C reversing part II with more improvements and details on static analysis. Stay tuned!
[…] phun on Mac OS X By Vincenzo Iozzo A few posts ago Jose showed a script to clean-up ARM iPhone binaries. The x86 counterparts suffer from the same […]