Download Reveal SDK with any application

    Here in this post, the author indicated as one of the applications of the Reveal App "familiarity with the application written by another developer." The idea is great, because, as you know, disassembling something else is a great way to learn. You can study the interface in order to accept someone else's work (if the source code is not laid out under the contract), or to catch a bug and unsubscribe to the author of the application from the App Store. One “but” - for such actions, the Reveal SDK must be built into the application, which is almost unbelievable in the production version. And here there is a reason to put a jailbreak, which will allow you to load the desired dylib (in our case, libReveal.dylib) with any application (until it finds exceptions). The decision is not mine, the original post is here . But I have something to add to it.

    So…
    1. We set jailbreak (in the case of iOS 7, in order to get a new jailbreak from http://evasi0n.com , I had to do a full reset, restore via iTunes and reinstall jailbreak)
    2. From Cydia we install OpenSSH, MobileSubstrate (it should be installed with default repositories, if not installed, close Cydia, restart it, maybe it needs to be updated)
    3. Copy the Reveal to the device (the default password for root for freshly installed OpenSSH is alpine):
      $ scp -r Reveal.framework root@x.x.x.x:/System/Library/Frameworks
      $ scp libReveal.dylib root@x.x.x.x:/Library/MobileSubstrate/DynamicLibraries
      
    4. Create the file libReveal.plist in / Library / MobileSubstrate / DynamicLibraries / and enter the filter in it to start the library (for this it is more convenient to connect via SFTP):
      { Filter = { Bundles = ( "com.apple.MobileSMS"; "net.whatsapp.WhatsApp" ); }; }
      
      As it is written here , Bundles is an array, but if it does not work, try to leave only one bundle name, as the author of the original post. The easiest way to get the bundle name of the desired application is to complete it and see the output in Xcode (Organizer, device, Console). See something like Do Respring:
      com.apple.launchd[1] (UIKitApplication:com.tapbots.Tweetbot3[0x3811][1141]) : (UIKitApplication:com.tapbots.Tweetbot3[0x3811]) Exited: Killed: 9.
      Тут "com.tapbots.Tweetbot3" — как раз имя бандла.


      $ ssh root@x.x.x.x killall SpringBoard
      
      We launch the application that we wanted to study and watch it in Reveal.
    5. ?

    Also popular now: