# dumpdecrypted in LLDB

Just saw this on @everttjf blog, and according to the literature, iOS Hacking Guide, to dump the decrypted binary via LLDB is rather simple.

You just need a jailbreak device with debugserver running on it, and the cryptsize, cryptoff of that executable file. You may use otool to retrieve the cryptsize, cryptoff. That's all.

# Monitoring Ivar Changes in Objective-C

As we've mentioned in the last post, Protection against Message Forward in Objective-C, there're at least two tools for tracing the calling sequence of the methods,

However, they just cannot handle it in the scene below,

@interface ProtectedClass : NSObject {
@public
}
@end
/// ...omited...
ProtectedClass * obj = [[ProtectedClass alloc] init];
obj->_password = @"喵咕咪~"; // directly access, undectectable in BigBang or ANYMethodLog
[obj setPassword:@"喵"]; // BigBang or ANYMethodLog dectectable
/// ...omited...


Because it's not necessarily to call getter or setter in Objective-C when access or change an ivar. Since Objective-C is just a superset of C, so the object (or instance) in Objective-C acts pretty much like the struct in C. You can directly access its member if you have the memory address. Let's check out what happens when compiling.

Here is our code, written in Objective-C, and it's probably quite often to be seen in your projects.

# Protection against Message Forward in Objective-C

### A Brief Review

Runtime is one of the powerful features of Objective-C, it provides us the ability to add/replace a method of some class, retrieve/set the implementation of a specified method, and even add a class in runtime.

However, just like the sunlight shines not only on the good guys, but also on the bad ones. There are some tools in iOS Jailbreak community which take the advantage of Objective-C's runtime feature, to be specific, the ability of message forward. Within this feature, they can log the calling sequence of the methods in the application for further exploitation. And it's not that hard to inject such tools into your application, since there are many ways such as DYLD_INSERT_LIBRARIES or modifying the MachO load commands, and they got some sets of tools like iOSOpenDev, and the new replacement of iOSOpenDev, MonkeyDev by @AloneMonkey.

And there're at least 2 tools which can log the calling sequence of the methods,

——A Silvia