iOS逆向常涉及内容

在iOS逆向期间，常涉及到很多Apple苹果相关的开发资料，整理如下供参考。

ObjC的类

UIDevice

UIDevice | Apple Developer Documentation

iOS中的基本类型的定义

关于iOS中的很多相关的底层的类型：

• __darwin_mode_t
• __darwin_off_t
• __darwin_pid_t

的定义是：

typedef __uint16_t   __darwin_mode_t;        /* [???] Some file attributes */
typedef __int64_t       __darwin_off_t;         /* [???] Used for file sizes */
typedef __int32_t       __darwin_pid_t;         /* [???] process and group IDs */

来源：

• Apple的opensource
  • https://opensource.apple.com/source/xnu/xnu-792/bsd/sys/_types.h
• 其他
  • apple/darwin-xnu: The Darwin Kernel (mirror)
    • https://github.com/apple/darwin-xnu/blob/main/bsd/sys/_types.h

头文件 errno.h

• 旧版本：xnu-201
  • https://opensource.apple.com/source/xnu/xnu-201/bsd/sys/errno.h

#define ENOTSUP      45              /* Operation not supported */
#ifndef _POSIX_SOURCE
#define EOPNOTSUPP       ENOTSUP                /* Operation not supported */

• 新版本：xnu-792
  • https://opensource.apple.com/source/xnu/xnu-792/bsd/sys/errno.h.auto.html

#define ENOTSUP                45              /* Operation not supported */

结论：

• ENOTSUP = 45

man手册文档

前面介绍的

Apple 函数 man手册 总入口：API Reference: iOS Manual Pages (apple.com)

中有很多，iOS逆向期间，常常会涉及到的一些API或命令，整理如下：

• Section 2: system calls and error numbers
  • ENOMEM 错误码定义
    • 12 = ENOMEM Cannot allocate memory
      • The new process image required more memory than was allowed by the hardware or by system-imposed mem-ory memory ory management constraints. A lack of swap space is normally temporary; however, a lack of core is not. Soft limits may be increased to their corresponding hard limits.
  • stat64
    • Mac OS X Manual Page For stat64(2)
• Section 3: C libraries
  • system
    • Mac OS X Manual Page For system(3)
  • sysctl
    • Mac OS X Manual Page For sysctl(3)
  • strlen
    • Mac OS X Manual Page For strlen(3)

iPhone iOS SDK 源码

• iPhoneOS13.0.sdk
  • iOS-SDKs/iPhoneOS13.0.sdk at master · xybp888/iOS-SDKs (github.com)
    • stat.h
      • iOS-SDKs/stat.h at master · xybp888/iOS-SDKs (github.com)
    • syscall.h
      • iOS-SDKs/syscall.h at master · xybp888/iOS-SDKs (github.com)
    • sysctl.h
      • iOS-SDKs/sysctl.h at master · xybp888/iOS-SDKs (github.com)
    • types.h
      • iOS-SDKs/types.h at master · xybp888/iOS-SDKs (github.com)

改机相关

sysctl相关

• 苹果官网文档
  • sysctlbyname
    • sysctlbyname | Apple Developer Documentation
  • sysctl
    • sysctl | Apple Developer Documentation
• man手册
  • SYSCTL
    • Mac OS X Manual Page For sysctlbyname(3) (apple.com)
• 源码
  • sysctl.c (apple.com)
• 其他
  • sysctlbyname (freebsd.org)
  • sysctlbyname(3) manual page (lemoda.net)
  • sysctl, sysctlbyname (qnx.com)
  • sysctlbyname.3 (daemon-systems.org)

其他

iOS中 属性列表 Property List = plist

• Introduction to Property Lists (apple.com)

C语言相关开发整理和心得

gcc

编译时-Wxxx的参数：

• Warning Options (Using the GNU Compiler Collection (GCC))

clang

编译时参数：

• Clang Compiler User’s Manual — Clang 13 documentation (llvm.org)
• Clang command line argument reference — Clang 13 documentation (llvm.org)