You may have known that I took some time reversing iBooter, trying to find out the magics behind it. After reading Geohot’s iPhone USB Linux Driver and client sample code, compared with what I have found by reversing iBooter, I have to say I feel a little disappointed about iBooter. It’s just a wrap to [...]
UPDATE: I should have read Geohot’s driver code earlier, the secrets to USB communication with iPhone in recovery mode is right inside the code. Thanks timschuerewegen’s comment which drives me to read Geohot’s code and it does help. This article seems dumb if you have read Geohot’s code, but at least it shows you how [...]
The MobileSafari comes with iPhone doesn’t allow to open local file, you’ll get the following error when you try to enter a file:/// URL:
Safari can’t open the page because it is a local file.
This can be easily patched. This article describes how to patch MobileSafari to make it open local files (e.g. PDF). I’ll use [...]
This is the full disassembly listing of the icon list retrieving method in SpringBoard 1.1.1, I’ve added the comments to ease the reading. Based on this disassembly listing, it’s easy to create a patch to enable the SpringBoard multipage scrolling.
NOTE: The scrolling feature has already been in the SpringBoard, Apple just didn’t open it to [...]
UPDATE: For patched binaries, please check AppSupport Page. This article only analyzes the dynamic library loading mechanism in the patch, not the patch itself.
I’ve decided to reverse the AppSupport patch (for 1.1.2) because I wanna know how it is written, more ever, it was said there’re some tricks inside the code which deals with dynamic [...]
UPDATE: this article was corrupted for unknown reason, I wish I could find the backup :(
UPDATE: If you’re looking for a more flexible patch, check HERE.
UPDATE: modified with a more detailed disassembly listing, also gave the function-equivalent Object-C source.The carrier patch for SpringBoard allows to use customized carrier logo on status bar, however, the current [...]
This is a book about code disassembly, it can be used as an entry to reverse code engineering (RCE).
Excerpts from the book preface:
This book is not intended for readers who have no programming experience. If you program in some high-level programming language but are not acquainted with Assembly, you’ll need to consult some [...]
I have been using IDA Pro 5.0/5.1 to disassemble the iPhone apps (with a macho.ldw patched for ARM in Mach-O binaries), it worked great except some instructions could not be recognized/disassembled. However, the condition has changed a lot in IDA Pro 5.2, this version recognizes much more ARM instructions than its precedent versions.
Highlights of [...]