I am searching for a tool or a combination of tools that can be used for static analysis of closed-source iPhone apps. I am interested in building a control flow graph of these apps. So I am thinking of doing the following:
- Decrypt the app, if required
- Decompile/disassemble the app (for ex., the equivalent tool in Android would be ded: Decompiling Android Applications)
- Construct a control flow graph from the disassembled source code (again, for Android, I could use a tool such as SOOT that works on Java files obtained after disassembly of Android apps)
I came across the following tools, but I am not sure which one of these would be appropriate.
For disassembly:
- Interactive Disassembler - Some research projects have reported using it, but now it is commercial.
- Hopper - Not sure whether this can produce output in a format other than assembly language
For static analysis:
- Clang analyzer - integrated with Xcode
- iNalyzer - penetration testing tool for iOS apps
My question is: what should be the right combination of the tools from the above two groups so that the output of disassembler can be used as the input to the static analyzer?
Note: One similar question to this is Objective-C static analysis tools — plugin to Xcode?. But the focus there was on a tool that could be used with Xcode and hence would be useful for developers who are writing iPhone apps. I am, however, interested in tools that can be used for analyzing iPhone apps whose source code may not be available.
