I wanna preface by saying that I am just a newbie, which is trying to understand the complex jailbreak universe. I am no software cracker or reverse engineer, just a curious guy.
So, recently I have started using Hopper disassembler, and began studying ARM Assembly. However, I came up with i0n1c's dumpdecrypted, a C script which basically dumps the unencrypted executable for any iOS application. I also have read about Mach-O files structure, and how Apple protects their code against hackers.
Finally, I tried disassembling some games on my device, just for having some Assembly to read and try to apply my basic knowledge. I noticed that some executables decompile without any problem, and I have all (or most of them) of the Objective-C methods and declarations in Hopper's left pane. Also Hopper automatically recognizes the executable loader as ARMv7.
Now, with other executables, most of the code is still encrypted. And Hopper sets the loader as ARMv7s.
So I researched, and tried even some cracking tweaks, such as clutch. I noticed that clutch effectively dumps and packs IPAs files for the games which code was all decrypted by i0n1c's script. It instead fails on the executables that dumpdecrypted leaves semi-decrypted, with this error message:
Cracking XXX...
error: Cannot crack ARMV6 portion of fat binary.
error: Could not crack binary
Failed.
So, some executables use 2 different ARM architectures? How's that possible? That's why Hopper sets the loader as ARMv7s?
My real question is: Is there an efficient way to decrypt all (or like the 90%) of the code of an iOS executable? And why some are dumped without problems why others are not?
Again, I am not a software cracker, I am learning ARM for my personal knowledge and for testing my apps.
I was curious about this strange encryption. If anyone can answer my question, thanks in advance!
I also don't know if StackOverflow is the right place to post this, but I assume yes, since assembly is still a programming language.
