2

Is it possible to extract a binary, to get the code that is behind the binary? With Class-dump you can see the implementation addresses, but is it possible to also see the code thats IN the implementation addresses? Is there ANY way to do it?

JonasG
  • 9,274
  • 12
  • 59
  • 88

3 Answers3

5

All your code compiles to single instructions, placed in the text section of your executable. The compiler is responsible for translating your higher level language to the processor specific instructions, which are simpler. Reverting this process would be nearly impossible, unless the code is quite simple. Some problems are ambiguity of statements, and the overall readability: local variables, for instance, will be nothing but an offset address.

If you want to read the disassembled code (the instructions of which the higher level code was compiled to) use this command in an executable:

otool -tV file

sidyll
  • 57,726
  • 14
  • 108
  • 151
3

You can decompile (more accurately, disassemble) a binary and get it's assembly, but there is no way to get back the original Objective-C.

My curiosity begs me to ask why you want to do this!?

James Webster
  • 31,873
  • 11
  • 70
  • 114
  • I want to learn from the code. You might think that I want to copy code, but thats not my intention, I want to see how others do stuff that I have been thinking about for ages and haven't figured out how to do it. – JonasG Oct 25 '11 at 19:33
  • 3
    @Maxner: In general, it would be a much better idea just to look at open-source projects and ask questions about things you want to know rather than disassemble closed-source programs. Disassembled code is typcally not very beginner-friendly at all. – Chuck Oct 25 '11 at 19:39
  • So when I have disassembled a binary, Terminal gives me thousands of lines like this: 00002134 e58d1024 str r1, [sp, #36] what can I do with that? How can I get any information of it? – JonasG Oct 25 '11 at 19:39
  • @Maxner this is a store instruction given to the processor. If you really want to know about these, read a little on computer architecture. As Chuck said, this might not be the best path. PS: It was otool that gave you thousands of lines, not Terminal.app :-) Terminal.app just showed them to you. – sidyll Oct 25 '11 at 19:57
  • 1
    @Maxner: Check out these references to get started: [A few things iOS developers ought to know about the ARM architecture](http://wanderingcoder.net/2010/07/19/ought-arm/); [Whirlwind Tour of ARM Assembly](http://www.coranac.com/tonc/text/asm.htm); [ARM Assembler](http://www.heyrick.co.uk/assembler/index.html). – Jeremy W. Sherman Oct 25 '11 at 19:57
  • That's probably the best information you're going to get from a disassembled binary. You aren't going to get 'code' from a binary. – James Webster Oct 25 '11 at 23:03
2

otx http://otx.osxninja.com/ is a good tool for symbolicating the otool based disassembly It will handle both x86_64 and i386 disassembly.

and

Mach-O-Scope https://github.com/smorr/Mach-O-Scope is a a tool built on top of otx to dump it all into a sqlite3 database for browsing and annotating.

It won't give you the original source -- but it will get you pretty close providing you with the messages that are being sent around in methods.

smorr
  • 76
  • 2