Can .ipa file be reverse engineered if you have the dSYM?

StackOverflow https://stackoverflow.com/questions/14502167

Question

Some code analysis tools require you to submit your .ipa along with your .dSYM file.

Is sending the .dSYM file along with the .ipa a risk for reverse-engineering of the app? I mean, can someone get to the source code if he has both the .ipa and the .dSYM?

Was it helpful?

Solution

It's not that hard to reverse-engineer applications even without symbols.

Here's what recent versions of IDA can show you without the .dSYM:

IDA iPhone Objective-C disassembly

And if you have the Hex-Rays decompiler, you can get something like:

// CKMessagesController - (void)mailComposeController:(id) didFinishWithResult:(int) error:(id) 
void __cdecl -[CKMessagesController mailComposeController:didFinishWithResult:error:](struct CKMessagesController *self, SEL a2, id a3, int a4, id a5)
{
  struct CKMessagesController *v5; // r4@1

  v5 = self;
  objc_msgSend(self, "dismissViewControllerAnimated:completion:", 1, 0);
  objc_msgSend((void *)v5->_mailComposeController, "release");
  v5->_mailComposeController = 0;
}

Having the .dSYM will definitely make the task even easier: not only ALL the function and variable names will be there (including private ones), but probably the full types as well (structures, classes and enums). You won't be able to get the source code, but probably something pretty close to it.

OTHER TIPS

No he will not get the source-code, but knowing the symbol names might help understanding the compiled / decompiled code.

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top