How to get hardcoded information from an iPA binary

Question

I tried strings over application binary..but it is showing following error: strings: object: malformed object (unknown load command 19)

Any other way to read hardcoded information from an iOS application's binary file

Answer 1

This is pretty old but I had a particular issue where I was trying to find the hard-coded strings in an app for which Bitcode was enabled and I'd built an archive for exporting to the AppStore. The final .ipa file unzips as usual, containing the binary at Payload/appname.app/appname, but strings and similar tools are not able to process this. Instead I used the following commands:

segedit Payload/appname.app/appname -extract __LLVM __bundle llvm.xar xar -xf llvm.xar llvm-dis 1

You'll need to install the llvm tools (e.g. brew install llvm) to get llvm-dis. This produces a file called 1.ll which clearly contains the hard-coded strings I was looking for (along with quite readable pseudo-source). If there's nothing in 1.ll, see if there's files named 2, 3, 4 etc. and run llvm-dis on them.

However for an ipa that has actually been downloaded from the AppStore, you will unfortunately need to use a jailbroken device where you can run clutch etc.

Answer 2

To get hard coded Strings from ipa follow below steps :

• Get Clutch from here.

• Decrypt the app using Clutch (Clutch <ipaToDecrypt>)

• Unzip the decrypted ipa, and get the app bundle directory.

• Locate the executable within it, and run strings command against the binary. (strings <app-binary>)

Answer 3

1. The IPA file is not the binary. It's a ZIP archive which you have to extract in order to obtain the app bundle directory, in which resides the actual executable.

2. Even that executable isn't well-formed. It's encrypted with the AppleID of the user who has downloaded it. You need to decrypt it before being able to run strings on it (you can use some popular iOS application cracking tools for this purpose).