poomsmart / idaobjctypes Goto Github PK

View Code? Open in Web Editor NEW

299.0 9.0 33.0 986 KB

A collection of types & functions definitions useful for Objective-C binaries analysis.

License: Other

Objective-C 98.52% C 1.14% C++ 0.34%

headers objc types definitions functions analysis binaries ida-pro ghidra

idaobjctypes's Introduction

IDAObjcTypes

A collection of (public and private) types and functions definitions useful for Objective-C binaries analysis.

Why even?

Would you rather re-define the same functions or types over and over as you work with different binaries?

Usage (IDA Pro 8+)

Copy IDA.til and IDA32.til to til folder inside IDA application directory.
In IDA Pro, open Type Libraries window via View > Open subviews > Type libraries or press Shift + F11.
Right-click the type list and select Load type library....
Select IDA (or IDA32 if you target 32-bit binaries) and click OK button.

TIL created via this command:

tilib -c -hIDA.h IDA.til -D__EA64__ -P

Usage (IDA Pro 7)

Go to File > Load file > Parse C header file then choose IDA.h to import everything at once.

Or, run this IDA command: idaapi.idc_parse_types("/path/to/IDAObjcTypes/IDA.h", idc.PT_FILE)

Usage (Binary Ninja)

Go to Analysis > Import Header File....
In Header File(s), browse for IDA.h in this project.
In Compiler Flag(s), add -D__EA64__ -D__BINJA__.
Click Import button.

Usage (Ghidra)

Go to File > Parse C Source.
(Go to 6. if it's not the first time you do this) Clone objc_mac_carbon.prf profile into a new profile, called OBJC.prf, for example.
Remove everything in Source files to parse, and add IDA.h in this project to the list.
Add two additional flags: -D__EA64__ -DGHIDRA to Parse Options.
Save OBJC.prf profile as you might use it later.
Click Parse to Program, click Proceed if anything pops up.
Check Data Type Manager window (at bottom-left), (long) right-click at <your-binary-name> and select Apply Function Data Types.

Ghidra limitation

You have to manually specify the size of enum members if what you get is incorrect.

iOS version-specific analysis

Uncomment // #define IOS14 inside IDA.h before you import it if you are reversing iOS 14 or lower binaries.

Included Frameworks/Libraries

More to be added as the owner reverses more binaries.

AppSupport
AssetsLibraryServices
AudioToolbox
AVFoundation
CommonCrypto
CoreAnimation
CoreAudio
CoreFoundation
CoreGraphics
CoreMedia
CoreServices
CoreText
CoreVideo
CydiaSubstrate (if you ever want to RE tweaks)
Darwin
Foundation
GraphicsServices
IOMobileFramebuffer
IOKit
IOSurface
Kernel
MediaRemote
MobileGestalt
PowerLog
Security
SoftLinking
SpringBoard
SpringBoardHome
Swift (WIP, PRs welcome)
System (libSystem)
SystemConfiguration
UIKit
dyld
icu
objc
os
pthread
sandbox
sqlite
xpc
fishhook

idaobjctypes's People

Contributors

Stargazers

Watchers

idaobjctypes's Issues

Ghidra Parse error related to NSObject

Happens with commit c5bab42 (current master)

C Parser: Encountered errors during parse. in /home/fmagin/gits/IDAObjcTypes/Darwin/../Foundation/../objc/Types.h near line -5678  Error: Undefined data type “NSObject”
    near token: null
Possibly Undefined : NSObject 
Last Valid Datatype: id
Check around CParserPlugin.out around line: 5698

Full CParserPlugin.out file is available at https://gist.github.com/fmagin/7856a8ee459d8e940902dd6fb6d63def

Line 5698 (+- 1) is:

typedef struct Protocol {
    NSObject super;
} Protocol;

The typedef for NSObject happens later in line 5771

typedef struct NSObject {
    Class isa;
} NSObject;

Don't have time to investigate the issue right now, but I am currently trying to write some Ghidra Script to parse the repo into a GDT archive in the CI, which should catch those issues in the future.

Parse error

Here's the screenshot

Works with Ghidra?

Trying to use with Ghidra and having a lot of issues. Is it supported?

Support for Hopper Disassembler

Can you make it work on hopper ( Hopper Disassembler )

Cuz a lot of us use mac book m1+2+3 with latest mac sonoma , Your efforts are unforgettable and I will be grateful to you in any way. I hope you will provide support or a way to how use it in hopper app , thanks ♥️

Missing types

Hi,

Thanks for this great project.

I'm not sure if you're creating the headers manually but here are some types I've encountered which appear to be missing:

NSMutableSet
NSCountedSet
NSXPCInterface
NSXPCConnection
NSUserDefaults

Hope this helps.

Support for Binary Ninja.

Hi, I was just wondering if there would ever be support for binary ninja as they just added the objective-c workflow and having these Types would be alot easier in RE. Its possible its already easy to use in bin ninja and im just missing context :) Thankyou love the project.

NXTypes.h errors in IDA 7.0

Error D:\RE\RE Utils\IDAObjcTypes\IOKit\NXTypes.h,56: Invalid storage class
  included from D:\RE\RE Utils\IDAObjcTypes\IOKit/Types.h, 6
  included from D:\RE\RE Utils\IDAObjcTypes\Types.h, 19
  included from D:\RE\RE Utils\IDAObjcTypes\IDA.h, 2
Error D:\RE\RE Utils\IDAObjcTypes\IOKit\NXTypes.h,57: Syntax error near: }
Error D:\RE\RE Utils\IDAObjcTypes\IOKit\NXTypes.h,69: Invalid storage class
Error D:\RE\RE Utils\IDAObjcTypes\IOKit\NXTypes.h,70: Syntax error near: }
Error D:\RE\RE Utils\IDAObjcTypes\IOKit\NXTypes.h,118: Invalid storage class
Error D:\RE\RE Utils\IDAObjcTypes\IOKit\NXTypes.h,119: Syntax error near: }
Error D:\RE\RE Utils\IDAObjcTypes\IOKit\NXTypes.h,129: Invalid storage class
Error D:\RE\RE Utils\IDAObjcTypes\IOKit\NXTypes.h,137: Syntax error near: }
Error D:\RE\RE Utils\IDAObjcTypes\IOKit\NXTypes.h,153: Syntax error near: }
Total 9 errors

GHIDRA parse error

What should i do? help