Skip to content

Reverse Engineering - iPhone


unzip app.ipa

Search for files

list all extension

find . -type f | perl -ne 'print $1 if m/\.([^.\/]+)$/' | sort -u
list all files by extension
find . -name '*.plist' 2>/dev/null
find . -name '*.mom' 2>/dev/null
find . -name '*.xml' 2>/dev/null
find . -name '*.json' 2>/dev/null
find . -name '*.txt' 2>/dev/null
find . -name '*.db' 2>/dev/null
find . -name '*sql*' 2>/dev/null
find . -name '*back*' 2>/dev/null
find . -name '*bak*' 2>/dev/null

Get strings

strings appProd
srch_strings -a appProd

Open *.plist / *.mom files


apt-get install libplist-utils
plistutil -i Config.plist
plistutil -i

Static code analysis


docker run -it --rm -p 8000:8000 opensecurity/mobile-security-framework-mobsf:latest


Ghidra is a free, open source reverse engineering tool that can be used to analyze compiled code, disassemble it, and debug software. It was developed by the National Security Agency (NSA) in the United States and was released to the public in March 2019. Ghidra supports a wide range of file formats and platforms, and its modular design allows users to add their own functionality and workflows. The tool is designed for use by reverse engineers, malware analysts, and software engineers, and its user-friendly interface makes it accessible for those who are new to reverse engineering. Ghidra has become a popular choice for those in the cybersecurity community who need a robust, free tool for analyzing software.

sudo apt install ghidra


Radare2 (often shortened as "r2") is a free, open-source and cross-platform reverse engineering framework. It is used for disassembling, analyzing, and manipulating binary files, including but not limited to executable files, shared libraries, firmware images, and so on.

sudo apt install radare2

Radare2-Cutter is a graphical user interface (GUI) for the radare2 reverse engineering framework. It provides a visual interface for analyzing and manipulating binary files, making it easier to perform reverse engineering tasks without having to use the command line.

#sudo apt install radare2-cutter
git clone