Research And Application On Technology Of IOS-based Software Reverse Engineering

At present, with the increasing popularity of mobile smart devices, more and more malicious software targeted on mobile smart devices.iOS as a new mobile operating system, the technology of iOS-based software reverse engineering did not get the attention of domestic researchers. It is lack of relevant research data. It has not yet formed a completed the iOS-based software reverse engineering analysis mothod in China and on abroad. Therefore, researches on the iOS-based software reverse engineering have important significances and values. To some extent,it can make up for the lack of research in this field at home and abroad, improves the ability of analysis of iOS-based malicious software, and contributes to study the iOS mobile system and excellent apps.Firstly, this thesis introduces the iOS system platform for the necessary basic knowledge of iOS-based software reverse engineering. I summarize and analyze of the iOS security features, an executable program features, Objective-C language features. Based on the analysis of these features, I propose the "iOS software reverse analysis mothod", pointing out the mothod’stwo technical difficulties (the App decryption and remove ASLR function)and three key technologies:"the iOS program understanding technology", methods of static analysis, methods of dynamic analysis.Secondly, for the mothod of the key technology research, the thesis first suggests the concept of "the iOS program understanding technology" which mainly studies the function understanding technology and process control statement recognition model. This thesis also studies the methods of iOS-based software reverse Engineering static analysis, and put forward four static analysis points:the import libraries, import function, Objective-C header file information extraction, the hard-coded string. In addition, in view of the difficulties in the mothod, this thesissummarizes the methods of app decryption and formulates a scheme of app decryption. For dynamic debugging, the program addresses space randomly distribution, attributing to the difficulties of locating critical data and code.The thesis put forward to an innovative "RASLR (Remove ASLR)" method andthroughthis method can remove the ASLR function of the program and successfully solve this problem.Finally,thisthesis uses the "iOS software reverse analysis mothod" to analyze an iOS malware, the results indicate that the analysis method has good practical effects.