Binary Ninja plugin & workflow to help analyze Objective-C code

Related tags

Miscellaneous macos ios objective-c reverse-engineering binary-ninja
Overview

Objective Ninja

Objective Ninja is a Binary Ninja plugin to assist in reverse engineering Objective-C code.

Beware, Objective Ninja is still in very early development. There are probably (almost certainly) bugs, and there is lots of work left to do. If you run into a problem, please report the issue on GitHub.

Features

Objective Ninja is still in early development, but already has a handful of useful features.

Method Call Cleanup

Before and After

Before/after method call cleanup & symbol creation.

Objective Ninja can replace calls to objc_msgSend with direct calls to the relevant method's implementation, as shown above. Also shown is Objective Ninja's ability to define symbols for class methods using class and selector data.

Structure Analysis

As mentioned previously, Objective Ninja parses Objective-C structures found in the binary. Objective Ninja will also define types for all necessary Objective-C structures and create data variables for them automatically.

Limitations

Only the x86_64 and arm64 architectures are supported; support for other architectures is not planned.

Roadmap

There are numerous other features planned and on the way; see issues marked with the "feature" tag for more information.

Build & Installation

Objective Ninja is currently only offered in source code form; to use Objective Ninja, you will need to build it yourself. The good news is that building it isn't very difficult.

NOTICE: At this time (3 January 2021), the Workflows API is only available on the dev branch of the API repo. As such, the vendored submodule points to a recent commit on that branch. Once the Workflows API is available in Binary Ninja 3.0, you may modify the submodule to point to a specific commit you are targeting.

Clone the Objective Ninja repository, initialize the Binary Ninja API submodule, then run CMake and build:

git clone https://github.com/jonpalmisc/ObjectiveNinja.git && cd ObjectiveNinja
git submodule update --init --recursive
cmake -S . -B build -GNinja
cmake --build build

Once complete, libObjectiveNinja will be available in the build folder; copy it to your Binary Ninja user plugins folder, then start reversing. :)

Troubleshooting

CMake Error at vendor/api/CMakeLists.txt:58 (find_library):
  Could not find BN_CORE_LIBRARY using the following names: binaryninjacore,
  libbinaryninjacore.so.1

If you encounter an error that looks like the one above, you may have to explicitly set the BN_CORE_LIBRARY option when invoking CMake, done as follows:

cmake ... -DBN_CORE_LIBRARY="PATH_HERE"

However, this should be determined automatically and not have to be configured by hand.

See the Binary Ninja User Documentation if you aren't sure where your user plugins folder is.

Contributing

Contributions in the form of issues and pull requests are welcome! For more information, see CONTRIBUTING.md.

License

Copyright © 2022 Jon Palmisciano; licensed under the BSD 3-Clause license.

You might also like...
Arduino sample code to help you get started using the Soracom IoT Starter Kit!
Arduino sample code to help you get started using the Soracom IoT Starter Kit!

Soracom IoT Starter Kit The Soracom IoT Starter Kit includes everything you need to build your first connected device. It includes an Arduino MKR GSM

Soracom Labs 13 Jul 30, 2022
A Visual Studio extension containing a collection of tools to help contributing code to the Chromium project.

VsChromium VsChromium is a Visual Studio Extension containing a collection of tools useful for editing, navigating and debugging code. VsChromium was

The Chromium Project 258 Dec 30, 2022
Sandbox binary and source code for the Siggraph 2017 paper "Water Wave Packets" by Stefan Jeschke (NVIDIA) and Chris Wojtan (IST Austria)

----------------------------- Manual for wave packet viewer ----------------------------- System requirements: Windows8/8.1/10 with DirectX runtime e

Stefan Jeschke 37 Nov 28, 2022
mini-plugin host as plugin
mini-plugin host as plugin

DISTRHO Ildaeil DISTRHO Ildaeil is mini-plugin host working as a plugin, allowing one-to-one plugin format reusage. Load a VST2 plugin inside a LV2 ho

DISTRHO 58 Dec 12, 2022
A simple wrapper for 'pacman' with a syntax similar to 'apt' to help people transitioning to Arch and Arch based distributions like Manjaro.

aptpac aptpac is a program which helps with the transition to Arch Linux and Arch based distros like Manjaro. It simplifies using pacman as it works l

Itai Nelken 18 Dec 4, 2022
this package help you to give glassomorphic+ neomrphic both effects to a container (at a time).
this package help you to give glassomorphic+ neomrphic both effects to a container (at a time).

duomorphsim this package help you to give glassomorphic+ neomrphic both effects to a container (at a time). Usage DuoMorphicCard need four argument wh

Lokesh Jangid 3 Aug 23, 2021
Had a tough time playing Microsoft Wordament ? Well WORDament_Solver has your back. It suggests you meaningful words you can use while playing the game and help you top the leaderboard.
Had a tough time playing Microsoft Wordament ? Well WORDament_Solver has your back. It suggests you meaningful words you can use while playing the game and help you top the leaderboard.

WORDament_Solver Had a tough time playing Microsoft Wordament ? Well WORDament_Solver has your back. It suggests you meaningful words you can use whil

Tushar Agarwal 3 Aug 19, 2021
weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.
weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.

weggli is a fast and robust semantic search tool for C and C++ codebases. It is designed to help security researchers identify interesting functionality in large codebases.

Google Project Zero 2k Dec 28, 2022
Control-Alt-Delete - Help Tux Escape Beastie's Jail!

Control-Alt-Delete Help Tux escape Beastie's jail by completing the following challenges! Challenges Challenge 00: Drinks: Tux needs to drink less. Ch

NDLUG 8 Oct 31, 2021
Releases(v2.2.2)

  • v2.2.2(Jun 8, 2022)

  • v2.2.1(May 12, 2022)

    • Update to core ABI v20
    • Remove unnecessary #include statements

    Full Changelog: https://github.com/jonpalmisc/ObjectiveNinja/compare/v2.2.0...v2.2.1

    Source code(tar.gz)
    Source code(zip)

  • v2.2.0(Apr 30, 2022)

    • Use Objective-C method syntax for symbols
    • Migrate to new structured logging API
    • Integrate info application with undo system
    • Use native CMake installation procedure to install plugin

    Full Changelog: https://github.com/jonpalmisc/ObjectiveNinja/compare/v2.1.1...v2.2.0

    Source code(tar.gz)
    Source code(zip)

  • v2.1.1(Mar 28, 2022)

  • v2.1.0(Feb 20, 2022)

  • v2.0.1(Feb 16, 2022)

  • v2.0.0(Feb 15, 2022)

    • Analyze and apply method type information
    • Name function parameters using selectors
    • Add oracle-based test suite
    • Add data renderer for fast pointers
    • Add cross references between structures
    • Overhaul entire analysis engine

    Full Changelog: https://github.com/jonpalmisc/ObjectiveNinja/compare/v1.3.1...v2.0.0

    Source code(tar.gz)
    Source code(zip)

  • v1.3.1(Jan 24, 2022)

    • Log analysis info by default (i.e. use LogInfo) (#22)
    • Correct pointer types for some sections (#23)

    Full Changelog: https://github.com/jonpalmisc/ObjectiveNinja/compare/v1.3.0...v1.3.1

    Source code(tar.gz)
    Source code(zip)

  • v1.3.0(Jan 24, 2022)

    • Structures are no longer overwritten to fix pointers, custom data renderers now used instead (#20)
    • Added tagged pointer, relative pointer types (#21)
    • Internal cleanup & stability improvements

    Full Changelog: https://github.com/jonpalmisc/ObjectiveNinja/compare/v1.2.0...v1.3.0

    Source code(tar.gz)
    Source code(zip)

  • v1.2.0(Jan 15, 2022)

    • Workflow will now refuse to run on views with unsupported architectures (#8)
    • Added detailed structure analysis logging (#15)
    • Find and use objc_msgSend symbols found in __la_symbol_ptr (#17)
    • Add "define types" one shot action, usable in DEV_MODE
    • Gracefully handle exceptions in structure analysis (#16)

    Full Changelog: https://github.com/jonpalmisc/ObjectiveNinja/compare/v1.1.1...v1.2.0

    Source code(tar.gz)
    Source code(zip)

  • v1.1.1(Jan 11, 2022)

  • v1.1.0(Jan 5, 2022)

    • Add analysis for __objc_classrefs section
    • Internal improvements

    Full Changelog: https://github.com/jonpalmisc/ObjectiveNinja/compare/v1.0.1...v1.1.0

    Source code(tar.gz)
    Source code(zip)

  • v1.0.1(Jan 3, 2022)

  • v1.0.0-beta(Jan 3, 2022)

Owner
Jon Palmisciano
Software engineer & security researcher
Jon Palmisciano
GitHub
The c++ micro framework for building web applications based on workflow

wfrest The c++ micro framework for building web applications based on workflow ⌛️ Build Step 1 : install workflow git clne [email protected]:sogou/workfl

Shiyu Yi 539 Jan 3, 2023
ESP32 + GitHub Actions + Husarnet. A boilerplate project for ESP32 allowing in-field firmware update using GitHub Actions workflow.

esp32-internet-ota ESP32 + GitHub Actions + Husarnet. A boilerplate project for ESP32 allowing in-field firmware update using GitHub Actions workflow.

Husarnet 31 Sep 22, 2022
Arnold-compatible implementation of Pixar's bump-to-roughness workflow

Arnold-compatible implementation of Pixar's bump-to-roughness workflow Read first https://rmanwiki.pixar.com/display/REN24/PxrBumpRoughness https://gr

Zeno Pelgrims 8 Oct 16, 2022
Calleree helps to analyze Ruby's caller-callee relationships.

Calleree Calleree helps to analyze Ruby's caller-callee relationships. Note that this tool consumes memory and introduces additional overhead because

Koichi Sasada 18 Oct 3, 2022
A program and toolset to analyze iDevice USB sessions

A program and toolset to analyze iDevice USB sessions

T2 Development Team 24 Nov 12, 2022
Strings Analyze tool for all platforms

Strings Analyze Inspired by @UnrealSecurity Strings Analyze Strings Analyze is a tool for all platform to analyze string dumps from process' memory or

Austin 3 Oct 11, 2021
Development of a system which can capture and analyze transmitted data on a USB wire.

FPGA based USB protocol analyser Development of a system which can capture and analyze transmitted data on a

Harsha Sandirigama 0 Apr 3, 2022
Ios-malicious-bithunter - iOS Malicious Bit Hunter is a malicious plug-in detection engine for iOS applications. It can analyze the head of the macho file of the injected dylib dynamic library based on runtime. If you are interested in other programs of the author, please visit https://github.com/SecurityLife

iOS Malicious Bit Hunter Abstract iOS Malicious Bit Hunter is a malicious plug-in detection engine for iOS applications. It can analyze the head of th

Alipay 70 Sep 12, 2022
Analyze precision

analyze-precision Analyze fix-point precision for unary functions This program allows, for a given unary function, to explore the relations between th

Yann Orlarey 2 May 3, 2022
A simple processor emulator written in c++ that can parse and execute x32 code. x32 is binary code made by me for this processor.

A SIMPLE PROCESSOR EMULATOR AND CODE EXECUTOR The Repository This is a fairly new project and is still heavy in development. If you find and bugs feel

Luka Golob 4 Jan 20, 2022