jtool decompile - class name explanation?

Used for discussing the various tools in the book as well as encouraging members to share tools

jtool decompile - class name explanation?

Postby gawdzer » Thu Feb 01, 2018 8:46 am

Hello!

I'm playing a bit with jtool (which is amazing!) and I'm trying to decompile the executable inside my IPA:

$ jtool -D MyApp |grep -e "^\-"
Disassembling from file offset 0x7da8, Address 0x7da8
-[_TtC19MyBundle18MyClassOne methodNumberOne]:
-[_TtC19MyBundle18MyClassOne methodNumberTwo]:
-[_TtC19MyBundle18MyClassOne methodNumberThree]:
-[_TtC19MyBundle16MyClassTwo helloOne]:
-[_TtC19MyBundle16MyClassTwo helloTwo]:

This is great, but I do not fully understand what _TtC19, 18 and 16 mean

When I use Hopper, the GUI displays:

-[MyBundle.MyClassOne methodNumberOne]
-[MyBundle.MyClassOne methodNumberTwo]
-[MyBundle.MyClassOne methodNumberThree]
-[MyBundle.MyClassTwo helloOne]
-[MyBundle.MyClassTwo helloTwo]

so it really intrigues me - what are those numbers? How does Hopper know how to remove them and display clear names?

Any help would be appreciated!
gawdzer
 
Posts: 1
Joined: Thu Feb 01, 2018 8:30 am

Re: jtool decompile - class name explanation?

Postby darkknight » Thu Feb 01, 2018 9:39 pm

This seems to be a swift binary with the usual name mangling:
- _Tt stands for target (bundle / app name)
- C for class.. It could also have been F for function, P for protocol etc
After that it's usually a number followed by a name where the number is the length of the name.

See this slide deck(Name Mangling Slide): https://gsec.hitb.org/materials/sg2016/ ... ations.pdf

As for Hopper, I am not sure if recent versions of Hopper now do the demangling automatically. But I use to use the following plugin - https://github.com/keith/hopper-swift-demangle

J Says: Yeah, it's indeed Swift detangling. And I can't have Hopper doing it and jtool lagging behind - especially when it's so easy to add. I'll put that in the next build
darkknight
 
Posts: 102
Joined: Mon Apr 18, 2016 10:49 pm


Return to Tools

Who is online

Users browsing this forum: No registered users and 2 guests