Ida Alternatives For Mac
Security researchers have identified more and more Mac OS malware attacks over the past two years. In June 2017, Rommel Joven and Wayne Chin Yick Low from Fortinet’s Fortiguard Labs found and analyzed a new targeted at Mac OS. Most malware for Mac OS was developed in the Objective-C programming language. A good introduction to reverse engineering Cocoa applications can be found. In that blog post, the researcher released an IDAPython script named objc2xrefshelper.py that can only be executed in IDA Pro.
Ida Pro Mac
As you know, IDA Pro is the gold standard for disassemblers. However, IDA Pro Licenses start at $1409 (you can refer to that ). So this can be extremely cost prohibitive for many people. One good alternative is the Hopper Disassembler for Mac OS. A Hopper Disassembler v4 Personal License is only $99.00. I rewrote the IDAPython script named objc2xrefshelper.py and developed a python script for the Hopper Disassembler. It’s similar to the IDAPython script.
I named this Hopper python script objc2xrefshelperhopper.py. In this blog I will share this tool. Some background regarding Objective-C can be found from. As mentioned in that article, the function call is implemented by the message sending mechanism in Objective-C.
Unfortunately, this message sending mechanism causes problems when trying to follow cross-references for selectors in Hopper Disassembler. Before rewriting the python script for Hopper, therefore, we need to walk through the codes in IDAPython script objc2xrefshelper.py and understand all the details. It’s important that we figure out the data structures of Class in low level in Objective-C, as well as the relationship between these data structures. I have included a figure showing the relationship between these related data structures, as shown below. The relationship between these related data structures of class in Objective-C To verify the functionality of objc2xrefshelperhopper.py, I wrote a simple Cocoa application. The demo application can be downloaded from.
We load the executable mach-o file of the demo application into Hopper Disassembler, as shown below. Loading the demo application’s executable file into Hopper Disassembler The following is the python script objc2xrefshelperhopper.py.