#Reverse Engineering

  1. Deobfuscated libMobileGestalt keys (iOS 12)

    libMobileGestalt is a private library in iOS that describes the capabilities of the device: system version, build version, device type, device features, status of the airplane mode, … Apple obfuscates this information which makes it hard to know the capabilities of the device. In January 2017, I presented a method for Deobfuscating libMobileGestalt keys. At that time there were 673 known obfuscated keys and I managed to recover 564 out of the 673 keys (83%). Since this previous article, Apple has released 2 major iOS versions, and new obfuscated keys have been added. In this post I quickly recap what is libMobileGestalt and provide the updated list of recovered keys.
    [Read More]
  2. Constraints on QuickLook plugins

    A QuickLook plugin on macOS 10.14 has several constraints to satisfy. If one of the limits is exceeded, the plugin will immediately be killed and no preview will be visible. Having such restrictions makes sense but they appear to be undocumented. This article addresses the lack of information about these constraints.
    [Read More]
  3. QuickLook plugin to visualize .car files (compiled Asset Catalogs)

    In a previous article, I reverse-engineered the .car file format used to store the compiled assets of an Asset Catalog. I also demonstrated how to create a tool to manually parse such files. While this tool can extract a lot of information, it is cumbersome to use if you want to quickly see all the assets contained in a car file.
    [Read More]
  4. Reverse engineering the .car file format (compiled Asset Catalogs)

    An Asset Catalog is an important piece of any iOS, tvOS, watchOS and macOS application. It lets you organize and manage the different assets used by an app, such as images, sprites, textures, ARKit resources, colors and data.
    [Read More]
  5. VPNStatus, a replacement for macOS builtin VPN Status

    In this post I present VPNStatus, an application that replicates some functionalities of macOS built-in VPN status menu:
    [Read More]
  6. macOS VPN architecture from System Preferences down to nesessionmanager

    macOS 10.13 contains a built-in VPN client that natively supports L2TP over IPSec as well as IKEv2. In this post I describe some parts of the internal architecture of the macOS VPN client. This information will be used in a following article to build an application that replicates some functionalities of the VPN status in the menu bar. This application will also allow to auto connect to an IKEv2 VPN service, something that is currently not possible on macOS.
    [Read More]
  7. Deobfuscating libMobileGestalt keys

    /usr/lib/libMobileGestalt.dylib is a private library which provides an API to retrieve the capabilities of the iOS device, as well as some runtime information: system version, build version, device type, current status of the airplane mode, …
    [Read More]