iOS 64bit app weird behaviour for headers, test tools

Question

I have a 64bit iOS app, but various tools and functions don't seem to work on it. This app was downloaded from the App Store, so it passed all Apple's checks etc.

It is a 64bit app, as seen by the mach-o header-

Mach header
  magic      cputype cpusubtype  caps    filetype ncmds sizeofcmds   flags
MH_MAGIC_64 16777228          0  0x00     EXECUTE    47       5480       NOUNDEFS DYLDLINK TWOLEVEL WEAK_DEFINES BINDS_TO_WEAK PIE

It doesn't seem to even have the LC_ENCRYPTION_INFO_64 (as 64 bit app) in the header load commands, and is missing all info about cryptoffset, cryptid etc-

root# otool -l myApp | grep -i crypt
root#
root# otool -l myApp | grep -i LC_ENCRYPTION_INFO
root#

Using nm to get the functions, classes and methods are referenced in the application and in the dynamically loaded libraries, is met with an error.

nm myApp
nm: object: myApp malformed object (unknown load command 4)

And lastly, when I dump using class-dump-z, I get null, this is the result whether I do it on the standard binary from App Store, or if I decrypt using Clutch first.

/**
* This header is generated by class-dump-z 0.2a.
*
* Source: (null)
*/

Lipo also throws an error as well

root# lipo -info myApp
dyld: lazy symbol binding failed: Symbol not found: _map_fd
Referenced from: /usr/bin/lipo
Expected in: dyld shared cache

dyld: Symbol not found: _map_fd
Referenced from: /usr/bin/lipo
Expected in: dyld shared cache

Trace/BPT trap: 5

What's going on?

Answer 1

原来，您需要先使用dylib和dumpdecrypted- https://github.com/stefanesser/dumpdecrypted ，然后使用OSX上运行的最新版本的class-dump- http: //stevenygard.com/projects/class-dump/这将使您成功地类转储arm64位二进制文​​件。