Hacker News new | ask | show | jobs
by bradyriddle 438 days ago
I'm curious about this. I'm familiar with reversing http api calls using a mitm proxy. But this ain't that.

Are they able to load a .so/dylib file during runtime and just call a method on it as long as they know the name of the method? How does iOS even allow that? How does an iOS even get to load those files? Seems like that would be locked down.
2 comments
musjleman 437 days ago
> Are they able to load a .so/dylib file during runtime and just call a method on it as long as they know the name of the method?

Yes, usually that's the entire point of an .so/.dylib/.dll - to load it and call it's functions by name?

> How does iOS even allow that? How does an iOS even get to load those files? Seems like that would be locked down.

Because it's something that higher level apple interfaces might rely on. It's not a security issue in the first place - if you submit an app obviously using them the message you get is:

> The use of non-public APIs is not permitted on the App Store because it can lead to a poor user experience should these APIs change.

link
bradyriddle 437 days ago
Man, this is gonna reveal some ignorance. But here goes. Please correct me where I'm wrong

.so/.dylib/.dll's typically get linked at load time, right? Like we aren't all manually loading dylibs in our source code. I guess I'm surprised on a platform as locked down as ios that they even allow you to link anything at run time.

chatgpt gives me this snippet but I have no way of knowing if this is roughly how it would look.

Class SBApplication = objc_getClass("SBApplication");

SEL launchSel = sel_registerName("launch");

id app = [SBApplication getAppWithBundleID:@"com.example.app"];

objc_msgSend(app, launchSel);

link
freeone3000 437 days ago
You can put in an autoload section and the runtime linker will load it for you, but you absolutely can load a DLL and its symbol names at runtime. Usually this is done for boring reasons like compatibility with multiple versions of an external library.
link
saagarjha 437 days ago
There’s not really any way to stop it, considering Apple’s apps need to make these calls.
link
Rohansi 437 days ago
Surely Apple could just make those libraries inaccessible to third party apps. Why would they be required to make them accessible to all apps?
link
saagarjha 437 days ago
Because their public frameworks depend on it.
link