The Swift Language from a Reverse Engineering Perspective presented at DeepSecVienna 2018

by Malte Vincent,

Summary : Over the last decade, mobile devices have taken over the consumer market for computer hardware. Almost all these mobile devices run either Android or iOS as their operating systems. In 2014, Apple introduced the Swift programming language as an alternative to Objective C for writing iOS and macOS applications. The risingadoption of this new language has to some extent obsoleted existing techniques for program analysis for these platforms, like method swizzling and "class-dump".In this paper we discuss features of Swift binaries that help in reverse engineering the functionality of the contained code: We document the memory layout of compound data types and the calling convention used by the Swift compiler, as well as the runtime type information that is used by runtime and debugger when data types arenot known statically. This type information is rich enough to allow an almost full recovery of the definition of most Swift data types, e.g. including even the names and offset of the members of compound data types.Based on these findings, we introduce the open source swift-frida library for iOS built on top of the Frida instrumentation framework. It provides this information about all public and many private Swift data types in a process. It allows transparent read/write access to Swift variables and their data members with known type and memory location.