📄️ Mach-O Introduction
The executable format of an iOS binary is “Mach-O” (Mach Object), which is the format of choice for the XNU micro-kernel. Understanding how the binary is laid out, and how to obtain this information, will be crucial to testing mobile devices and their applications.
📄️ Mach-O Build Information
At the end of 2020, Apple released the first ARM64 based computers (i.e., MacBook, iMac, etc.). Up to that point, ARM64 chips were only used in iOS, iPadOS, watchOS, & tvOS devices. This change could cause some confusion when simply looking at the raw binary. For instance, simply running the file command against an executable compiled for iOS & macOS, they will both look identical:
📄️ Decrypt iOS Executable
Any executable that comes from Apple (either in the OS or from the App Store) will be configured with the FairPlay DRM software which will encrypt a small section of the executable file. FairPlay DRM is how Apple keeps track of the application and the account and device(s) it should run on.
📄️ Manually Decrypt Executable
You will need to install a debugger on to the device. I would suggest installing lldb which should be available in the package manager.