Extract and Decode IPA File
For a lot of the information gathering, and static analysis of the mobile app, we need to first extract the IPA file. The IPA file is nothing more than a zip file which means we can extract it with existing tools on the macOS system.
To extract the IPA file:
/usr/bin/unzip -qq -d App filename.ipa
To decode the executable, and save the data our for post-processing:
# First obtain the executable name
/usr/libexec/PlistBuddy -c Print:CFBundleExecutable App/Payload/Example.app/Info.plist
# Dump headers from the executable (use the output of the last command for ${BINARY})
ktool dump --headers --out App/headers App/Payload/Example.app/${BINARY}
# Dump strings from the executable
/usr/bin/strings -n 6 binary > App/Strings.txt
# Dump classes & methods
/usr/bin/otool -oV binary > App/Classes_Methods.txt