Over the last decade, mobile devices have taken over the consumer market for computer hardware. Almost all these mobile devices run either Android or iOS as their operating systems. In 2014, Apple introduced the Swift programming language as an alternative to Objective C for writing iOS and macOS applications. The rising
adoption of this new language has to some extent obsoleted existing techniques for program analysis for these platforms, like method swizzling and "class-dump".
In this paper we discuss features of Swift binaries that help in reverse engineering the functionality of the contained code: We document the memory layout of compound data types and the calling convention used by the Swift compiler, as well as the runtime type information that is used by runtime and debugger when data types are
not known statically. This type information is rich enough to allow an almost full recovery of the definition of most Swift data types, e.g. including even the names and offset of the members of compound data types.
Based on these findings, we introduce the open source swift-frida library for iOS built on top of the Frida instrumentation framework. It provides this information about all public and many private Swift data types in a process. It allows transparent read/write access to Swift variables and their data members with known type and memory location.
Malte Kraus recently graduated with a M.Sc. in computer science from Friedrich-Alexander University Erlangen-Nuremberg. He likes to build things that break other things and has been playing CTFs since 2013.
Vincent Haupert is a research fellow and PhD candidate at the IT Security Infrastructures Lab of the Friedrich-Alexander University Erlangen-Nürnberg (FAU) in Germany. His main interests are authentication, system security and software protection of mobile devices. Particularly the security of FinTechs and mobile banking is one of his major research subjects.