Dissecting Apps

Episode #20 | 13 minutes | published on June 14, 2012
It can be helpful to draw inspiration from how existing applications are built. In this screencast, we'll look at how to extract & view images from iOS applications you've downloaded from the App Store. In addition, we'll use a proxy to intercept and inspect network traffic so you can see how application APIs behave.


Extracting images from an IPA package

First, find the app you've downloaded in iTunes. Right click on and click "Show in Finder". Next, download the appcrush script from the github repository:

cd ~/bin
wget https://raw.github.com/boctor/idev-recipes/master/Utilities/appcrush/appcrush.rb
chmod +x appcrush.rb

I have ~/bin in my path, so this script will be executable from anywhere on my system.

Note: If you don't have wget installed, you can install it with homebrew or just download this file manually.

Updating the script for the new developer directory

This script was written a while ago, so we'll have to edit it to account for the new location of the developer tools.

Open up the file and make the following modification:

developer_root = "`xcode-select --print-path`".chop
pngcrush = "#{developer_root}/Platforms/iPhoneOS.platform/Developer/usr/bin/pngcrush"

Once you have that, simply run it for a specific IPA on your system:

appcrush.rb PATH_TO_APP.ipa

This will run unzip & extract all images from the package, uncrushing each as it is extracted. You are left with a folder on your Desktop with the extracted images.

The last thing I'll note is that you should not use these images in your own applications. I think this technique is very useful to see how something was accomplished, but not for stealing other app developer's assets!

Inspecting Network Traffic with Charles

To inspect outgoing network traffic first run Charles. Under the Proxy menu, make sure Mac OS X Proxy is checked. Next, go to Proxy settings and make a note of the port it is running on. On my machine, it's running on 8888.

On the iOS Device, go to network settings, under your active Wi-Fi connection, scroll all the way to the bottom where it says HTTP Proxy. Choose Manual and enter the IP address of the machine running Charles, specifying the port number you noted above.

If you've done everything correctly, then you should be able to still access the network using Safari on your iOS device. In addition, any non-SSL traffic should be visible in the Charles interface.

Viewing HTTPS Traffic

The traffic running over an SSL connection is encrypted, so Charles will only show you garbage if you try to view it. To view this traffic, you have to have Charles self-sign the SSL certificate for the domain you're trying to reach.

Under the SSL tab, check Enable SSL Proxying. Then add the domain that you want to access over SSL, and Charles will self-sign a certificate for this domain.

You should then be able to view the traffic, even over HTTPS.

blog comments powered by Disqus