Debugging iOS app with gdb on jailbroken iPod touch | Objective-C Symbols

Question

I'm looking to debug an app on a jailbroken iPod Touch 4, iOS (5.1.1) using. The only problem is GDB doesn't appear to have any knowledge of class/selector names for the app.

Attaching and setting address breakpoints work, but it cannot identify symbols when attempting to use objective-c names. For example, break -[Class Selector:] will fail. (I'm aware that + and - represent different class types.)

Also, I do not have the source for this app and will not be able to acquire it.

I'm looking to purely use GDB on the device without xcode or the source.

Has anyone successfully done this before? Thanks in advance for any answers.

Answer 1

Under the assumption that you're trying to debug an app from the store / a release build then your binary will have had the symbols stripped from it by the compiler. Only debug builds retain the symbols: there's no reason for release builds to keep them.

To find out the names you'll need to disassemble the binary manually and figure out what you need from there. This is a lengthy topic, too long to really type up in great detail here (O'Reilly's Hacking & Securing iOS Applications book has a good step by step tutorial).

Bear in mind that under the hood the Objective-C messaging framework is made up of C: if you're not familiar with things like the objc_msgSend series of functions you might find getting to know them better will help you along. Since every method invocation in Objective-C is sent using objc_msgSend you can effectively figure out class and method names by break-pointing every time it's called (or rather, breakpointing and automatically dumping the contents: it will be called so many times that to do it manually would take far too long).

However, this is only going to help you identify the symbol names: as the symbols are stripped from the binary you're still going to have to breakpoint on the addresses themselves.