• Being able to assess or study an iOS application
  • Being able to understand or explore most of iOS Userland components


During this training, we will dispense all the knowledge needed to study iOS applications to perform either a security assessment, or a comprehensive reverse engineering. We will focus on the latest versions of iOS (starting from 10). The training heavily relies on practice therefore numerous labs exercises will be done.

Target audience

  • Reverse engineers interested in iOS
  • Security engineers with no prior experience in iOS but who needs to assess apps or start studying the system.


3 days


  • Familiar with ARM assembly
  • Familiar with operating system concepts
  • Basic knowledge of Python


  • Binaries reversing
  • Small tools writing


Module 1

  • Introduction
  • Lab setup
  • Mach-O
    • Layout and loading of the Mach-O binary file format
  • Objective-C
    • Syntax description
    • Static reverse engineering (Structures, runtime)
  • Swift

Module 2

  • Applications
    • Hierarchy, resources
    • App life cycle
    • Static and dynamic analysis
    • Review API usage (cryptography, key storage,…)

Module 3

  • Dyld shared cache
    • Following the code through the libraries
  • XPC
    • Follow and analyse iOS IPC