TransWikia.com

Reverse engineer compressed iOS app file

Reverse Engineering Asked on March 3, 2021

I want to find out the compression method used by an iOS app used for music notation to store its files. The files of its OSX counterpart are zipped files. You cannot create files in the iOS app, but you can upload them using the desktop application to the application’s cloud server and from there download them to your iOS device for offline viewing. My findings so far:

  • The header of the files is 58 54 5A 00, which isn’t listed in any file signatures table I have searched in
  • The usual suspects, commands file and binwalk, do not identify the format
  • The entropy histogram is flat
  • Each time I download the same file from the server to the iOS device, a file of the exact same size but with different content (apart from the header 58 54 5A 00`) gets saved.
  • Altering hex values
    • last two bytes: file is read normally by the iOS app
    • third byte from the end: app becomes unresponsive when opening the folder the file is in. Since each file is shown as a thumbnail of the musical score I suspect this byte has something to do with the thumbnail.
    • Any other random byte: thumbnail is shown correctly, app doesn’t crash, but a blank page appears when the file is opened

The following files are actually all the same file downloaded from the server 4 times.


I have produced three files, the first contains “A”, the second “AA”, the third “AAA”. The first set of files comes from iOS, the second from OSX.

.

One Answer

I think these files are encrypted rather than compressed.

I've run file at all offsets from start and found format consistent across the files at the same offset.

The files have only a constant value in the first 4 bytes. The rest is high entropy.

The same content saved at different times produces a different binary file each time.

File sizes are similar in previous instances when content was different in size, indicating padding of some sort.

I think this is may how IOS handles file security for some apps

Answered by pythonpython on March 3, 2021

Add your own answers!

Ask a Question

Get help from others!

© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP