Stripped or not ? iOS App with unnamed symbol in LLDB
Reverse Engineering Asked by Kojuda on May 24, 2021
I am faced with an ambiguity being a novice. I’m trying to reverse an iOS application with LLDB and all the function coming from the app (native) are labeled as unnamed_symbol in the backtrace :
The problem is that several other tools are able to retrieve these native symbols :
nm Application –add-dyldinfo :
Hopper :
Frida-trace with a demangled form :
But MachOView has not these symbols in its Symbol Table or Dynamic Symbol Table but in its sections __TEXT,__objc_methname and __TEXT,__cstring. I really don’t have a clue on what is going on. Is this app really stripped ? If yes, how Hopper and the other softwares are able to make the link between the symbols and the addresses since they aren’t in the symtab.
Thanks for reading.
(Additional newbie question : why are there a lot of symbols coming from external framework in the symtab, aren’t they supposed to be in the dsymtab ? I’m quiet confused.
Add your own answers!
Ask a Question
Get help from others!
Recent Answers
- Peter Machado on Why fry rice before boiling?
- Jon Church on Why fry rice before boiling?
- haakon.io on Why fry rice before boiling?
- Lex on Does Google Analytics track 404 page responses as valid page views?
- Joshua Engel on Why fry rice before boiling?
Recent Questions
- How can I transform graph image into a tikzpicture LaTeX code?
- How Do I Get The Ifruit App Off Of Gta 5 / Grand Theft Auto 5
- Iv’e designed a space elevator using a series of lasers. do you know anybody i could submit the designs too that could manufacture the concept and put it to use
- Need help finding a book. Female OP protagonist, magic
- Why is the WWF pending games (“Your turn”) area replaced w/ a column of “Bonus & Reward”gift boxes?