I will show that iOS/macOS apps can be easily decompiled using just a hexeditor. I will also show a MachObfuscator – a completely new approach to iOS/macOS app obfuscation. MachObfuscator is written in pure Swift and doesn’t require a source code – it modifies compiled executables directly.
0xFEEDFACE is a magic number which can be found in the first four bytes of executables in Apple’s ecosystem. What comes afterwards? This is what I will talk about in my presentation. I will concentrate on Mach-O files (iOS, macOS, etc.), but a general idea is very similar for ELF and PE executables. Additionally, I will show you an entirely new approach to app obfuscation.