Is there any routine to reverse engineer cryptographic algorithms?


Hi everybody !

I wonder if you have any tips, trick and / or routine to reverse engineer encryption algorithms used by iOS (or other) applications.

Since we can hook and inspect class’s method at runtime I think it could be easier for us. For example we could read and / or change input to make tests, set breakpoints with lldb, etc.

Let’s imagine you have an API with many tokens to understand, where would you start ? Do you have any tips, any routine ?




Not much.
Still, if the code is purely written in C without external function calls you can try use unicorn engine to emulate them and completely save your ass from all the trouble


Hey Zhang, thanks for answer. Could you give me more detail about how and why you would use Unicorn ? Regarding their repo:

Unicorn is a lightweight, multi-platform, multi-architecture CPU emulator framework based on QEMU.

Do you have any kind of “attack strategy” in mind?


for emulating functions where I dont bother reversing step by step.
For your use case(Judging by the history of english speaking users here,you are probably reversing instagram), this probably isn’t a very feasible option.

I’d say divide the target function by tokens and use callstack to see how each token is implemented, then finally add everything together


It’s not really for Instagram but more generally speaking :wink:

Ok ! Thanks for your hints ! :slight_smile: