In the life of a software engineer, you always learn and gain experience from other people, other products, other ideas.
If you are a web developer, you want to know the design and layout of a certain website. Let’s say you are interested in Facebook’s website and want to know how they create their web layout. You can use your browser’s inspector function. But what if you are an iOS engineer? How can you do that?
This article is for you. Yes, you are an iOS engineer.
1. Situations
If you are an iOS engineer, you already know that Xcode has a build-in tool called Xcode inspector that allows you to inspect an application’s UI while debugging it in Xcode.
But how do you inspect other applications, Facebook for example
2. Preparing
Before we start, we need a paid Apple Developer account and prepare somethings.
1.1 Install tools
You need to install optool, it will help us work with the Mach-O binary.
We could easily install optool by download a releases and move it to usr/local/bin
1.2 Prepare certificate and provisioning profile
- We need to create a Development Certificate from Apple Developer Console by following guide and install to your machine.
- We need a Wildcard app ID, we could create it from Apple Developer console by following guide. In this article, I created a app id
com.demo.* - We need an iOS App Development provisioning profile for the app ID that we created by following guide
1.3 Download Lookin mac OS app
You can download a free Lookin mac OS app from https://lookin.work/
This app will show us the UI of the app we are inspecting.
1.4 Download LookinServer framework
LookinServer framework will act like a server to inspect elements in the app and send info to Lookin mac OS.
You could build it from source or download it from my pre-built.
3. Let’s do it
In this article, I will try to inspect UI of iOS Facebook app.
We need to do something, I will break it to some step.
– Get a decrypted ipa file for the app you want to inspect
– Inject Lookin framework into ipa file
– Code sign app with your certificate and provisioning profile
3.1 Get a decrypted ipa file
There are some ways you can get a decrypted ipa file:
– Dump from jailbroken device
– Download from some website: https://decrypt.day, https://www.iphonecake.com, etc
3.2 Start real job
To inject and resign the ipa, you could download my small application.
I already code and push it into https://github.com/vikage/ipa-resigner
First step, Let’s download the repo to your machine.
Next step, you copy provisioning profile, ipa file and LookinServer.framework to the ipa-resigner folder like below image.
Next step, we need to get your installed certificate name by run this command in terminal security find-identity -v -p codesigning
If we received more than 1 certificate, you should pick a propriate
Let’s copy string like highlighted text in above picture and save to some place.
Final, open terminal, change directory to ipa-resigner and run the command, you need to put your certificate name and bundle before you run.
python3 inject_framework.py \
--ipa app.ipa \
--profile profile.mobileprovision \
--certificate "Put your certificate name here" \
--bundle "Put a new bundle id here" \
--framework LookinServer.frameworkAfter command run successful, you got a resigned file. In this case, I will have com.demo.Facebook-resigned.ipa
3.3 Install ipa to your device
In this step, you need to install ipa on your device. We have some ways, like using Xcode or Apple Configurator. I prefer Apple Configurator
After installing ipa on your device, open the Lookin app on your Mac and also open the new Facebook app on your iPhone.
Choose a device in Lookin mac app, Enjoy 😎
