1
00:00:00,000 --> 00:00:03,689
‫-: Hi. Within this lecture we are going to see the overview

2
00:00:03,689 --> 00:00:07,770
‫of this hopper disassembler and then we're going to learn

3
00:00:07,770 --> 00:00:11,040
‫about something called hexadecimal.

4
00:00:11,040 --> 00:00:13,470
‫So let's start over here.

5
00:00:13,470 --> 00:00:18,470
‫At the left hand side you will see a panw containing labels.

6
00:00:19,020 --> 00:00:22,170
‫So if you scroll down or scroll up a little bit

7
00:00:22,170 --> 00:00:24,720
‫you will see some sort

8
00:00:24,720 --> 00:00:29,720
‫of labels that can identify what they're used for.

9
00:00:29,970 --> 00:00:32,670
‫Like did finish launching with options

10
00:00:32,670 --> 00:00:37,670
‫or will resign active or view did load actually.

11
00:00:38,400 --> 00:00:41,790
‫So you can try to find the functions that you are

12
00:00:41,790 --> 00:00:46,023
‫looking for when you come over here and click on them.

13
00:00:46,890 --> 00:00:49,710
‫For example, I clicked on the view did load

14
00:00:49,710 --> 00:00:53,730
‫and it took me to the related assembly code

15
00:00:53,730 --> 00:00:55,230
‫for view did load.

16
00:00:55,230 --> 00:00:57,660
‫So we understand that this is the beginning

17
00:00:57,660 --> 00:01:01,320
‫of the view did load and maybe you don't know assembly

18
00:01:01,320 --> 00:01:03,810
‫maybe you don't know how this work

19
00:01:03,810 --> 00:01:05,940
‫but it really doesn't matter.

20
00:01:05,940 --> 00:01:10,290
‫For example, over here you will see a command like push

21
00:01:10,290 --> 00:01:14,640
‫and you will see what it does on the right hand site.

22
00:01:14,640 --> 00:01:17,580
‫For example, if you look over here

23
00:01:17,580 --> 00:01:20,910
‫the command here is that push, okay?

24
00:01:20,910 --> 00:01:25,620
‫At the right hand side you see some R7 and LR

25
00:01:25,620 --> 00:01:29,130
‫and it's regarding to some registers.

26
00:01:29,130 --> 00:01:30,330
‫So let me explain

27
00:01:30,330 --> 00:01:33,450
‫in this section so you will understand it better.

28
00:01:33,450 --> 00:01:36,420
‫So it moves some values.

29
00:01:36,420 --> 00:01:38,430
‫So R7 is a register

30
00:01:38,430 --> 00:01:42,810
‫it's kind of a location that we hold values, okay?

31
00:01:42,810 --> 00:01:47,580
‫And what it does on this line is to move this SP value

32
00:01:47,580 --> 00:01:50,160
‫into the R7 register.

33
00:01:50,160 --> 00:01:52,110
‫So it's changing places

34
00:01:52,110 --> 00:01:56,910
‫like it's having this value of SP

35
00:01:56,910 --> 00:01:58,590
‫in its register.

36
00:01:58,590 --> 00:02:02,460
‫And as you can see there is add command over here as well.

37
00:02:02,460 --> 00:02:05,940
‫So it adds these two values together.

38
00:02:05,940 --> 00:02:10,380
‫So every line does something, okay?

39
00:02:10,380 --> 00:02:13,170
‫And of course you have to know every term

40
00:02:13,170 --> 00:02:15,450
‫you have to know every command

41
00:02:15,450 --> 00:02:17,910
‫in order to fully understand this.

42
00:02:17,910 --> 00:02:21,450
‫As I said before, it will take a lot of time.

43
00:02:21,450 --> 00:02:23,100
‫So if you wanna do that, it's great.

44
00:02:23,100 --> 00:02:26,670
‫Just take an assembly course from scratch

45
00:02:26,670 --> 00:02:28,710
‫that would be great for you

46
00:02:28,710 --> 00:02:31,680
‫but you don't need to know that much

47
00:02:31,680 --> 00:02:33,930
‫in order to reverse engineer.

48
00:02:33,930 --> 00:02:35,460
‫So what we are going to do

49
00:02:35,460 --> 00:02:38,310
‫during this lectures is to understand how

50
00:02:38,310 --> 00:02:42,660
‫we can gather information with reading this codes

51
00:02:42,660 --> 00:02:46,470
‫and so that we can use it to manipulate our apps.

52
00:02:46,470 --> 00:02:48,990
‫Okay? And at the right hand side over here

53
00:02:48,990 --> 00:02:52,170
‫you'll see some comment like green ones.

54
00:02:52,170 --> 00:02:56,310
‫So over here you can see very useful information

55
00:02:56,310 --> 00:03:00,543
‫that you can leverage in your reverse engineering process.

56
00:03:01,380 --> 00:03:02,213
‫And that's it.

57
00:03:02,213 --> 00:03:05,940
‫That's different sections for different methods,

58
00:03:05,940 --> 00:03:07,254
‫different functions,

59
00:03:07,254 --> 00:03:10,590
‫and all the lines are doing some stuff that we

60
00:03:10,590 --> 00:03:13,080
‫can understand by looking at the command

61
00:03:13,080 --> 00:03:17,135
‫and the values and the comment site at the right

62
00:03:17,135 --> 00:03:19,950
‫at the right side of the screen.

63
00:03:19,950 --> 00:03:22,410
‫If you come over here to this tab,

64
00:03:22,410 --> 00:03:25,770
‫you can see a diagram, okay?

65
00:03:25,770 --> 00:03:30,450
‫And this is the same code, but it actually visualizes it

66
00:03:30,450 --> 00:03:33,840
‫so that we can understand it in a better way.

67
00:03:33,840 --> 00:03:38,840
‫Like it shows us the connections between these coding blocks

68
00:03:39,210 --> 00:03:42,030
‫so we can understand which block leads

69
00:03:42,030 --> 00:03:47,030
‫to another and what does that block do in real coding life.

70
00:03:48,360 --> 00:03:53,360
‫So as you can see there is a third tab as well.

71
00:03:53,490 --> 00:03:56,640
‫And this is like a pseudo code.

72
00:03:56,640 --> 00:04:00,390
‫And this is a hypothetical code that is generated

73
00:04:00,390 --> 00:04:02,940
‫by the hopper disassembler itself

74
00:04:02,940 --> 00:04:06,870
‫and is trying to represent a real code like this.

75
00:04:06,870 --> 00:04:10,920
‫So maybe you can understand the code structure

76
00:04:10,920 --> 00:04:12,360
‫in a better way, but

77
00:04:12,360 --> 00:04:15,780
‫by just looking at the third tab over here.

78
00:04:15,780 --> 00:04:18,180
‫Of course, this is not the source code,

79
00:04:18,180 --> 00:04:20,220
‫this is only a representation,

80
00:04:20,220 --> 00:04:25,220
‫a guess out of the assembly code, okay?

81
00:04:25,230 --> 00:04:29,580
‫And as you can see, we still see the strings that commence

82
00:04:29,580 --> 00:04:32,580
‫like this, like private jailbreak txt.

83
00:04:32,580 --> 00:04:37,580
‫So these are actual values that can be very useful for us.

84
00:04:37,980 --> 00:04:41,340
‫Like it's looking for Cydia app obviously.

85
00:04:41,340 --> 00:04:42,819
‫And remember the Cydia app

86
00:04:42,819 --> 00:04:46,770
‫in jail breaking device, jail breaking section.

87
00:04:46,770 --> 00:04:50,430
‫So it's most probably looking for a Cydia app

88
00:04:50,430 --> 00:04:53,730
‫and if it's there then it means that it's jail broken.

89
00:04:53,730 --> 00:04:56,970
‫Okay? So there a lot of hints

90
00:04:56,970 --> 00:04:59,700
‫a lot of clues that we can gather out of this

91
00:04:59,700 --> 00:05:04,110
‫IOS hopper disassembler reverse engineering section

92
00:05:04,110 --> 00:05:08,640
‫even though we are not masters of assembly.

93
00:05:08,640 --> 00:05:12,120
‫And at the fourth tab we see a representation

94
00:05:12,120 --> 00:05:14,430
‫by hexadecimal values.

95
00:05:14,430 --> 00:05:18,180
‫Now this is kind of binary but it's not.

96
00:05:18,180 --> 00:05:20,070
‫So in binary we had ones

97
00:05:20,070 --> 00:05:25,070
‫and zeros and in hexadecimals we have different numbers.

98
00:05:25,500 --> 00:05:29,160
‫So in order to comprehend this in a better way

99
00:05:29,160 --> 00:05:31,620
‫I'm going to start with decimals.

100
00:05:31,620 --> 00:05:33,840
‫So this has 10 bays

101
00:05:33,840 --> 00:05:37,050
‫this has 10 figures in order to represent numbers

102
00:05:37,050 --> 00:05:40,800
‫and this is what we use in real life.

103
00:05:40,800 --> 00:05:43,920
‫So let me explain this with an example.

104
00:05:43,920 --> 00:05:45,900
‫So maybe you have done this example

105
00:05:45,900 --> 00:05:48,240
‫in high school or middle school, I don't know.

106
00:05:48,240 --> 00:05:51,750
‫In math class we have the 215 number

107
00:05:51,750 --> 00:05:56,750
‫and we can represent it by just breaking it down.

108
00:05:57,240 --> 00:05:58,073
‫For example,

109
00:05:58,073 --> 00:06:02,190
‫we can multiply the numbers like this, five times 10

110
00:06:02,190 --> 00:06:04,500
‫to the power zero, one times 10

111
00:06:04,500 --> 00:06:07,890
‫to the power of one, and two times 10 to the power two.

112
00:06:07,890 --> 00:06:11,010
‫So if we add all this numbers together

113
00:06:11,010 --> 00:06:12,663
‫of course we get 215.

114
00:06:14,430 --> 00:06:19,430
‫So this is 10, this is five, and two times 100 is 200.

115
00:06:21,780 --> 00:06:25,290
‫So why do we use this notation?

116
00:06:25,290 --> 00:06:27,090
‫Why do we do this calculation?

117
00:06:27,090 --> 00:06:29,100
‫It's very basic, right?

118
00:06:29,100 --> 00:06:34,100
‫It's very not useful, but actually it's very useful.

119
00:06:34,140 --> 00:06:37,710
‫We can break down the decimals like this

120
00:06:37,710 --> 00:06:40,047
‫and we can break down the hexadecimals

121
00:06:40,047 --> 00:06:44,670
‫and we can break down the binaries like this as well.

122
00:06:44,670 --> 00:06:49,050
‫So if you have 514 for example, you can represent it

123
00:06:49,050 --> 00:06:52,421
‫by four times 10 to the power zero, one times 10

124
00:06:52,421 --> 00:06:56,730
‫to the power one, and five times 10 to the power two.

125
00:06:56,730 --> 00:07:00,030
‫So this is 514, okay?

126
00:07:00,030 --> 00:07:03,330
‫And this is very basic as well

127
00:07:03,330 --> 00:07:07,470
‫because this is what we have used to in real life.

128
00:07:07,470 --> 00:07:09,540
‫But if we come over here to binary,

129
00:07:09,540 --> 00:07:12,420
‫like a machine language we'll see.

130
00:07:12,420 --> 00:07:16,890
‫So there is a number over here, which is 1, 1, 0, 1, 1, 0 1.

131
00:07:16,890 --> 00:07:19,260
‫So what does this mean?

132
00:07:19,260 --> 00:07:23,340
‫We can actually break down this number as we have done

133
00:07:23,340 --> 00:07:25,350
‫in the decimal as well.

134
00:07:25,350 --> 00:07:27,180
‫So what do I mean?

135
00:07:27,180 --> 00:07:32,180
‫We can just select the numbers, figures from here like that.

136
00:07:33,510 --> 00:07:38,510
‫And rather than powers of 10, we can use powers of two.

137
00:07:38,640 --> 00:07:42,600
‫So for example, in the first place we have one

138
00:07:42,600 --> 00:07:46,980
‫and this is one times two to the power zero.

139
00:07:46,980 --> 00:07:50,790
‫And this is zero times two to the power one, one times two

140
00:07:50,790 --> 00:07:54,000
‫to the power two and two to the power three

141
00:07:54,000 --> 00:07:56,940
‫two to the power four, five, and six.

142
00:07:56,940 --> 00:08:01,740
‫So this is exactly what we have done in the decimals.

143
00:08:01,740 --> 00:08:05,970
‫Now if you try to break it down by yourself,

144
00:08:05,970 --> 00:08:10,970
‫then you will see that if you add them up together

145
00:08:11,160 --> 00:08:12,300
‫like this okay?

146
00:08:12,300 --> 00:08:15,750
‫Just make sure you write it down, just make sure you

147
00:08:15,750 --> 00:08:20,580
‫calculate every number and then add them together

148
00:08:20,580 --> 00:08:23,310
‫and it'll give you 109.

149
00:08:23,310 --> 00:08:26,950
‫So this is in 10 base and 1, 1, 0, 1, 1, 0, 1

150
00:08:27,960 --> 00:08:30,690
‫is in two base, it's, it's in binary.

151
00:08:30,690 --> 00:08:35,010
‫And this 100, 109

152
00:08:35,010 --> 00:08:37,110
‫is in decimal.

153
00:08:37,110 --> 00:08:40,140
‫So as you can see, it's very efficient to use decimals

154
00:08:40,140 --> 00:08:42,390
‫rather than binaries.

155
00:08:42,390 --> 00:08:45,360
‫And there is a more efficient way as well.

156
00:08:45,360 --> 00:08:50,040
‫We can make it smaller as possible,

157
00:08:50,040 --> 00:08:52,170
‫smaller even than the decimal.

158
00:08:52,170 --> 00:08:57,170
‫If we increase the number of figures in our data set,

159
00:08:57,420 --> 00:09:02,420
‫so far we have 0, 1, 2, 3, 4, 5, 6, 7, 8, 9

160
00:09:03,360 --> 00:09:05,250
‫in decimal system.

161
00:09:05,250 --> 00:09:08,610
‫But we can add much more, right?

162
00:09:08,610 --> 00:09:13,610
‫So this is hexadecimal, as you can see it starts with zero

163
00:09:14,430 --> 00:09:18,390
‫but I didn't write zero for some reason, I don't know.

164
00:09:18,390 --> 00:09:20,040
‫But if you add zero over here

165
00:09:20,040 --> 00:09:25,020
‫you will see that it has 16 figures rather than 10.

166
00:09:25,020 --> 00:09:28,320
‫So it continues with A, B, C, D, E, F

167
00:09:28,320 --> 00:09:32,303
‫and they coincide with 10, 11, 12, 13, 14, and 15.

168
00:09:34,020 --> 00:09:36,480
‫Now we have 16 number over here

169
00:09:36,480 --> 00:09:40,170
‫16 figures to represent numbers.

170
00:09:40,170 --> 00:09:44,850
‫Now this is hexadecimal, just imagine zero over here.

171
00:09:44,850 --> 00:09:47,520
‫It's my mistake, okay?

172
00:09:47,520 --> 00:09:51,210
‫And you have 16, so it's in the base 16.

173
00:09:51,210 --> 00:09:55,380
‫Now we can use power of 16 rather than

174
00:09:55,380 --> 00:09:57,840
‫power of 10 like we have used

175
00:09:57,840 --> 00:10:01,050
‫over year or power of two, we have used our binary.

176
00:10:01,050 --> 00:10:04,500
‫Now we're going to use power of 16.

177
00:10:04,500 --> 00:10:07,800
‫So for example, maybe you can try to pause the video

178
00:10:07,800 --> 00:10:12,570
‫and try to change this value into decimals.

179
00:10:12,570 --> 00:10:17,570
‫So this is an A, 4, F, 6, hexadecimal number

180
00:10:18,030 --> 00:10:22,590
‫and you can represent it into represent it as decimal

181
00:10:22,590 --> 00:10:26,610
‫as a 10 base if you change it properly.

182
00:10:26,610 --> 00:10:31,610
‫So this is six times 16 to the power zero and so on.

183
00:10:32,100 --> 00:10:36,913
‫And if you add them together, you have this 42, 230 number.

184
00:10:39,030 --> 00:10:41,460
‫So as you can see, it's much more efficient to

185
00:10:41,460 --> 00:10:46,260
‫represent numbers with hexadecimal rather than binaries.

186
00:10:46,260 --> 00:10:49,440
‫So that's what you are seeing over here.

187
00:10:49,440 --> 00:10:54,440
‫Okay? This is kind of machine language, but it's really not

188
00:10:55,020 --> 00:10:59,520
‫because it's not binary, but it's kind of a representation.

189
00:10:59,520 --> 00:11:04,500
‫So you can try to convert binary into decimal and then

190
00:11:04,500 --> 00:11:09,500
‫to hexadecimal as an example, as a a practice for yourself.

191
00:11:11,250 --> 00:11:14,190
‫And another reason that I'm showing all of this

192
00:11:14,190 --> 00:11:18,420
‫to you is that hopper disassembler also limits

193
00:11:18,420 --> 00:11:22,020
‫to you if you change something in your assembly

194
00:11:22,020 --> 00:11:26,310
‫or in your hexadecimal, then you won't be able to turn it

195
00:11:26,310 --> 00:11:30,270
‫into an IPA in actually free mode.

196
00:11:30,270 --> 00:11:32,280
‫You have to pay for it.

197
00:11:32,280 --> 00:11:35,790
‫So if you change anything then you won't be able to

198
00:11:35,790 --> 00:11:38,610
‫compile it in the free version.

199
00:11:38,610 --> 00:11:41,010
‫Maybe you don't even need that.

200
00:11:41,010 --> 00:11:44,220
‫We are not going to do that in this section by the way

201
00:11:44,220 --> 00:11:47,910
‫but I'm just telling you as a general culture.

202
00:11:47,910 --> 00:11:51,027
‫So if you wanna do something like that

203
00:11:51,027 --> 00:11:55,230
‫you can actually download this iHex

204
00:11:55,230 --> 00:11:57,450
‫which is a hex editor, okay?

205
00:11:57,450 --> 00:11:59,040
‫It's very easy to download

206
00:11:59,040 --> 00:12:01,560
‫because it's already in the app store.

207
00:12:01,560 --> 00:12:04,650
‫So you can search for iHex okay?

208
00:12:04,650 --> 00:12:08,580
‫Like this on Google, iHex app Mac,

209
00:12:08,580 --> 00:12:12,540
‫and you can find iHex editor on Mac app store.

210
00:12:12,540 --> 00:12:16,170
‫It will direct you to the app store itself.

211
00:12:16,170 --> 00:12:17,760
‫And then you can download it

212
00:12:17,760 --> 00:12:20,940
‫by clicking on the download button over here.

213
00:12:20,940 --> 00:12:23,640
‫So it's very easy to install

214
00:12:23,640 --> 00:12:28,640
‫and it allows you to use hex editors

215
00:12:28,680 --> 00:12:31,800
‫hexadecimals in this editor and edit it

216
00:12:31,800 --> 00:12:34,530
‫and then just save it if you want.

217
00:12:34,530 --> 00:12:37,890
‫That's not what we are going to do within this lecture

218
00:12:37,890 --> 00:12:42,890
‫or within this section at all, but I'm just letting you know

219
00:12:42,930 --> 00:12:45,930
‫that hopper disassembler won't help you

220
00:12:45,930 --> 00:12:48,453
‫with that if you're using free version.

221
00:12:49,290 --> 00:12:52,260
‫So this is a very good place to stop

222
00:12:52,260 --> 00:12:54,150
‫and we are going to continue

223
00:12:54,150 --> 00:12:56,400
‫with our reverse engineering process

224
00:12:56,400 --> 00:12:57,993
‫within the next lecture.