A collection of (public and private) types and functions definitions useful for iOS/macOS binaries analysis.
Would you rather re-define the same functions or types over and over as you work with different binaries?
- Go to
File > Load file > Parse C header filethen chooseIDA.hto import everything at once. Or, run this IDA command:idaapi.idc_parse_types("/path/to/IDAObjcTypes/IDA.h", idc.PT_FILE). - Copy
IDA.tilandIDA32.tiltotilfolder inside IDA application directory. - In IDA Pro, open
Type Librarieswindow viaView > Open subviews > Type librariesor pressShift + F11. - Right-click the type list and select
Load type library.... - Select
IDA(orIDA32if you target 32-bit binaries) and clickOKbutton.
TIL created via this command:
tilib -c -hIDA.h IDA.til -D__EA64__ -P -tIDAObjcTypes
tilib -c -hIDA.h IDA32.til -P -tIDAObjcTypes32Go to File > Load file > Parse C header file then choose IDA.h to import everything at once.
Or, run this IDA command: idaapi.idc_parse_types("/path/to/IDAObjcTypes/IDA.h", idc.PT_FILE)
- Go to
Analysis > Import Header File.... - In
Header File(s), browse forIDA.hin this project. - In
Compiler Flag(s), add-D__EA64__ -D__BINJA__. - Click
Importbutton.
- Go to
File > Parse C Source. - (Go to 6. if it's not the first time you do this) Clone
objc_mac_carbon.prfprofile into a new profile, calledOBJC.prf, for example. - Remove everything in
Source files to parse, and addIDA.hin this project to the list. - Add two additional flags:
-D__EA64__ -DGHIDRAto Parse Options. - Save
OBJC.prfprofile as you might use it later. - Click
Parse to Program, clickProceedif anything pops up. - Check
Data Type Managerwindow (at bottom-left), (long) right-click at<your-binary-name>and selectApply Function Data Types.
You have to manually specify the size of enum members if what you get is incorrect.
By default the headers target iOS 17+. If you are reversing an older binary, uncomment the matching #define near the top of IDA.h:
| Target iOS | Line to uncomment |
|---|---|
| iOS 17 or lower | // #define IOS17 |
| iOS 16 or lower | // #define IOS16 |
| iOS 15 or lower | // #define IOS15 |
| iOS 14 or lower | // #define IOS14 |
The defines cascade — uncommenting IOS14 also suppresses iOS 15, 16, and 17 additions automatically.
When analysing arm64e slices (iPhone XS / A12 and later), add -D__ARM64E__ to your import flags. This enables the ptrauth_strip / __ptrauth annotation macros defined in BaseTypes.h.
- AppSupport
- AssetsLibraryServices
- AudioToolbox
- AVFCapture
- AVFoundation
- CommonCrypto
- CoreAnimation
- CoreAudio
- CoreFoundation
- CoreGraphics
- CoreMedia
- CoreServices
- CoreText
- CoreVideo
- CydiaSubstrate (if you ever want to RE tweaks)
- Darwin
- dyld
- fishhook
- Foundation
- GraphicsServices
- icu
- IOMobileFramebuffer
- IOKit
- IOSurface
- Kernel
- MediaRemote
- MobileGestalt
- objc
- os
- PowerLog
- pthread
- QuartzCore
- sandbox
- Security
- SoftLinking
- SpringBoard
- SpringBoardHome
- sqlite
- Swift (WIP, PRs welcome)
- System (libSystem)
- SystemConfiguration
- UIKit
- xpc
PRs are welcome! Please follow these guidelines:
- File structure: Each framework should have a
FrameworkName/FrameworkName.hfor function declarations and aFrameworkName/Types.hfor type definitions. ImportTypes.hfrom the main header. - Source annotations: Use the comment conventions defined in
BaseTypes.h:- No annotation — from Apple SDK / official headers
// RE:— reverse-engineered; accuracy not guaranteed// from research— crowdsourced / community research// WIP— incomplete
- Version guards: Wrap definitions that first appeared in iOS 15/16/17 inside
#ifndef IOS15/#ifndef IOS16/#ifndef IOS17guards respectively. - Regenerate .til files: After changing headers, run
./build.sh /path/to/tilibto updateIDA.tilandIDA32.til.