2025-08-05 –, Firenze
iOS reverse engineering can seem daunting – where do you even begin? With jailbreaking iOS becoming increasingly difficult each year, you can no longer simply attach a debugger to your phone and analyse an app’s behaviour as you once could. However, new tools and frameworks have emerged that make it possible to modify apps without a jailbreak. This talk is designed as a practical guide from zero to hero, using the YouTube app as a case study – specifically, modding it to remove short-form content.
We’ll cover the history of iOS reverse engineering and tweak development, iOS app packaging, dynamic analysis, method swizzling, and in-app debugging. Plus, with the advent of Apple Silicon Macs, you don’t even need an iPhone to start reverse-engineering iOS apps.
I was wasting far too much time mindlessly scrolling through YouTube Shorts—especially the black hole that is clips from Suits. After watching a few of Bryce Bostwick’s videos on YouTube, I was inspired to take matters into my own hands and figure out how I could rip out all short-form content entirely. After a few days of haxxing, I managed to do just that. This talk is a practical guide I wish I’d had when starting out—an introduction to practical iOS reverse engineering for beginners. What I found was that most online resources on iOS reverse engineering assume you have a jailbroken device you can simply connect to via GDB. That’s what makes this interesting to me—I added the constraint of doing everything on a non-jailbroken device.
This talk will briefly explore the history of iOS reverse engineering and then move into practical techniques like:
- Dynamic Analysis with Frida: How to hook into iOS apps at runtime, inspect function calls, and modify behaviour on the fly
- Method Swizzling: Overriding Objective-C/Swift methods to change how apps function without modifying binaries
- FLEX – In-app debugging and exploration
- Theos and Tweak Development
Navan is a person of far too many varied interests. He likes to say that, at the end of the day, what matters most to him is how fun and challenging the problem is—not whether he has any prior experience—because you can always learn more (that’s the engineering god complex in him speaking). He has wasted an impressive amount of time working with Python, Swift, shell scripts, and OpenWRT. When not attempting to watch the entirety of Doctor Who in one sitting, Navan can be found in the great outdoors in his crocs, trying to come up with imaginative ways to get injured.