Malimite 1.1
Laurie Wired (tweet, Hacker News):
Malimite is an iOS and macOS decompiler designed to help researchers analyze and decode IPA files and Application Bundles.
Built on top of Ghidra decompilation to offer direct support for Swift, Objective-C, and Apple resources.
Previously:
7 Comments RSS · Twitter · Mastodon
"Cross-platform". Unfortunately it's Java crap. Maybe it's useful to people who need it though.
At this point I'd rather have Java crap than Electron refuse.
That said, its UI is incredibly rough around the edges and full of non-native UI.
However, being able to reconstruct Swift classes would be extremely useful, especially when trying to reverse engineer some of Apple's binaries. I'm not sure how new that capability is. That's not something Hopper can do, at least as far as I'm aware. I've not used IDA Pro (and probably never will now that they've gone subscription) so I'm not sure if it could do that too.
@Ed: what a disrespectful comment. I don’t like it either but at this point I guess I have to be happy that, despite apple being apple, people can be bothered to write software that runs on the Mac at all.
Well, I tried to use this, but after running for 24 hours it still hasn't finished analyzing the binary I gave it. I don't think it's ready for prime time.
Modern software is pretty funny...
Seems like she wrote ghidra python scripts, got fed up with the limitations, and wrote this instead.
@Bri: have you analyzed the same binary with Ghidra? Is the slowness due to it or to Malimite? Sounds like there's an O(n^x) algorithm somewhere in it...
(I keep thinking it's called Marmite).
Update to my previous message: Actually from her talk it sounds like it's Ghidra trying to decompile every framework in the app.
I keep thinking it's Marmite too!
I tossed it an Apple binary -- Notification Center in this case -- so if it's also trying to decompile linked frameworks then perhaps 24 hours isn't long enough. I should try something simpler.
