A Production-Grade iOS Decompiler & Reverse Engineering Suite
Deep Mach-O analysis, ARM64 disassembly, security posture analysis, control flow graphs, and 15+ advanced reverse engineering tools — all native on iOS.
Features • Installation • Usage • Architecture • Contributing
ReDyne is a comprehensive, native iOS application for reverse engineering and analyzing Mach-O binaries (dylibs, frameworks, executables). Built from the ground up with production-grade C/Objective-C/Swift, it brings desktop-class binary analysis capabilities to iOS devices.
- Production-Grade: ~38,100 LOC, zero build errors, zero warnings
- Native iOS: Optimized for iPhone and iPad with adaptive layouts
- High Performance: C-based parsing engines with bounds-checked, hardened parsers
- Comprehensive: 15+ analysis modules covering every aspect of Mach-O binaries
- Modern Binary Support: Full iOS 15+ chained fixups, Swift metadata, ARM64e
- Security Analysis: Binary security posture with 18 inspection rules
- Visual Analysis: Interactive control flow graphs, call graphs, hex viewer
- Professional Reports: HTML report generation with CSS styling
- Universal Binary Support: Automatic fat/thin binary detection
- Multi-Architecture: ARM64, ARM64e, x86_64 support
- Complete Load Commands: LC_MAIN, LC_FUNCTION_STARTS, LC_BUILD_VERSION, LC_SOURCE_VERSION, LC_RPATH, LC_DYLD_CHAINED_FIXUPS, LC_VERSION_MIN_*, and 30+ more
- Segments & Sections: Detailed analysis with protection flags, size, and offset mapping
- Parse Warning System: Non-fatal issues reported without crashing
- Bounds Checking: All parsers hardened against malformed input
- ARM64 Disassembler: Production-grade decoder with 100+ instruction types
- Data Processing (ADD, SUB, MOV, MOVZ, MOVN, MOVK)
- Load/Store (LDR, STR, LDP, STP, LDUR, STUR)
- Branches (B, BL, BR, BLR, RET, B.cond, CBZ, CBNZ, TBZ, TBNZ)
- Logical, Multiply/Divide, Compare, Shift, SIMD/FP, System instructions
- 100K Instruction Display: Paginated for large binaries
- Branch Detection: Automatic identification of control flow changes
- Cross-View Navigation: Tap any address to jump to disassembly, hex, or symbol
- Swift Runtime Demangling: Uses
swift_demanglefor$s,_$s,_T0,_Ttprefixed symbols - C++ Demangling: Uses
__cxa_demanglefor_Zprefixed symbols - Searchable: Both mangled and demangled names are searchable
- Applied Everywhere: Symbols, functions, cross-references, pseudocode
- Binary Hardening Checks: PIE, ARC, stack canaries, NX heap/stack, code signing, encryption
- Dangerous API Detection: system, popen, dlopen, exec*, fork, ptrace, task_for_pid
- Insecure Function Detection: gets, strcpy, strcat, sprintf, scanf, alloca
- Dangerous Entitlements: get-task-allow, task_for_pid-allow, private APIs
- Posture Rating: Good / Fair / Concerning / Poor with severity breakdown
- Rule-Based Inspection: 18 built-in rules across security, quality, compatibility, performance
- Call Graphs: Visual function call relationship graphs with Core Graphics rendering
- Jump Analysis: Branch target tracking and following
- Data References: Symbol and address resolution
- Symbolic Execution: ADRP+ADD pattern recognition
- Interactive Navigation: Tap any xref to jump to source or target
- Hierarchical Layout: BFS-based level assignment
- Basic Block Analysis: Automatic BB detection and splitting
- Edge Classification: True/false branches, loop-backs, calls, returns
- Interactive Visualization: Pinch-to-zoom, pan, auto-fit
- Color-Coded: Entry (blue), exit (red), conditional (orange)
- Type Descriptors: Parse
__swift5_typesfor classes, structs, enums - Protocol Conformances: Parse
__swift5_protofor protocol relationships - Field Descriptors: Parse
__swift5_fieldmdfor stored properties - Relative Pointer Resolution: Proper Swift 5 relative pointer following
- Standard Layout: Offset | 16 hex bytes (8+8 columns) | ASCII
- Virtual Scrolling: Handles files of any size efficiently
- Section Color Coding: Different background tints per section
- Go to Offset: Jump to any hex or decimal offset
- Null Byte Dimming: Visual distinction for zero bytes
- Modern iOS 15+ Support: Full chained fixups parsing
- All Pointer Formats: ARM64E, PTR_64, PTR_64_OFFSET variants
- Import Parsing: DYLD_CHAINED_IMPORT, ADDEND, ADDEND64 formats
- Chain Walking: Segment/page traversal with bounds checking
- Class Extraction: Parse
__objc_classlistsections - Method Discovery: Instance and class methods
- Property Analysis: @property declarations with type encoding
- Instance Variables: ivar layouts
- Categories & Protocols: Full metadata extraction
- Dyld Bind Info: All 12 bind opcodes with ULEB128 decoding
- Export Trie: Recursive traversal with depth limiting
- Chained Fixups Integration: Modern binaries automatically use chained fixups
- Library Dependencies: Full dylib dependency tree with versions
- 100K Import/Export Capacity: Handles large commercial binaries
- SuperBlob Parsing: Proper blob index structure
- CodeDirectory: CDHash, Team ID, Signing ID
- Entitlements: XML parsing and formatting
- Signature Type: Ad-hoc vs full signing detection
- Patch Sets: Organize patches into named sets with versioning
- Patch Templates: Built-in templates for common operations (SSL pinning bypass, jailbreak detection, NOP insertion)
- Verification: Validate original bytes before applying patches
- Audit Log: Full history of all patch operations
- Import/Export: Share patch sets as JSON
- Hex Pattern Search: Search for byte sequences with
??wildcards - ASCII String Search: Auto-convert quoted strings to hex
- Built-in Presets: MH_MAGIC, NOP sled, RET, BRK patterns
- Efficient Scanning: FileHandle-based chunked search
- Jump to Results: Tap any match to view in hex viewer
- Unified Search: Symbols, strings, functions, classes, methods, imports, exports, sections, segments
- Debounced Input: 300ms delay for responsive search
- Grouped Results: Results organized by category with match counts
- Navigation: Tap any result to jump to its detail view
- Binary Summary Card: File name, architecture, platform, UUID, entry point, PIE status
- Statistics Grid: Symbols, strings, instructions, functions, imports/exports, ObjC classes
- Security Overview: Posture rating, severity breakdown, dangerous API count
- Quick Actions: One-tap navigation to any analysis section
- Bidirectional Conversion: File offset to VM address and vice versa
- Section Resolution: Shows segment, section, and protection flags
- Nearest Symbol Lookup: Finds closest symbol with offset delta
- Quick Navigation: Jump to hex viewer or disassembly from result
- Persistent Bookmarks: Color-coded bookmarks at any address
- Annotations: Text comments at specific addresses
- Per-Binary Storage: Keyed by binary UUID
- Quick Add: Add from disassembly or symbol views
- Professional HTML Reports: CSS-styled with print media queries
- Complete Analysis: All sections from binary overview to symbol tables
- Share Integration: Email, AirDrop, save to Files, print
- Security Assessment: Color-coded severity indicators
- Adaptive Sidebar: 260pt sidebar navigation on regular-width devices
- Synchronized Selection: Sidebar and segmented control stay in sync
- Full-Width Detail: Content fills remaining space
- Symbol Diff: Added, removed, and modified symbols
- ObjC Class Diff: Class additions, removals, method count changes
- Security Comparison: Posture regression detection
- Import/Export Diff: New and removed dependencies
- Segment Size Comparison: Size changes with delta indicators
- TXT: Clean, readable text format
- JSON: Structured JSON with full metadata
- HTML: Styled HTML with syntax highlighting
- PDF: Multi-page PDF with professional typography
- Analysis Report: Comprehensive HTML report with all analysis data
- Share Sheet: Native iOS sharing integration
┌─────────────────────────────────────────────────────┐
│ UI Layer (Swift/UIKit) │
│ 28 ViewControllers • Adaptive iPad Layout │
│ Dashboard • Search • HexViewer • CallGraph • CFG │
├─────────────────────────────────────────────────────┤
│ Services Layer (Swift) │
│ 16 Services • Demangling • CFG • Xref • Reports │
│ BookmarkStore • InspectionRules • PatchService │
├─────────────────────────────────────────────────────┤
│ Bridge Layer (Objective-C) │
│ BinaryParserService • DisassemblerService │
│ ObjCParserBridge • EnhancedFilePicker │
├─────────────────────────────────────────────────────┤
│ Core Parsing Layer (C) │
│ 15 Modules • Bounds-Checked • Warning System │
│ MachOHeader • DisassemblyEngine • SymbolTable │
│ DyldInfo • ChainedFixups • SecurityAnalyzer │
│ ObjCParser • SwiftMetadata • PseudocodeGenerator │
│ ControlFlowGraph • CodeSignature • StringExtractor │
└─────────────────────────────────────────────────────┘
Core Parsing (C) — 15 modules
MachOHeader.c— Mach-O header/command parsing with 30+ LC_* typesDisassemblyEngine.c— ARM64 instruction decoding (100+ types)SymbolTable.c— Symbol table parsing with 500K capDyldInfo.c— Dyld bind/rebase/export with depth-limited recursionChainedFixups.c— iOS 15+ chained fixups (ARM64E, PTR_64)SecurityAnalyzer.c— Binary security posture analysisSwiftMetadata.c— Swift 5 type/protocol/field metadataObjCParser.c— Objective-C runtime analysisCodeSignature.c— Code signature and entitlementsControlFlowGraph.c— CFG construction and optimizationPseudocodeGenerator.c— High-level code reconstructionStringExtractor.c— C-string and CFString extractionARM64InstructionDecoder.c— Instruction set decoderRelocationInfo.c— Relocation data parsingClassDumpC.c— Objective-C class dumping
Services (Swift) — 16 services
SwiftDemangler.swift— Swift/C++ symbol demanglingSecurityPostureService.swift— Security analysis bridgeSwiftMetadataService.swift— Swift metadata bridgeCFGAnalyzer.swift— Control flow graph analysisXrefAnalyzer.swift— Cross-reference analysisImportExportAnalyzer.swift— Import/export with chained fixupsBookmarkStore.swift— Persistent bookmarks/annotationsInspectionRuleEngine.swift— 18-rule binary inspectionReportGenerator.swift— HTML report generationExportService.swift— Multi-format data exportBinaryPatchService.swift— Patch set managementBinaryPatchEngine.swift— Patch application engine
- Hardened Parsers: All C code has bounds checking, fread validation, safety caps
- Zero Trust Input: Every file offset validated before reading
- Graceful Degradation: Parse failures generate warnings, not crashes
- Memory Safety: Proper ownership contracts across C/ObjC/Swift boundaries
- Accessibility: Dynamic Type, VoiceOver labels, accessibility traits
- iOS: 16.0 or later
- Device: iPhone or iPad
- Storage: ~50 MB app + space for analyzed files
- Architectures: ARM64 (device), x86_64 (simulator)
-
Clone the Repository
git clone https://github.com/speedyfriend433/ReDyne.git cd ReDyne -
Open in Xcode
open ReDyne.xcodeproj
-
Configure Signing
- Select your development team in Xcode
- Update bundle identifier if needed
-
Build and Run
- Select your target device/simulator
- Press
Cmd+Rto build and run
- Xcode 15.0+
- macOS 14.0+ (Sonoma)
- Active Apple account (for device testing)
- Launch ReDyne on your iOS device
- Tap "Select Mach-O File" to open the file picker (first launch shows onboarding)
- Choose a dylib/framework to analyze
- Wait for analysis — the pipeline processes 10+ stages with progress reporting
- Explore the Dashboard — at-a-glance summary with stats, security, and quick actions
- Deep Dive into any section: Symbols, Strings, Disassembly, Functions
- Symbols: Full symbol table with demangled names, filterable and searchable
- Strings: Extracted from
__cstring,__cfstring,__objc_methnames, and more - Disassembly: Annotated ARM64 instructions with branch following
- Functions: Detected function boundaries with pseudocode
Access via the ellipsis menu:
| Tool | Description |
|---|---|
| Cross-References | Function calls and references with navigation |
| ObjC Classes | Objective-C runtime classes, methods, properties |
| Imports/Exports | Imported and exported symbols with library info |
| Dependencies | Linked libraries with versions |
| Code Signature | Code signing details and entitlements |
| Control Flow Graphs | Visual CFG with zoom and pan |
| Call Graph | Function call relationship visualization |
| Memory Map | Visual segment/section layout with R/W/X filtering |
| Pseudocode | High-level code reconstruction |
| Security Posture | PIE, ARC, canaries, NX, dangerous APIs |
| Binary Patching | Apply and manage binary patches |
| Hex Viewer | Raw binary viewer with section colors |
| Address Converter | File offset / VM address resolver |
| Pattern Scanner | Byte pattern search with wildcards |
| Binary Inspection | 18-rule automated quality/security check |
- Symbol to Disassembly: Tap a symbol, choose "View in Disassembly"
- Follow Branches: Tap a branch instruction to jump to its target
- Xref Navigation: Jump to source or target of any cross-reference
- Hex View: View any address in the hex viewer
- Bookmarks: Save addresses for quick return
Tap the magnifying glass to search across all analysis data — symbols, strings, functions, classes, methods, imports, exports, sections, and segments.
- Tap the share button to export as TXT, JSON, HTML, or PDF
- Choose "Analysis Report" for a comprehensive HTML report
- Share via AirDrop, Messages, Mail, or save to Files
Codebase:
- ~38,100 lines of C/Objective-C/Swift
- 15 C parsing modules
- 16 Swift service modules
- 28 view controllers
- 15 analysis types
- 100+ ARM64 instruction types
- 18 inspection rules
Capabilities:
- Analyze binaries up to 500MB
- Display 100,000+ disassembled instructions
- Parse 100,000+ imports/exports
- Demangle Swift and C++ symbols in real-time
- Generate professional HTML analysis reports
- Persistent bookmarks and annotations per binary
Completed:
- Mach-O parsing with 30+ load commands
- ARM64 disassembly (100+ instruction types)
- Swift symbol demangling
- LC_DYLD_CHAINED_FIXUPS (iOS 15+)
- Security posture analysis
- Swift metadata parsing
- Hex viewer
- Bookmarks and annotations
- Global search
- Analysis dashboard
- Cross-view navigation
- iPad sidebar layout
- Address converter
- Pattern scanner
- Call graph visualization
- Rule-based inspection
- HTML report generation
- Binary comparison (ObjC, security, imports, segments)
- Onboarding experience
- Accessibility (Dynamic Type, VoiceOver)
- Binary patching with templates
- Pseudocode generation
Remaining:
- Test binary corpus and golden tests
- Performance benchmarks and CI regression checks
- Capstone integration evaluation
- Swift type reconstruction
- Plugin architecture
- Some complex ObjC runtime structures not yet parsed (categories, deep hierarchy)
- x86_64 disassembly coverage is partial (ARM64 prioritized)
- Class dump ~60% complete (category merging, protocol conformance remain)
- Type reconstruction ~50% complete
See Issues for full list.
Contributions are welcome! Here's how you can help:
- Use GitHub Issues
- Include iOS version, device model
- Provide sample binary (if possible)
- Describe expected vs actual behavior
- Fork the repository
- Create a feature branch (
git checkout -b feature/amazing-feature) - Commit your changes (
git commit -m 'Add amazing feature') - Push to the branch (
git push origin feature/amazing-feature) - Open a Pull Request
- C code: bounds-checked, RAII, clear ownership,
safe_strncpypatterns - Swift: camelCase, protocol-oriented, Constants.Colors for theming
- Accessibility: VoiceOver labels on all interactive elements
- No force-unwraps in production code paths
This project is licensed under the MIT License - see the LICENSE file for details.
MIT License
Copyright (c) 2026 speedyfriend433
Permission is hereby granted, free of charge, to any person obtaining a copy
of this software and associated documentation files (the "Software"), to deal
in the Software without restriction, including without limitation the rights
to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
copies of the Software, and to permit persons to whom the Software is
furnished to do so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all
copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
SOFTWARE.
speedyfriend433
- GitHub: @speedyfriend433
- Email: [email protected]
- ARM Architecture Reference Manual — Instruction encoding specifications
- Apple Mach-O Documentation — File format details
- iOS Developer Community — Testing and feedback
- Open Source Contributors — Issue reports and PRs
Star this repo if you find it useful!
Made with care for the iOS reverse engineering community