How to Deobfuscate Crash Stack Traces for Debugging iOS Apps

Last updated February 19, 2024 by Appdome

Learn how to deobfuscate stack traces for debugging iOS apps. Troubleshooting tips for mobile code obfuscation

As part of Appdome’s protection for applications, Appdome offers Control-Flow Relocation to any iOS mobile app. Appdome’s deobfuscation tool allows the application owner to recover the correct stack trace from the crash report.

This Knowledge Base article provides step-by-step instructions for getting and using Appdome’s deobfuscation tool.

Deobfuscating iOS stack trace (crash reports) with Appdome deobfuscation tool

Appdome is a no-code mobile security platform that allows customers to add various features, SDKs and APIs to Android and iOS applications. Using a simple ‘click to add’ user interface, anyone can easily add various code obfuscation methods to any mobile application – in seconds, no-code or coding required.

There are no development or coding prerequisites to use Appdome. For example, there is no SDK, libraries, or plug-ins to implement. Likewise, there is no requirement to mark, symbolicate or manually obfuscate code inside Android or iOS apps. Appdome’s technology automatically obfuscates the mobile app binary as if multiple obfuscation methods were natively coded in the app.

Sometimes when an app built with Control-Flow Relocation crashes, the crash report does not provide the reason for the crash.

In the example shown below, a sample application, “Professor” crashes when trying to rub the function this_should_crash, but the crash report only shows some random address:

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [0]
Triggered by Thread:  0

Filtered syslog:
None found

Thread 0 name:  Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0   ???                           	0x000000010224c06c 0 + 4330930284
1   professor                     	0x0000000102240f50 -[UIButton(PuzzleWord) markWordSelected] + 20304 (PuzzleWord.m:14)
2   professor                     	0x0000000102242300 -[PuzzleView wordSelected:] + 25344 (PuzzleView.m:158)
3   UIKit                         	0x000000018af8164c -[UIApplication sendAction:to:from:forEvent:] + 96
4   UIKit                         	0x000000018b0a2870 -[UIControl sendAction:to:forEvent:] + 80
5   UIKit                         	0x000000018af87700 -[UIControl _sendActionsForEvents:withEvent:] + 440
6   UIKit                         	0x000000018b0bd1a8 -[UIControl touchesEnded:withEvent:] + 572
7   UIKit                         	0x000000018b0049e0 -[UIWindow _sendTouchesForEvent:] + 2428

After running Appdome’s deobfuscation tool, the report provides much more reasonable information:

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [0]
Triggered by Thread: 0

Filtered syslog:
None found

Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 professor                     	0x0000000102243e90 this_should_crash + 32400 (main.m:21)
1 professor                     	0x0000000102240f50 -[UIButton(PuzzleWord) markWordSelected] + 20304 (PuzzleWord.m:14)
2 professor                     	0x0000000102242300 -[PuzzleView wordSelected:] + 25344 (PuzzleView.m:158)
3 UIKit                         	0x000000018af8164c -[UIApplication sendAction:to:from:forEvent:] + 96
4 UIKit                         	0x000000018b0a2870 -[UIControl sendAction:to:forEvent:] + 80
5 UIKit                         	0x000000018af87700 -[UIControl _sendActionsForEvents:withEvent:] + 440
6 UIKit                         	0x000000018b0bd1a8 -[UIControl touchesEnded:withEvent:] + 572
7 UIKit                         	0x000000018b0049e0 -[UIWindow _sendTouchesForEvent:] + 2428

You can also choose not to symbolicate the file, and only correct the obfuscated addresses:

Termination Signal: Segmentation fault: 11
Termination Reason: Namespace SIGNAL, Code 0xb
Terminating Process: exc handler [0]
Triggered by Thread: 0

Filtered syslog:
None found

Thread 0 name: Dispatch queue: com.apple.main-thread
Thread 0 Crashed:
0 professor                     	0x0000000102243e90 0x10223c000 + 32400
1 professor                     	0x0000000102240f50 -[UIButton(PuzzleWord) markWordSelected] + 20304 (PuzzleWord.m:14)
2 professor                     	0x0000000102242300 -[PuzzleView wordSelected:] + 25344 (PuzzleView.m:158)
3 UIKit                         	0x000000018af8164c -[UIApplication sendAction:to:from:forEvent:] + 96
4 UIKit                         	0x000000018b0a2870 -[UIControl sendAction:to:forEvent:] + 80
5 UIKit                         	0x000000018af87700 -[UIControl _sendActionsForEvents:withEvent:] + 440
6 UIKit                         	0x000000018b0bd1a8 -[UIControl touchesEnded:withEvent:] + 572
7 UIKit                         	0x000000018b0049e0 -[UIWindow _sendTouchesForEvent:] + 2428

How to get Appdome’s deobfuscation tool for Deobfuscating iOS crash reports

Get the deobfuscation tool for you fused app

  1. Click and open the Build tab
  2. Click the GO/ DEV icon at the bottom of the screen to get to the App Workflow Summary screen.
  3. In the App Workflow Summary screen, click Download crash report deobfuscator to download the script.

Alternatively, you can navigate to the App Validation screen and upload your application. When the validation is completed, the App Workflow Summary screen will show up.

How to use Appdome’s deobfuscation tool on your app reports to de0bfuscate stack traces in iOS apps

You are strongly advised to run the deobfuscation tool on the same Mac computer used for developing the application, to avoide the need for any additional file for performing the symbolication process.

If you are running the deobfuscation tool on a different computer, you will need to provide the dSYM folder created by Xcode when building the application and specify the path for the symbol file inside it when using the tool. For example, in the sample application “Professor”, the path for the symbol file is:

professor.app.dSYM/Contents/Resources/DWARF/professor

The tool must receive the crash report file as an argument. In addition, one or more of the following arguments can be specified:

  • -o,--outfile :Path to the output file
  • -f,--override :Overwrite the input crash file instead of creating an output file
  • -ns,--dont_symbolicate :Do not symbolicate the crash report, only fix the crash addresses
  • -s <symbol file>,--dsym <symbol file> :Path to the corresponding symbol file in the dSYM bundle.

Note:

The obfuscation of the application is unique (unique per application and per fusion instance). and therefore varied between builds. As a result, you must use the tool that was generated for the build of the crashing app. If you use the wrong tool for the application, the tool itself will recognize the mismatch and alert you.

Related Articles

How Do I Learn More?

If you have any questions, please send them our way at support.appdome.com or via the chat window on the Appdome platform.

Thank you!

Thanks for visiting Appdome! Our mission is to secure every app on the planet by making mobile app security easy. We hope we’re living up to the mission with your project. If you don’t already have an account, you can sign up for free.

Appdome

Want a Demo?

Mobile Code Obfuscation

GilWe're here to help
We'll get back to you in 24 hours to schedule your demo.