The reverse engineering community has welcomed a new tool in the iOS and macOS analysis arsenal. Malimate, recently unveiled at the Objective By the Sea conference, brings advanced capabilities for decompiling and analyzing Apple platform applications, addressing several limitations of existing tools.
 |
|---|
| An overview of the Malimite project page, highlighting its purpose as an iOS and macOS decompiler for developers and researchers |
Enhanced Application Bundle Analysis
Malimate distinguishes itself by offering comprehensive support for complete application bundles, moving beyond the single-executable limitations of traditional decompilers. The tool is specifically designed to handle the unique structure of Apple application packages, which often contain multiple executables and specially encoded resource files. This holistic approach provides researchers with a more complete picture of the application under analysis.
LLM Integration for Code Translation
One of Malimate's innovative features is its optional LLM-powered code translation capability. The tool can convert C-pseudocode into approximations of the original Swift or Objective-C code, significantly reducing the time needed for manual analysis. While not promising 100% accuracy, this feature represents a practical application of AI in reverse engineering workflows.
It's more like LLM-optional... As it turns out, LLMs are quite good at 'converting' C-Pseudocode into an approximation of the original Swift or Objective-C code... Of course, it's not 100% accurate, but significantly easier to read, and I find it to save hours of manual research.
Accessibility and Platform Support
Despite initial concerns about iOS app analysis requirements, community discussions have revealed that jailbreaking is not necessarily required for app analysis. Users can leverage tools like TrollStore/TrollDecrypt to obtain the necessary access, though this relies on specific iOS version compatibility due to an AMFI/CoreTrust bug that affects iOS versions from 14.0 beta 2 through 16.6.1 and certain 16.7/17.0 releases.
Future Development
Built with flexibility in mind, Malimate's architecture includes a swappable back-end, suggesting potential future support for alternative decompilers beyond its current Ghidra foundation. This design choice positions the tool as a potentially evolving platform for iOS and macOS reverse engineering, similar to how JADX serves the Android community.
The release of Malimate marks a significant step forward in iOS and macOS reverse engineering capabilities, offering researchers and security professionals a more streamlined approach to application analysis while embracing modern technologies like LLM assistance.
Reference: Malimate: iOS and macOS Decompiler