npm - @leejungkiin/awkit - Versions diffs - 1.0.1 → 1.0.2 - Mend

@leejungkiin/awkit 1.0.1 → 1.0.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (13) hide show

package/README.md +3 -3
package/VERSION +1 -1
package/bin/awk.js +1 -1
package/core/GEMINI.md +4 -0
package/package.json +1 -1
package/skills/smali-to-kotlin/SKILL.md +521 -0
package/skills/smali-to-kotlin/library-patterns.md +189 -0
package/skills/smali-to-kotlin/smali-reading-guide.md +310 -0
package/skills/smali-to-swift/SKILL.md +749 -0
package/skills/smali-to-swift/framework-patterns.md +189 -0
package/skills/smali-to-swift/objc-reading-guide.md +388 -0
package/workflows/mobile/reverse-android.md +740 -0
package/workflows/mobile/reverse-ios.md +674 -0

package/skills/smali-to-swift/framework-patterns.md ADDED Viewed

@@ -0,0 +1,189 @@
+# 📦 iOS Framework Detection Patterns
+> Reference database for Step 0 (Framework Scanner).
+> Agent uses these patterns to identify third-party frameworks from IPA structure, class-dump headers, and Mach-O linked libraries.
+---
+## 🟢 Network & API
+| Detection Pattern | Framework | Latest Replacement | Action |
+|-------------------|-----------|-------------------|--------|
+| `Alamofire.framework` / `import Alamofire` | Alamofire | URLSession async/await | Evaluate |
+| `AFNetworking.framework` / `#import <AFNetworking/...>` | AFNetworking | URLSession async/await | Replace |
+| `Moya.framework` | Moya | URLSession + Endpoint enum | Evaluate |
+| `Apollo.framework` | Apollo (GraphQL) | Keep (current) | Add via SPM |
+| `SocketRocket.framework` / `SRWebSocket` | SocketRocket | URLSessionWebSocketTask | Replace |
+| `Starscream.framework` | Starscream | URLSessionWebSocketTask | Evaluate |
+| `SwiftyJSON.framework` | SwiftyJSON | Codable (built-in) | Replace |
+| `ObjectMapper.framework` | ObjectMapper | Codable | Replace |
+| `Mantle.framework` | Mantle | Codable | Replace |
+---
+## 🟡 Image Loading
+| Detection Pattern | Framework | Latest Replacement | Action |
+|-------------------|-----------|-------------------|--------|
+| `SDWebImage.framework` / `#import <SDWebImage/...>` | SDWebImage | Kingfisher / AsyncImage | Replace |
+| `Kingfisher.framework` | Kingfisher | Keep (current) | Add via SPM |
+| `Nuke.framework` | Nuke | Keep (current) | Add via SPM |
+| `PINRemoteImage.framework` | PINRemoteImage | Kingfisher | Replace |
+| `FLAnimatedImage.framework` | FLAnimatedImage | Kingfisher (GIF support) | Replace |
+---
+## 🔵 Reactive Programming
+| Detection Pattern | Framework | Latest Replacement | Action |
+|-------------------|-----------|-------------------|--------|
+| `RxSwift.framework` / `import RxSwift` | RxSwift | async/await + AsyncSequence | Gradual migrate |
+| `RxCocoa.framework` | RxCocoa | SwiftUI bindings | Replace |
+| `ReactiveSwift.framework` | ReactiveSwift | async/await + AsyncSequence | Replace |
+| `Combine` (Apple built-in) | Combine | Keep or migrate to AsyncSequence | Evaluate |
+| `PromiseKit.framework` | PromiseKit | async/await | Replace |
+---
+## 🟠 UI & Layout
+| Detection Pattern | Framework | Latest Replacement | Action |
+|-------------------|-----------|-------------------|--------|
+| `SnapKit.framework` / `import SnapKit` | SnapKit | SwiftUI layout | Replace |
+| `Masonry.framework` / `#import <Masonry/...>` | Masonry | SwiftUI layout | Replace |
+| `Cartography.framework` | Cartography | SwiftUI layout | Replace |
+| `Lottie.framework` / `import Lottie` | Lottie | Keep (has SwiftUI support) | Add via SPM |
+| `SVProgressHUD.framework` | SVProgressHUD | SwiftUI ProgressView | Replace |
+| `MBProgressHUD.framework` | MBProgressHUD | SwiftUI ProgressView | Replace |
+| `JGProgressHUD.framework` | JGProgressHUD | SwiftUI ProgressView | Replace |
+| `IQKeyboardManager.framework` | IQKeyboardManager | SwiftUI keyboard handling | Remove |
+| `TTTAttributedLabel.framework` | TTTAttributedLabel | SwiftUI Text + AttributedString | Replace |
+| `Hero.framework` | Hero | NavigationTransition / matchedGeometryEffect | Evaluate |
+| `DZNEmptyDataSet.framework` | DZNEmptyDataSet | SwiftUI ContentUnavailableView | Replace |
+| `SkeletonView.framework` | SkeletonView | SwiftUI .redacted(reason:) | Replace |
+| `Charts.framework` (danielgindi) | Charts | Swift Charts (iOS 16+) | Replace |
+| `FSCalendar.framework` | FSCalendar | Custom SwiftUI Calendar | Replace |
+---
+## 🟣 Firebase & Google
+| Detection Pattern | Framework | Action |
+|-------------------|-----------|--------|
+| `FirebaseAnalytics.framework` / `FirebaseCore` | Firebase Analytics | Add latest via SPM |
+| `FirebaseCrashlytics.framework` | Crashlytics | Add latest via SPM |
+| `FirebaseMessaging.framework` | FCM | Add latest via SPM |
+| `FirebaseAuth.framework` | Firebase Auth | Add latest via SPM |
+| `FirebaseFirestore.framework` | Firestore | Add latest via SPM |
+| `FirebaseDatabase.framework` | Realtime DB | Add latest via SPM |
+| `FirebaseStorage.framework` | Cloud Storage | Add latest via SPM |
+| `FirebaseRemoteConfig.framework` | Remote Config | Add latest via SPM |
+| `GoogleMobileAds.framework` | AdMob | Add latest via SPM |
+| `GoogleSignIn.framework` | Google Sign-In | Add latest via SPM |
+| `GoogleMaps.framework` | Google Maps | Add via SPM/CocoaPods |
+| `GooglePlaces.framework` | Google Places | Add via SPM/CocoaPods |
+---
+## 🔴 Social SDKs
+| Detection Pattern | Framework | Action |
+|-------------------|-----------|--------|
+| `FBSDKCoreKit.framework` | Facebook Core | Add latest via SPM |
+| `FBSDKLoginKit.framework` | Facebook Login | Add latest via SPM |
+| `FBSDKShareKit.framework` | Facebook Share | Add latest via SPM |
+| `LineSDK.framework` | LINE SDK | Add via SPM |
+| `KakaoSDK*.framework` | Kakao SDK | Add via SPM |
+| `TwitterKit.framework` | Twitter SDK | Evaluate (deprecated?) |
+---
+## ⚪ Database & Storage
+| Detection Pattern | Framework | Latest Replacement | Action |
+|-------------------|-----------|-------------------|--------|
+| `Realm.framework` / `RealmSwift.framework` | Realm | SwiftData (iOS 17+) | Evaluate |
+| `FMDB.framework` | FMDB (SQLite wrapper) | SwiftData / GRDB | Replace |
+| `GRDB.framework` | GRDB.swift | Keep (current) | Add via SPM |
+| `MagicalRecord.framework` | MagicalRecord | SwiftData | Replace |
+| `CoreData.framework` (Apple) | Core Data | SwiftData (iOS 17+) | Upgrade |
+| `KeychainAccess.framework` | KeychainAccess | Keep (current) | Add via SPM |
+| `SAMKeychain.framework` | SAMKeychain | KeychainAccess | Replace |
+| `MMKV.framework` | MMKV (Tencent) | UserDefaults / @AppStorage | Evaluate |
+---
+## ⚫ Utility
+| Detection Pattern | Framework | Latest Replacement | Action |
+|-------------------|-----------|-------------------|--------|
+| `CocoaLumberjack.framework` | CocoaLumberjack | OSLog / swift-log | Replace |
+| `SwiftyUserDefaults.framework` | SwiftyUserDefaults | @AppStorage | Replace |
+| `Then.framework` | Then | Swift closures | Remove (not needed) |
+| `R.swift` / `Rswift.framework` | R.swift | Xcode asset symbols | Replace |
+| `SwiftGen` | SwiftGen | Xcode asset symbols | Replace |
+| `CryptoSwift.framework` | CryptoSwift | CryptoKit (Apple) | Replace |
+| `SwiftDate.framework` | SwiftDate | Foundation Date APIs | Evaluate |
+| `DeviceKit.framework` | DeviceKit | UIDevice extensions | Evaluate |
+| `Reachability.framework` / `ReachabilitySwift` | Reachability | NWPathMonitor (Network) | Replace |
+| `ZXingObjC.framework` | ZXing (QR) | AVFoundation / VisionKit (native) | Replace |
+| `JWTDecode.framework` | JWTDecode | Keep | Add via SPM |
+---
+## 🔐 Security
+| Detection Pattern | Framework | Action |
+|-------------------|-----------|--------|
+| `CryptoKit` (Apple) | CryptoKit | Keep (native) |
+| `CommonCrypto` (Apple) | CommonCrypto | Keep (for legacy algorithms) |
+| `Security.framework` (Apple) | Security | Keep (native) |
+| `SSLPinning` headers | Custom SSL pinning | Re-implement with URLSession delegate |
+---
+## 🔍 Detection Strategy
+### Step 1: Embedded Frameworks
+```bash
+# List all embedded frameworks
+ls Payload/App.app/Frameworks/
+# Check Mach-O linked libraries
+otool -L Payload/App.app/App | grep -v /System | grep -v /usr/lib
+```
+### Step 2: Class-dump Header Imports
+```bash
+# Find all imports in dumped headers
+grep -rh "#import <" headers/ | sort -u
+grep -rh "@import " headers/ | sort -u
+grep -rh "import " headers/ | grep -v Foundation | grep -v UIKit | sort -u
+```
+### Step 3: Binary String Search
+```bash
+# Find framework identifiers in binary
+strings Payload/App.app/App | grep -i "cocoapods\|carthage\|SPM\|alamofire\|firebase"
+```
+### Step 4: CocoaPods / SPM Markers
+```bash
+# Check for Pods metadata
+find Payload/App.app -name "Pods-*" -o -name "cocoapods*"
+# Check for SPM metadata
+find Payload/App.app -name "*.package" -o -name "Package.resolved"
+```
+### Step 5: Classify & Report
+```
+For each detected framework:
+  1. Match against patterns above
+  2. Categorize: Keep / Replace / Upgrade / Evaluate
+  3. Unknown → investigate purpose via class-dump headers
+  4. App's own code → mark for Swift rewrite
+```
+---
+*framework-patterns v1.0.0 — Reference database for IPA framework detection*

package/skills/smali-to-swift/objc-reading-guide.md ADDED Viewed

@@ -0,0 +1,388 @@
+# 🔬 ObjC/ARM Reading Guide for AI
+> Quick reference for interpreting Objective-C headers (class-dump) and ARM disassembly (Hopper/IDA) when reverse engineering iOS apps.
+> Used by the `smali-to-swift` skill during Steps 1-6.
+---
+## 📝 Class-Dump Header Basics
+### Interface Declaration
+```objc
+@interface MyViewController : UIViewController <UITableViewDelegate, UITableViewDataSource>
+// Properties
+@property (nonatomic, strong) UITableView *tableView;
+@property (nonatomic, copy) NSString *titleText;
+@property (nonatomic, assign) BOOL isLoading;
+@property (nonatomic, assign) NSInteger currentPage;
+@property (nullable, nonatomic, weak) id<MyDelegate> delegate;
+// Instance methods
+- (void)fetchDataWithCompletion:(void (^)(NSArray *, NSError *))completion;
+- (BOOL)validateEmail:(NSString *)email;
+// Class methods
++ (instancetype)sharedInstance;
++ (NSString *)formatDate:(NSDate *)date;
+@end
+```
+### → Swift Translation
+```swift
+final class MyViewModel: Observable {
+    var items: [Item] = []
+    var titleText: String = ""
+    var isLoading: Bool = false
+    var currentPage: Int = 0
+    func fetchData() async throws -> [Item] { ... }
+    func validateEmail(_ email: String) -> Bool { ... }
+    static let shared = MyViewModel()
+    static func formatDate(_ date: Date) -> String { ... }
+}
+```
+---
+## 🔑 Type Mappings: ObjC → Swift
+### Primitive Types
+```
+BOOL                → Bool
+NSInteger           → Int
+NSUInteger          → UInt
+CGFloat             → CGFloat
+double              → Double
+float               → Float
+void                → Void
+char *              → UnsafePointer<CChar>
+```
+### Object Types
+```
+NSString *          → String
+NSMutableString *   → String (var)
+NSArray *           → [Any] (refine element type from context)
+NSMutableArray *    → [Any] (var)
+NSDictionary *      → [String: Any] (refine types)
+NSMutableDictionary → [String: Any] (var)
+NSSet *             → Set<AnyHashable>
+NSNumber *          → Int / Double / Bool (depending on context)
+NSData *            → Data
+NSDate *            → Date
+NSURL *             → URL
+NSError *           → Error (use Swift error handling)
+id                  → Any
+id<Protocol>        → some Protocol
+instancetype        → Self
+NSNull              → nil (optional)
+```
+### UIKit → SwiftUI
+```
+UIView              → some View (custom)
+UILabel             → Text
+UIImageView         → Image / AsyncImage
+UIButton            → Button
+UITextField         → TextField
+UITextView          → TextEditor
+UISwitch            → Toggle
+UISlider            → Slider
+UIProgressView      → ProgressView(.linear)
+UIActivityIndicator → ProgressView()
+UIStackView         → VStack / HStack
+UIScrollView        → ScrollView
+UITableView         → List / LazyVStack
+UICollectionView    → LazyVGrid / LazyHGrid
+UINavigationBar     → navigationTitle + toolbar
+UITabBar            → TabView
+UISegmentedControl  → Picker(.segmented)
+UIPageControl       → TabView(.page)
+UIAlertController   → .alert / .confirmationDialog
+UISearchBar         → .searchable modifier
+```
+---
+## 📐 Property Attributes → Swift
+```objc
+// Memory management
+(strong)   → let/var (default in Swift, ARC handles)
+(weak)     → weak var
+(copy)     → let (for value types like String)
+(assign)   → var (for primitives)
+(retain)   → same as strong
+// Atomicity
+(nonatomic) → default in Swift (no action needed)
+(atomic)    → actor isolation or locks (if thread-safe needed)
+// Nullability
+(nullable)    → Type?    (Optional)
+(nonnull)     → Type     (Non-optional)
+(_Nullable)   → Type?
+(_Nonnull)    → Type
+(null_unspecified) → Type! (IUO — avoid, use ? instead)
+// Readability
+(readonly)  → let / private(set) var
+(readwrite) → var
+```
+---
+## 🎯 Common ObjC Patterns → Swift
+### 1. Singleton
+```objc
++ (instancetype)sharedInstance {
+    static MyClass *instance = nil;
+    static dispatch_once_t onceToken;
+    dispatch_once(&onceToken, ^{ instance = [[self alloc] init]; });
+    return instance;
+}
+```
+```swift
+final class MyClass {
+    static let shared = MyClass()
+    private init() {}
+}
+```
+### 2. Delegate Pattern
+```objc
+@protocol DataServiceDelegate <NSObject>
+- (void)dataService:(DataService *)service didFetchItems:(NSArray<Item *> *)items;
+- (void)dataService:(DataService *)service didFailWithError:(NSError *)error;
+@optional
+- (void)dataServiceDidStartLoading:(DataService *)service;
+@end
+```
+```swift
+// Modern Swift: Replace with async/await
+func fetchItems() async throws -> [Item]
+// Or if streaming updates needed:
+func itemUpdates() -> AsyncStream<[Item]>
+```
+### 3. Block/Closure Callbacks
+```objc
+typedef void (^CompletionBlock)(NSData * _Nullable data, NSURLResponse * _Nullable response, NSError * _Nullable error);
+- (void)requestURL:(NSURL *)url completion:(CompletionBlock)completion;
+```
+```swift
+// Modern: async/await
+func request(url: URL) async throws -> (Data, URLResponse)
+```
+### 4. Notification Observer
+```objc
+[[NSNotificationCenter defaultCenter] addObserver:self
+    selector:@selector(handleNotification:)
+    name:@"UserDidLogin"
+    object:nil];
+```
+```swift
+// Modern: AsyncSequence
+for await _ in NotificationCenter.default.notifications(named: .userDidLogin) {
+    // handle
+}
+```
+### 5. GCD Dispatch
+```objc
+dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
+    NSData *data = [self fetchData];
+    dispatch_async(dispatch_get_main_queue(), ^{
+        [self updateUI:data];
+    });
+});
+```
+```swift
+Task {
+    let data = await fetchData()
+    // SwiftUI automatically updates on MainActor via @Observable
+}
+```
+### 6. NSUserDefaults
+```objc
+[[NSUserDefaults standardUserDefaults] setObject:@"value" forKey:@"key"];
+NSString *value = [[NSUserDefaults standardUserDefaults] stringForKey:@"key"];
+```
+```swift
+// SwiftUI
+@AppStorage("key") var value: String = ""
+// Or typed wrapper
+enum UserDefaultsKeys {
+    @UserDefaultsBacked(key: "key", defaultValue: "")
+    static var value: String
+}
+```
+### 7. KVO (Key-Value Observing)
+```objc
+[self addObserver:self forKeyPath:@"model.name" options:NSKeyValueObservingOptionNew context:nil];
+- (void)observeValueForKeyPath:(NSString *)keyPath ofObject:(id)object change:(NSDictionary *)change context:(void *)context {
+    // update UI
+}
+```
+```swift
+// Modern: @Observable handles this automatically
+@Observable
+class ViewModel {
+    var name: String = ""  // SwiftUI auto-observes changes
+}
+```
+### 8. Error Handling
+```objc
+NSError *error = nil;
+NSData *data = [self processDataWithError:&error];
+if (error) {
+    NSLog(@"Error: %@", error.localizedDescription);
+}
+```
+```swift
+do {
+    let data = try processData()
+} catch {
+    print("Error: \(error.localizedDescription)")
+}
+```
+---
+## 🔍 ARM Disassembly (Hopper/IDA) Quick Reference
+### Function Prologue
+```arm
+; Hopper pseudo-code is usually readable C-like code
+; Focus on understanding the LOGIC, not the assembly
+int -[MyClass fetchData](void * self, void * _cmd) {
+    r0 = [self apiClient];           // Access property
+    r1 = @selector(getData:);        // Method selector
+    r0 = [r0 getData:r1];           // Call method
+    return r0;
+}
+```
+### String Constants (Finding API URLs)
+```arm
+; Look for CFSTR or @"..." patterns
+adr  x0, aHttpsApiExamp  ; "https://api.example.com"
+adr  x1, aApiV1Users     ; "/api/v1/users"
+```
+### Conditional Branches
+```arm
+; Compare and branch
+cmp  w0, #0               ; if (result == 0)
+b.eq label_true           ; goto true branch
+b.ne label_false           ; goto false branch
+; In Hopper pseudo-code:
+if (r0 == 0x0) {
+    // true branch
+} else {
+    // false branch
+}
+```
+### Method Calls (ObjC Runtime)
+```arm
+; objc_msgSend = calling an ObjC method
+bl   _objc_msgSend         ; [obj method]
+bl   _objc_msgSend$stret   ; [obj methodReturningStruct]
+; In Hopper pseudo-code:
+r0 = [r0 stringByAppendingString:r1];
+```
+---
+## 🎯 High-Value Patterns to Look For
+### API Base URL
+```objc
+// In class-dump headers or disassembly
+#define kBaseURL @"https://api.example.com/v1"
+// or
+static NSString *const BaseURL = @"https://api.example.com";
+```
+### Keychain Keys
+```objc
+[SSKeychain setPassword:token forService:@"MyApp" account:@"auth_token"];
+```
+### Encryption
+```objc
+#import <CommonCrypto/CommonCryptor.h>
+CCCrypt(kCCEncrypt, kCCAlgorithmAES128, kCCOptionPKCS7Padding, ...);
+// or
+#import <CommonCrypto/CommonDigest.h>
+CC_MD5(data.bytes, (CC_LONG)data.length, result);
+CC_SHA256(data.bytes, (CC_LONG)data.length, result);
+```
+### URL Schemes (Deep Links)
+```xml
+<!-- In Info.plist -->
+<key>CFBundleURLTypes</key>
+<array>
+    <dict>
+        <key>CFBundleURLSchemes</key>
+        <array>
+            <string>myapp</string>
+        </array>
+    </dict>
+</array>
+```
+### Push Notification Token
+```objc
+- (void)application:(UIApplication *)application didRegisterForRemoteNotificationsWithDeviceToken:(NSData *)deviceToken;
+```
+---
+## 🔐 Obfuscation in iOS
+iOS apps are **less commonly obfuscated** than Android, but look for:
+### Symbol Stripping
+- Release builds strip debug symbols
+- class-dump still extracts ObjC class/method names
+- Swift symbols may be mangled: `_$s7MyClass10fetchDataSSyF`
+- Use `swift-demangle` to decode: `xcrun swift-demangle <mangled_name>`
+### String Encryption
+```objc
+// Encrypted strings decoded at runtime
++ (NSString *)decryptString:(NSString *)encrypted;
+```
+**Strategy:** Find the decryption method, understand algorithm, then decrypt.
+### Anti-Debug / Jailbreak Detection
+```objc
+// Common patterns to look for (and note for re-implementation or removal)
++ (BOOL)isJailbroken;
++ (BOOL)isDebugged;
+sysctl(CTL_KERN, KERN_PROC, ...);  // debug check
+access("/Applications/Cydia.app", F_OK);  // jailbreak check
+```
+---
+*objc-reading-guide v1.0.0 — AI reference for ObjC header & ARM disassembly interpretation*