Malimite – iOS and macOS Decompiler

by tW4ron 1/26/2025, 11:22:40 AM with 9 comments
  • by lauriewiredon 1/29/2025, 2:36:06 AM

    Hi everyone, I'm the creator of Malimite. I actually released this as part of a conference talk at Objective By the Sea, which you can see here:

    https://youtu.be/vWdKjVCZtTI

    It gives a good overview of the development process as well as my motivations for creating it. The tool will also be on homebrew shortly :)

  • by adeonon 1/29/2025, 1:50:48 AM

    Starting this year I started learning bunch of security topics and Ghidra is something I started learning. I decompiled some games and getting comfortable how to work a project, teach Ghidra structures etc.

    Am I right in looking at Malimite here and reading "Built on top of Ghidra decompilation to offer direct support for Swift, Objective-C, and Apple resources." that this is not a Ghidra extension but rather it is using a piece of Ghidra (the decompilation) like a backend? Malimite here is presented as its own piece of software.

    Asking as a Ghidra noob who doesn't know all the ways Ghidra can be used: Would it make sense for something like this to be a Ghidra extension instead? I.e. give Ghidra some tooling/plugin to understand iOS apps or their languages better, instead of a new app that just uses parts of Ghidra. Also the Malimite screenshot in the page looks similar to Ghidra CodeBrowser tool.

    Asking because it feels like it could be: from the little I've used Ghidra so far, looks like it is designed to be extendable, scriptable, usable by a team collaborating, etc. And Ghidra seems more holistic than just focusing on decompiling code.

  • by evanjrowleyon 1/28/2025, 10:40:28 PM

    LaurieWired's YouTube channel is pretty good. It features many quality deep dives on super nerdy topics. https://www.youtube.com/@lauriewired

  • by saagarjhaon 1/28/2025, 8:23:49 PM

    (This is LLM-powered and based on Ghidra, fwiw)

  • by commandersakion 1/29/2025, 1:20:35 AM

    This is all well and good, but at least for iOS my understanding is you cannot decompile unless you have a jailbroken iPhone or security research device. Makes things a bit difficult.

  • by stuckkeyson 1/30/2025, 6:51:38 AM

    This is nice. What is the approach like to extracting ipa files that are already installed on the devices? Is it doable without jail break?

  • by gondoon 1/29/2025, 9:04:50 AM

    but how can one get IPA file to start with?

  • by makeupartiston 1/29/2025, 4:02:09 PM

    [dead]

  • by anxixddjson 1/29/2025, 1:08:39 AM

    this is pretty cool wonder how long till apple files a complaint to gh