At WWDC 2014, Apple introduced Swift, their revolutionary new programming language for the future. Swift promises unapologetic optimization, outstanding speed, and best-in-class language features. Swift is sleek, stunning, and already the most loved language on StackOverflow. Up until now, no reverse engineer has dissected the language or the artifacts it produces and presented their findings. However, since an hour long presentation discussing Swift class structure and string layouts would be painfully boring, this talk actually presents a systematic approach to binary reverse engineering new foreign ABIs using Swift as a case study. I’ll present approaches for identifying control structures and flow, recovering class layouts, mapping machine code patterns to higher level language constructs, and more!
This presentation will leave you with the knowledge and confidence needed to take on any ABIs – maybe even Haskell.
5. Swi$ Language
Safe, fast, and expressive
Closures and first-class func:ons
Tuples and mul:ple return values
Generics
Fast and concise itera:on over a range or collec:on
Structs that support methods, extensions, and protocols
Func:onal programming paNerns, e.g., map and filter
Powerful error handling built-in
Advanced control flow with do, guard, defer, and repeat keywords
16. Ini0al Ques0ons
Toolchain
• What tools are available now?
Language Core
• Is it message based like Objec:ve-C or does it look more like C/C++?
• Is it lazy like Haskell?
• What na:ve types are available?
• Which storage backs which types of variables?
• What does class instan:a:on look like?
• How are Op:onals unwrapped?
ABI
• How does Swi5 bridge into Objec:ve-C?
• How does it represent virtual method calls under the hood?
• How are classes and structures laid out in memory?
• What is the Swi5 calling conven:on?
1
43. Calling Conven0on
Swi5’s approach:
• YOLO
• External calls are RAX:RDX:RCX:R8
__swi5call is not supported in HexRays
ScaNered return values
• Hexrays has a lot of trouble with them :(
4