advice on iCloud-Reverse

Reverse engineering is a black art and I'm no expert. Reversing crypto code is horrible and I hate doing it. One of the reasons InflatableDonkey was delayed is because I hated it so much.

But to try and answer your question, yes if you identify keys, hex strings, etc you can trace back to the functions that use them.

My Windows tool set is IDA Pro + Hex-Rays Decompiler, Ollydbg, Winapioverride32, Fiddler, Proxifier, Microsoft Visual C++ and probably one or two others I missed. I don't have a Mac or an iOS device, otherwise I think I would have used that to reverse with.

Windows Apple binaries are a mixture of compiled C and C++. C being significantly easier to reverse.

If you can find someone who knows how to reverse well to assist. I had never touched IDA Pro in my life until I started working on InflatableDonkey so my experience is limited.

I started by setting up iCloud to run through Fiddler, you'll need to add an exception for the certificate or it will fail. I experimented with different tools, so at times I'd run the Fiddler session with Winapioverride32 to see which functions in which Apple binaries were being called in relation to various client-server calls. At other times I used OllyDbg. This gave me an idea of which binaries and which exported functions I needed to concentrate on.

At times I used Visual C++ to call DLLs directly so I could study them in isolation without having to rely on debugging iCloud.

The other thing you need to become familiar with is how Apple CoreFoundation structures are laid out in memory. Thankfully they are fairly easy to google.

If you can, identify corecrypto functions. They are well documented and you have the source code available. Any functions calling into them will be easier to figure.

All of this being said, I think if you are unsure I would google for reversing guides and start with simple C binaries first. Don't pressurise yourself with learning the basics on a complex code base. I was silly enough to start with PCS.dll and to be honest for the first week I just learned basics techniques that would have been much simpler to grasp using a smaller binary.

What you'll need first is the skill to reverse engineer. It will probably be difficult for a week or two, but it will start to fall in to place.

I often refer to cryptography and reversing as twin black arts. Each on their own is more than capable of inducing a headache, together they are horrible. I'm no genius and I'm an amateur programmer, I work in a non-IT field . If I can managed the feat then it's certainly doable.

Useful plug-in for crypto:
http://www.openrce.org/downloads/details/189/FindCrypt2

First in a series of C++ articles.
http://www.openrce.org/articles/full_view/21