1

I can't figure out how I'm supposed to use class-dump to see where my application accesses private content. I am getting the error "The app references non-public symbols in Payload/My App.app/My App: locale_charset". However, I think it would be good to know where my application is accessing private methods or other private content.

I have seen this answer, but it doesn't explain how to use it at all. I've tried looking up how to use it, but I can't find anything of use other than the documentation.

How do I use it to search for accessed private content in my application?

Community
  • 1
  • 1
RileyE
  • 10,874
  • 13
  • 63
  • 106

1 Answers1

5

class-dump provides a list of all the methods that are defined by an executable or framework (well, more or less; there are ways for methods to exist that don't show up, but class-dump is going to get most of them). It is possible to compare the output of class-dump of the Apple frameworks to a scan of the public headers to find a list of private methods, and then scan your code for those private methods. That's a lot of work, and you'd definitely need a tool for it.

There's at least one tool out there that says it helps called App-Scanner. I have not tried it. I'm not aware of any other tools in this space.

That said, of course, it's kind of weird to be using them by accident. You typically have to have done some trickery to call them without generating warnings (and of course, you're not shipping with warnings because that would be insane; if you are, fix your warnings and you'll find the private APIs). If you've suppressed unknown selector warnings in some places, or you've used categories to declare Apple private methods, then look for those and get rid of them. There had to have been a point in time when you said "I'm doing this thing that is not public and I'm tricking the compiler into letting me do it." It generally can't happen by accident.

Rob Napier
  • 286,113
  • 34
  • 456
  • 610
  • 1
    we do live in an insane world :) – Nate Apr 17 '13 at 23:29
  • It turns out that it was inside a compiled C library that my client insisted on using. Could you explain how I would use class dump? Does it only read Mach-O files and if so, what files would I be scanning? – RileyE Apr 18 '13 at 18:49
  • I can't explain it briefly. It would be a major effort to write this program. Yes; `class-dump` reads Mach-O files and spits out all the methods it finds. You would separately need to use `nm` to list all the C functions if that is the issue. And then again, you'd need to write a program (probably relying on clang) to parse all your code looking for every function that shows up in the binaries but not in the headers. This is not a small project. – Rob Napier Apr 18 '13 at 18:55