How to perform iOS Code Injection on .ipa files

Image from http://dyci.github.io/

Code injection is process of introducing external code into an existing software system. In this post, I will share the tools and techniques needed to perform iOS Code Injection on iOS Apps. With XCode, it is possible to setup an experiment to showcase iOS Code injection in action. The idea is to create an independent set of codes, package it with the final app and somehow execute the new codes.

[Note: This code injection process has been proven to work on iOS 9.3, 10.0.2 and on XCode v7.3 and v8.0. I have yet to try this on other OS or XCode Versions]

We can create an independent binary package via Xcode in 2 ways:
- Dynamic Libary via (Cocoa Touch Framework) or
- Static Library via (Cocoa Touch Static Library)

Dynamic Library vs Static Library: Our options to create an external binary to contain our injection codes

Static Library

• A unit of code linked at compile time.
• Static Libraries need to be available during compilation of the .ipa in order for their codes to be executed
• Swift is not supported for static libraries
• There is no known way to instruct an .ipa to load a static library