I've created a (stripped-down version of my) tweak, which logs all URLs an app instantiates with one specific method. It works fine for several apps, but at the start of one app, the tweak is not loaded. I tried to use other filters, neither the bundle id, the class name nor the executable name worked.
Any idea?
Tweak.xm:
%hook NSURL
+ (instancetype)URLWithString:(NSString *)URLString {
%log;
return %orig;
}
%end
.plist:
{ Filter = { Bundles = ( "com.htsu.hsbcpersonalbanking" ); Executables = ("HSBC"); Classes = ("NSURL"); }; }
Three possibilities:
The binary has __RESTRICTED section and normal injection won't work
otool -l /PATH/TO/BINARY|grep sectname, this would be the case if you see __RESTRICTED in the result. optool will force the injection for you but then again you might need to bypass the app's anti-injection checks as well
%ctor{ NSLog(@"I'm injected"); }and see if that is logged to rule out possibilities of 1&2