SwiftDump is a command-line tool for retriving the Swift Object info from Mach-O file. Similar to class-dump, but the difference is that SwiftDump focus on swift 5 objects. For Mach-O files mixed with Objective-C and swift, you can combine class-dump with SwiftDump.
There is alos a Frida version named FridaSwiftDump.
You can either useSwiftDump for a Mach-O file or FridaSwiftDump for a foreground running app.
If you are curious about the Mach-O format, check the image at the bottom of this article.
USAGE: SwiftDump [--debug] [--arch <arch>] <file> [--version] ARGUMENTS: <file> MachO File OPTIONS: -d, --debug Show debug log. -a, --arch <arch> Choose architecture from a fat binary (only support x86_64/arm64). (default: arm64) -v, --version Version -h, --help Show help information.
- SwiftDump ./TestMachO > result.txt
- SwiftDump -a x86_64 ./TestMachO > result.txt
- Written entirely in swift, the project is tiny
- Dump swift 5 struct/class/enum/protocol
- Parse enum with payload case
- Support inheritance and protocol
- Since it is written in swift, the mangled names are demangled by swift's runtime function, such as
Thanks to the runtime function, SwiftDump can demangle complex type, such as RxSwift variable. For example,
RxSwift.Queue<(eventTime: Foundation.Date, event: RxSwift.Event<A.RxSwift.ObserverType.Element>)>
- Parse swift function address
- Clone the repo
- Open SwiftDump.xcodeproj with Xcode
- Modify 'Signing & Capabilities' to use your own id
- Build & Run
The default Mach-O file path is
Demo/test, you can change it in
Xcode - Product - Scheme - Edit Scheme - Arguments
(Tested on Xcode Version 11.5 (11E608c), MacOS 10.15.5)
Mach-O File Format
The following image shows how SwiftDump parse swift types from file Demo/test. You can open this file with MachOView.