I keep forgetting how to do this, so I thought that I would just write it down somewhere. First, you'll need the
classdump-dyld tweak package, which you can get from Cydia on the BigBoss repo (it's by Elias Limneos, who hosts the only reason I do tweak dev), and you'll also need
cycript. Then, you'll need the application you want to dump running. In this case, I'm going to be doing it for Spotify.
First, hook into the application with cycript:
cycript -p Spotify.
Then you'll need to add in classdump-dyld, by running the command
which simply injects the library file into the application. Run
extern "C" NSString * dumpBundleForClass(Class *aClass);
to add a reference to the dumpBundleForClass function which we'll be using. Now, you need to identify the class to dump, by running
In this case, it returned
"<SpotifyApplication: 0x12cebd190>", so we know that we need to dump SpotifyApplication. Then just call
which will dump the headers to "/tmp/Spotify", which we can then move wherever we want to inspect it further.
And that's it! It's really not super hard, and this way you don't have to go through all the complications of decrypting App Store applications just to get the headers.