• Background
• Messier Birth
• Latest Build
• Usage
  • Step One, Install macOS Client
  • Step Two, Jailbroken Device Configuration
  • Step Two, Non-Jailbroken Device Configuration
  • Step Three, Start Trace
  • Step Four, View Results
• Support
• Open Source and License
  • Open Source
  • License
• Summary

Messier can be used to trace iOS app’s Objective-C method calls. On jailbroken devices can trace any app, on non-jailbroken devices can also be used to trace apps under debugging.

Background

Normally using Instruments (mainly Time Profiler) for iOS app performance analysis is sufficient, but Time Profiler merges all calling methods together, losing temporal representation. Until one day saw Android development colleagues using systrace for performance analysis, systrace generates an html file, displaying function (method) call time consumption in chronological order. Thought: if iOS had such a tool would be great. Learned this html file is generated by catapult.

One day saw iosre forum a post about hook objc_msgSend. Suddenly thought, can combine catapult to generate Objective C method performance analysis chart (let’s call it that for now). (Although there were always methods to hook objc_msgSend, but this time the ready-made delicacy finally couldn’t resist).

So after some effort, AppleTrace was born in September 2017. During using AppleTrace, I once wrote four articles introducing it:

1. AppleTrace Performance Analysis Tool
2. AppleTrace with MonkeyDev Trace Any App
3. Install AppleTrace Tweak Using Cydia
4. Exploring SpringBoard Using AppleTrace

During using AppleTrace, felt AppleTrace still not simple and easy to use, especially:

1. Can’t visually define start and end points. For example start Trace before clicking a button, stop Trace after button click completes.
2. Getting trace files too troublesome, need to manually copy from sandbox, then execute merge.py, then execute trace2html (optional), finally open trace file.

When work only needs to Trace one app, AppleTrace almost meets requirements, but when curiosity increases, want to see more and more apps, tedious “manual” operations become a bit troublesome.

Messier Birth

To solve AppleTrace’s usability problems, I developed Messier app (official website https://messier-app.github.io/) based on AppleTrace. Using Messier can conveniently trace any app on jailbroken devices, and can more conveniently visually customize Trace start and end points.

Messier consists of three parts.

1. Tweak (jailbreak plugin)
2. Dylib (dynamic library messier.framework)
3. Desktop client (Messier.dmg)

Below are related screenshots:

Latest Build

Latest Build files download here.

Usage

Step One, Install macOS Client

Download and install latest macOS client Messier.dmg here.

Step Two, Jailbroken Device Configuration

(1) Installation

1. Open Cydia.
2. Click Sources -> Edit -> Add.
3. Input https://messier-app.github.io/cydia , click Add Source. After reload will see Messier Repo.
4. Enter Messier Repo, install Tweak Messier. (Note: Messier tweak depends on PreferenceLoader and AppList, so need to ensure these two Tweaks already installed first)

(2) Configuration

Open system settings, scroll down can see Messier (below Developer), click to enter can start configuration, as below.

Enabled Applications after opening as below, can set apps to Trace.

Trace On App Boot configures whether to start recording methods when app launches, enabled by default.

Inline Hook (HookZz) whether to use Inline Hook, enabled by default. Inline Hook uses HookZz to complete.

Main Thread Methods Only whether to only record main thread method calls, disabled by default.

Disable App Applications whether to disable all apps’ method recording, disabled by default. If enabled, Enabled Applications configuration will be invalid.

Step Two, Non-Jailbroken Device Configuration

Non-jailbroken usage, is under environment with own source code or MonkeyDev, need to configure Xcode project.

Note: First to explain, currently Messier only supports arm64, so can only use arm64 real device.

Download and extract messier.framework here.

1. Drag messier.framework to Xcode Targets -> Build Phases -> Link Binary With Libraries.
2. Click New Copy Files Phase to add Copy Files step, drag messier.framework in, configure Destination as Frameworks.

Configure as below:

In this case if need some parameter configuration, can in Project Scheme -> Run -> Arguments, set Environment Variables.

MessierEnableOnAppBoot : true | false
MessierMainThreadMethodsOnly : true | false

For example:

Step Three, Start Trace

Open macOS client, at this time will prompt waiting for connection, as below:

Use USB cable to connect iPhone and Mac computer, open configured app to Trace, if lucky, app won't Crash, and macOS client will show already connected. (If unlucky, app Crashed, can according to configuration instructions above, disable InlineHook)

When Trace ends, click Stop, then click Fetch, if lucky, after file transfer, will use Finder to locate trace.json file, as below:

Step Four, View Results

Open Chrome browser (or Chromium series), go to chrome://tracing.

Drag trace.json generated in previous step in.

Wonderful results born.

At this time, can use w a s d to browse this file. Detailed usage can click question mark top right, as shown:

Support

Currently theoretically supports >= iOS10 systems.

I only tested Trace of small part of apps on iOS10 and iOS12, if encounter problems, everyone feedback anytime.

Addition: iOS14 also usable

Open Source and License

Open Source

Messier is free but closed source. Messier’s core is still AppleTrace, so core is still open source. Besides, also thanks to following three repositories.

• jmpews/HookZz
• czqasngit/objc_msgSend_hook
• AloneMonkey/cydiarepo

License

Messier is free (or half year, or permanent), only condition for using this software: WeChat follow subscription account Client Technology Review. This is my personally maintained subscription account, previously shared some iOS app startup speed optimization and reverse engineering articles, currently focusing on “Practical Modern C++” and some app reverse engineering basics sharing, future won’t set limits, any content I’m interested in will share.

Summary

Any software’s development is a hard process, core functionality exists, but to make this core easier to use, surrounding auxiliary facility code needs to write a lot. This Messier development made me feel deeply. Many software, usable to easy to use really needs much more effort. From 0 to 1 hard, from 1 to 100 harder.

Again attach Messier’s official website: https://messier-app.github.io/

Thank you for reading :)