Skip to main content
Glama

Server Configuration

Describes the environment variables required to run the server.

NameRequiredDescriptionDefault

No arguments

Capabilities

Features and capabilities supported by this server

CapabilityDetails
tools
{
  "listChanged": false
}
prompts
{
  "listChanged": false
}
resources
{
  "subscribe": false,
  "listChanged": false
}
experimental
{}

Tools

Functions exposed to the LLM to take actions

NameDescription
check_iosB

Report server status and available capabilities.

parse_ipa_toolA

Parse an IPA file and extract full metadata (bundle ID, version, entitlements, frameworks, encryption status).

Args: path: Path to the IPA or .app bundle

unpack_ipa_toolA

Extract an IPA file to a directory for further analysis.

Args: path: Path to the IPA file output_dir: Optional output directory (defaults to _unpacked)

get_ipa_entitlementsC

Extract entitlements from an IPA file or .app bundle.

Args: path: Path to IPA file or .app bundle

analyze_macho_objcB

Dump Objective-C classes from a Mach-O binary using static analysis (nm + strings).

Args: path: Path to a Mach-O binary

analyze_macho_objc_deepB

Deep ObjC class dump using class-dump if available, falls back to nm+strings.

Args: path: Path to a Mach-O binary

analyze_swift_symbolsA

Demangle Swift symbols from a Mach-O binary.

Args: path: Path to a Mach-O binary max_symbols: Maximum number of symbols to demangle (default: 500)

analyze_linked_frameworksC

Enumerate linked frameworks and libraries from a Mach-O binary.

Args: path: Path to a Mach-O binary

check_macho_encryptionB

Check if a Mach-O binary is encrypted (FairPlay DRM).

Args: path: Path to a Mach-O binary

analyze_macho_archsB

List architectures in a Mach-O binary (via lipo).

Args: path: Path to a Mach-O binary

full_static_analysisA

Run full static analysis pipeline on an IPA or Mach-O binary.

Combines IPA parsing, ObjC class dump, Swift symbol demangling, linked framework enumeration, encryption check, and endpoint scanning.

Args: path: Path to IPA file or Mach-O binary

frida_list_devicesA

List all available Frida devices (USB, local, remote).

frida_device_infoA

Get detailed info about a Frida device.

Args: device_type: Device type: 'usb', 'local', or 'remote' (default: 'usb') device_id: Specific device ID (optional)

frida_list_processesA

List running processes on a Frida device.

Args: device_type: Device type: 'usb', 'local', or 'remote' (default: 'usb') device_id: Specific device ID (optional)

frida_find_processA

Find a process by name, PID, or bundle identifier.

Args: target: Process name, PID, or bundle ID device_type: Device type: 'usb', 'local', or 'remote' (default: 'usb') device_id: Specific device ID (optional)

frida_spawn_appA

Spawn an iOS app by bundle ID.

Args: bundle_id: Bundle identifier (e.g. com.example.app) device_type: Device type: 'usb', 'local', or 'remote' (default: 'usb') device_id: Specific device ID (optional)

frida_resume_appA

Resume a spawned/suspended app.

Args: pid: Process ID device_type: Device type: 'usb', 'local', or 'remote' (default: 'usb') device_id: Specific device ID (optional)

frida_kill_appA

Kill a process by PID.

Args: pid: Process ID device_type: Device type: 'usb', 'local', or 'remote' (default: 'usb') device_id: Specific device ID (optional)

dynamic_enumerate_classesA

Enumerate Objective-C classes at runtime on a running iOS app.

Uses Frida to enumerate all loaded ObjC classes from a running process.

Args: target: Bundle ID or PID of the target app device_type: Device type: 'usb', 'local', or 'remote' (default: 'usb') device_id: Specific device ID (optional)

dynamic_hook_iapA

Inject IAP (In-App Purchase) hook into a running iOS app.

Hooks StoreKit/SKPaymentQueue methods to log purchase transactions, product requests, and receipt validation attempts.

Args: target: Bundle ID or PID of the target app device_type: Device type: 'usb', 'local', or 'remote' (default: 'usb') device_id: Specific device ID (optional) duration: Monitoring duration in seconds (default: 30)

dynamic_hook_networkB

Inject network interception hook into a running iOS app.

Hooks NSURLSession, CFNetwork, NSURLConnection, and WebSocket APIs to capture all network requests including URLs, headers, and body data.

Args: target: Bundle ID or PID of the target app device_type: Device type: 'usb', 'local', or 'remote' (default: 'usb') device_id: Specific device ID (optional) duration: Monitoring duration in seconds (default: 30)

dynamic_check_cryptidA

Check encryption status (cryptid) of loaded Mach-O binaries at runtime.

Uses Frida to enumerate all loaded modules and read their cryptid field.

Args: target: Bundle ID of the target app device_type: Device type: 'usb', 'local', or 'remote' (default: 'usb') device_id: Specific device ID (optional)

decrypt_ipaA

Decrypt FairPlay DRM from an iOS app using frida-ios-dump.

Dumps decrypted IPA from a running/installed app on a tethered iOS device. Requires frida-ios-dump to be installed.

Args: bundle_id: Bundle identifier of the target app output_dir: Output directory for decrypted IPA (default: /tmp/ios_decrypted) device_type: Device type: 'usb', 'local', or 'remote' (default: 'usb') device_id: Specific device ID (optional)

check_encryptionB

Check if an app is encrypted (FairPlay DRM) by reading cryptid at runtime.

Attaches to the running app and reads the cryptid field from Mach-O headers of all loaded modules.

Args: bundle_id: Bundle identifier of the target app

resign_checkA

Check signing environment: available tools and code signing identities.

Returns signing method (ldid/codesign/none), available certs, and readiness.

resign_ipa_toolB

Resign an iOS IPA or .app bundle with new identity and metadata.

Handles the full resigning workflow:

  • Extracts IPA or copies .app bundle

  • Replaces embedded.mobileprovision (if provided)

  • Modifies Info.plist (bundle ID, display name, version)

  • Signs all Mach-O binaries with ldid or codesign

  • Repackages into IPA

Args: input_path: Path to .ipa or .app bundle to resign output_path: Output path for resigned IPA (default: _resigned.ipa) signing_cert: Code signing identity name/SHA1 (for codesign), or None for ldid provisioning_profile: Path to .mobileprovision file to embed new_bundle_id: New bundle identifier (e.g. com.example.resigned) new_display_name: New display name for the app new_version: New version string (CFBundleShortVersionString) new_build: New build number (CFBundleVersion)

fix_app_iconsC

Verify icon references in Info.plist match actual files in .app bundle.

Args: app_dir: Path to .app bundle

full_analysisA

Run a comprehensive analysis pipeline on an iOS target.

Supports three levels:

  • 'basic': IPA metadata only

  • 'static': Full static analysis (IPA + Mach-O + ObjC + Swift + encryption)

  • 'dynamic': Static analysis + Frida runtime hooks (requires device)

Args: target: Path to IPA file, Mach-O binary, or bundle ID for dynamic analysis level: Analysis level: 'basic', 'static', or 'dynamic' (default: 'static') output_dir: Output directory for analysis artifacts (default: /tmp/re_ios_analysis)

trollstore_guideA

Get the recommended workflow for combining TrollStore (on-device) with re-ios (desktop).

TrollStore on iPhone handles decryption and installation; re-ios on Mac handles deep static analysis, IAP/network hook templates, and resigning.

Returns the step-by-step workflow reference.

run_skill_pipelineA

Run the full original SKILL.md static analysis pipeline (bash scripts).

Executes the shell-based analysis pipeline from the ios-reverse-engineering skill: unpack → fingerprint → macho analyze → class scan → api scan → report. All results are written to output_dir.

Args: target: Path to IPA file, .app bundle, or Mach-O binary output_dir: Output directory (default: ios_analysis_out)

generate_analysis_reportB

Generate a human-readable analysis report from an IPA or analysis directory.

Args: path: Path to IPA file or Mach-O binary analysis_dir: Optional path to analysis directory (for endpoint scanning)

scan_endpointsB

Scan an analysis directory for hardcoded URLs, domains, and API paths.

Recursively scans text files for network endpoint clues.

Args: analysis_dir: Path to the analysis directory

Prompts

Interactive templates invoked by user choice

NameDescription

No prompts

Resources

Contextual data attached and managed by the client

NameDescription

No resources

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/gyh20062008-commits/re-ios'

If you have feedback or need assistance with the MCP directory API, please join our Discord server