Symbol stripping of Objective-C code still leaves method names, etc. in binary

Question

I am trying to strip our iOS application binary of debug symbols to make it more difficult for hackers to modify the binary. I have tried both xcode's symbol stripping (enabling strip linked product and deployment postprocessing) and using "strip -S -x". Both do reduce the number of symbols, but running the binary through "strings" still returns loads of hits.

How do I remove them?

Answer 1

Objective-C is a dynamic language. Method calls are resolved at runtime based on selectors (effectively the method name as a string). This is different from a language like C++ that binds method calls at compilation/link time.

Removing the method names (selectors) from the binary would make the application unusable.

Applications written in Objective-C are pretty much open books when it comes to their internals. Just look at tools like otool, class-dump, F-Script or DTrace to see how much is accessible and modifiable in a running Objective-C application.

However, there are linker flags (P_LNOATTACH) which stop DTrace connecting to the running application. You can also call ptrace with the PT_DENY_ATTACH flag. iTunes is an example of an app that does this as Apple doesn't want you poking around inside their DRM.

There appears to be a previous post on Objective-C code obfuscation. See iPhone/iPad App Code Obfuscation - Is it Possible? Worth it? for more details

Answer 2

The objective-c runtime relies on those, it won't be possible to remove them. (The type 'SEL' is a uniqued char *)