Reputation: 3545
Make application decompiling save
I just make an iOs application with my own DRM (The application is for Cydia). I am wondering how I can secure my application from decompilation. I decompiled my app, just to check what the "interested" user can see. I was able to see every string, sensitive strings. Then I decompiled FindMyiPhone and I saw that every string was replaced with "some string from a protected section" Does anyone know protect a string?
Upvotes: 1
Views: 664
Answers (1)
Reputation: 2792
First things first; if someone really wants to crack an app, he/she will find a way to do it. Also Cydia and Jailbreak won't help you much for protecting your app.
You should encrypt the string separately and use this encrypted string in your code. Naturally, the string should be decrypted on the runtime before being used. This is very easy to crack and these are the things you can do to make it harder;
- Set "Deployment Postprocessing" and "Strip Linked Product" flags to YES from the project build settings. This will strip the symbol table and will make it more difficult to acquire the critical variable and method names (and also their addresses).
In addition to the first step, you can use preprocessor directives (especially
#define) to make the compiled code more riddling. For example;#define importantString temp @property (nonatomic, strong) NSString * importantString;- Hiding the contents of the string is more tricky. You should encrypt the string, use only the encrypted string in the code and decrypt it on the runtime when needed. This way your string will be hidden when the app is decompiled and any attacker will have to solve your encryption method. You can use directly AES or find some ideas about how to obfuscate a string in here and here. I would suggest to write your own encryption/decryption functions and use
NS_INLINEfor the decryption function to make the code more complicated when decompiled. - But there is another problem; the string is encrypted in the code, but it will be decrypted on the runtime in some point, even if you wipe the decrypted string just after it's used. Someone can easily debug the code and hook the decrypted string. Luckily, there are some methods to prevent debugging which are described in here.
Still, these are all well-known methods and will only protect the code from curious eyes. For further information, you can look at this tutorial or read Apple documentation or this book.
Upvotes: 1
Related Questions
- How do you export your finished application from Xcode?
- How to decompile iOS apps?
- decompile my own app ipa extracted from iphone simulator
- Decompile app IOS to get source code - Objective C
- XCODE auto save code when build and run?
- How to build and archive iOS application?
- decompile an app binary to get back to source code
- Objective C decompiler
- Is it possible for an app to be decompiled?
- Is it possible to archive after build in Xcode?