Protect iPhone app from hackers

Question

I'm developing some iPhone application and I'm very frustrated when some of my applications published on hacked app resources. And anyone can install those apps for free.

So my question is: How to protect application from dumping into memory, running in debug mode and making hacked ipsw bundle? Is there source examples for that?

Answer 1

i found this source snippet as example of isCracked function

#if HEARTBEAT_CHECK_PIRACY
+ (BOOL)isCracked {
#if TARGET_IPHONE_SIMULATOR
    return NO;
#else
    static BOOL isCracked = NO;
    static BOOL didCheck = NO;
    if(didCheck) return isCracked;

#if HEARTBEAT_PIRACY_THRESHOLD >= 1
    if([[[NSBundle mainBundle] infoDictionary] objectForKey:@"SignerIdentity"] != nil) {
        #if HEARTBEAT_PIRACY_THRESHOLD >= 2
        NSString* infoPath = [[NSBundle mainBundle] pathForResource:@"Info" ofType:@"plist"];
        if([[NSString stringWithContentsOfFile:infoPath encoding:NSUTF8StringEncoding error:NULL] rangeOfString:@"</plist>"].location != NSNotFound) {
            #if HEARTBEAT_PIRACY_THRESHOLD >= 3
            NSDate* infoModifiedDate = [[[NSFileManager defaultManager] fileAttributesAtPath:infoPath traverseLink:YES] fileModificationDate];
            NSDate* pkgInfoModifiedDate = [[[NSFileManager defaultManager] fileAttributesAtPath:[[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:@"PkgInfo"] traverseLink:YES] fileModificationDate];
            if([infoModifiedDate timeIntervalSinceReferenceDate] > [pkgInfoModifiedDate timeIntervalSinceReferenceDate]) {      
            #endif
        #endif
                isCracked = YES;
        #if HEARTBEAT_PIRACY_THRESHOLD >= 2
            #if HEARTBEAT_PIRACY_THRESHOLD >= 3
            }
            #endif
        }
        #endif
    }   
#endif

    didCheck = YES;

    return isCracked;
#endif
}
#endif

Answer 2

I've used AntiCrack for all our products. Admittedly, I'm still using version 1: at the time it was free but were encouraged to make a donation (and I duly did). And to be honest it's great. Very easy to integrate.

Of course, it's a real battle, and nothing's perfect, but AntiCrack certainly helped to prevent a whole set of common cracking approaches. Of course, many are documented all over the web, it would have taken far longer for me to implement and test than just shell out a few dollars.

Version 2 looks like it's even better, although there is now a compulsory donation of at least $30, which is still a bargain.

Answer 3

I understand the urge to want to do this, but since its not possible to stop, or hardly slow it down forget it and move on. Make your app better, add features, make additional apps. All of those things will help you make more $ then you would save by worrying about piracy. Remember just because 100 people pirate your software does not mean that you lost 100 sales. You may have lost 0 sales as those people only ran your software because they could for free, and would have 0 interest in actually paying. The MPAA & RIAA have been making this mistake for years and unless you are prepared to sue all the pirates nothing you do here will help you make more $.

Answer 4

Simple. You set the pleaseDoNotPirateThisAppPrettyPlease flag to 1 in your plist.

I'm sorry if I sound offensive but noob developers asking for an easy way to protect their apps from piracy threads shit me something chronic.

If you are a noob developer, concentrate on your app not sucking first, then worry about piracy. Your energy will be far better spent on releasing a polished app rather than worrying about a handful of people that run cracked versions.

FFS, iPhone is hands down the best platform for getting paid for your apps. Not many people run Cydia, worrying about those is simply ridiculous.

This is not the answer you are looking for and I you could perceive that I called you a noob who writes sucky apps, whatever, but it is the right way to go about it. Concentrate on improving experience for people that are paying and forget about those who will never pay.

Answer 5

If you don't want your application to be in a position where it can be dumped from memory, all you have to do is not ship it. Sorry, but any DRM is merely an obfuscation mechanism to protect content at rest; eventually the CPU needs to know what code it should run. The code can always be extracted at that point.