How to protect iOS Application from attackers using iXGuard

Question

Code obfuscation Process is there in Android Using DexGuard like that they are newly introduce iXGuard. Can any one know how to implement iXGuard in iOS project.

Answer 1

Here is a small post be me - Getting Started with iXGuard — an obfuscation & app shrinking tool.

In this Tutorial, you’ll learn how to implement iXGuard in iOS project and how to strip down your app size by making use of iXGuard — an app shrinking and obfuscation tool. This is a step by step process tutorial for installing iXGuard. Let me know of any issues. I have briefly explained the process below.

It is not possible to write or explain the whole tutorial with images in the stackoveflow answer so a link is provided.

1. Installing iXGuard

   • Install iXGuard for your version of Xcode using the standard procedure of installing a package file.

2. Create an IPA (based on Xcode 10.1)

   • Create a file for distribution with Product -> Archive in Xcode

2) Select the archive created in Organizer and select Distribute App.

3) Select iOS App Store then Next

4) Select Export and click Next.

5) Include bitcode for iOS content and Upload your app’s symbols to receive symbolicated reports from Apple After checking the items click Next

6) After setting the certificate related settings, export and save

3. Create ixguard.yml a. The file may be different for each app. For details, please refer to the Configuration page of iXGuard.

b. From the folder where the exported ipa file is located to the terminal

ixguard.yml -o [Obfuscated IPA file name] [Generated IPA file name]

When you input the command, ixguard.yml default file is created.

Sample — ixguard.yml (This may vary from Project to Project

4. Apply iXGuard From the folder where the exported ipa file is located to the terminal ixguard. Please enter the following command in the terminal. config ixguard.yml -o [After obfuscation IPA] [File name] [Generated IPA file name] to apply iXGuard.

   • If there are no error’s in the operation, an obfuscated ipa file is created.

   • In the case of [warning] of the log in the terminal, the solution for each case is the same as that of the iXGuard manual

On the Troubleshooting -> Runtime Issues page. — Note: Appearance

Note: Result screen

5. Test your app

   • Test the function of the app by using methods such as TestFlight on the actual device.

   • In particular, tokens, authentication keys, etc. are required for logic-oriented testing.

6. Obfuscation verification

   • This part has been verified using the MachOView tool.

1) Perform step 2 to create an ipa file. Include bitcode for iOS content check - Release and create two obsolete ipa and two ipa files that are not obfuscated.

2) Change the extension of the corresponding ipa file to zip and unzip it.

3) There is a Payload folder in the unpacked folder, and check the application file with the app name in it.

4) Right-click on the application and select View Package.

5) Copy the executable file with the name of the app in the package and extract it to an arbitrary directory.

6) Open the executable extracted before obfuscation and executable extracted after obfuscation with MachOView app,

Check the name of the debris and confirm that obfuscation is applied.

Image for reference in tutorial. (Above: prior to obfuscation, below: after obfuscation)

7. Finally , deploy the app in the App Store –
   • Xcode -> Open Developer Tool -> Application Loader.

Answer 2

To protect an application with iXGuard you'll need to run ixguard-install from the terminal in the root of your Xcode project. It will update the project file and add a new iXGuard build phase, which calls the iXGuard binary as part of building your app. You'll also need to create a ixguard.yml configuration file to enable the different features.

For more information you can check the manual which is located (after installation) in /Library/iXGuard/documentation/

(I'm one of the developers of iXGuard)