Code obfuscation IOS

This method can only be confused with. m.h classes, static libraries, etc. only. h files cannot be confused

Code confusion, just see is not a little crazy, anyway, I was recently exposed to such a thing, because before the code and the app, just need to implement the function is good, there is no security concerns.

And this time when the application is delivered, the customer makes a security assessment that raises a question:

Using Classdump to dump the original program, you can dump all the functions of the source program all the information: the source program all function types, the variables are all leaked. In this way, the attackers, that is, hackers understand the program structure to facilitate the reverse.

Because in the project, we have these variables or function naming are certain readability, for example, with the user name related, that generally there will be userName, with the password-related general will have passWord, so the definition is for our own code readability is stronger, we modify the time is more convenient. But we believe that this definition of law, we just want to facilitate ourselves, we do not want to facilitate hackers to hack our app.

Let's take a look at the dump of the original program with this so-called classdump, and what to do with the dump:

All the. h files

The. h file is completely exposed, and if you open it, the function name and the attribute name are the same:

Properties, Functions

Surprised to stay, that in order to prevent such nude, this time we need to use the code to confuse.

What's the meaning of it? To put it simply, it is to make your username and function name is not readable, such as your user name of the variable name defined as UserName, then you must be normal, if the hacker dump out of this variable name will become ABCD or 1234, so he does not know what you are used to do.

First, in the project path to establish a confuse.sh, a func.list file

First open the terminal and then the CD to your project project path:

CD to Project Engineering path

Then create two files, one confuse.sh, and one func.list:

Create two files

When we open this project folder, we can see that these two files have been created:

The two files we created

Open the project, add the two files you just created, right-click your project Blue flag, and choose Add files to ... ：

Add to Project

Add it in:

Successfully added

Click Confuse.sh, find or blank, nothing, now to add code on this:

Code that needs to be added

The original script code was derived from: http://blog.csdn.net/yiyaaixuexi/article/details/29201699

Second, add code to the. pch file

Don't tell me your project has no. pch file, if not, self-Baidu, this should be considered as standard, common sense to come.

#ifdef __objc__#import#import//adds a confusing header file (this file name is defined in script confuse.sh) #import "CodeObfuscation.h" #endif

Write here, when compiling is not found error? The added code in the. pch file just now has an error:

The error!

Don't panic, first comment out the first sentence of the error:

First comment out this line of error code

And then we go down!

Third, configuration Build Phase

1: Add Run Script

Add Run Script

2: Configure Run Script

Configure the Run Script.

Then go back to the terminal, the same CD to the project directory, and then we have to open just. sh This script file run permissions, because the default is not this permission, enter the following command in the terminal:

Open Run Permissions

Enter, fix it, go back to our project, COMMAND + B to compile the project, and then untie the code we just commented out:

Open the code we just commented out

Command + b Again, is it a compile now? Just an error, now solved!

Basically, all that's left is to add the variable or function name we want to confuse.

IV. In the func.list file, write the function name to be confused

If you like the following properties and functions:

Properties that need to be confused with the name of the function

Well, that's just the way it's listed in Fun.list:

To list the confusing

Done! Now command + B to run, and then where to look at the results, see here:

Run results

Maybe it's a bit of a hassle, that's a little easier:

View

Haha, you will find that a lot of macro definitions, in fact, we have just the field to:

Results

Of course, this is just the simplest code obfuscation, app security still has a lot to pay attention to. Step by Step!

Transferred from: HTTP://WWW.JIANSHU.COM/P/A17640CB32B9

Code obfuscation IOS