How do I make iOS apps secure? This has a proven "kick".

Source: Internet
Author: User

IOSapplication faced with a lot of crack problems, common in the IAP purchase hack, cottage version, cracked version, etc., in the popular application, Rob Red envelopes, more open, etc. in the iOS game, more and more rampant plug-in problems are constantly bothering the game manufacturers.

NetEase Cloud Shield senior Security Development Engineer Wang Guilin

3 17th, Cocoa Community CVP series developer Salon in Beijing, NetEase Cloud Shield senior Security Development Engineer Wang Guilin attended the salon, and do "iOS game crack and protection" of the speech, sharing how to do the security of the app.

The first thing you need to know is how they broke.

If you want to protect the good, you must know how the opponent is cracked, Wang Guilin first shared two examples of cracked analysis.

Game Acceleration Analysis Process

The first example is the accelerator, "the accelerator principle is similar, but the implementation is not the same way." Wang Guilin said that their principles are through the modification of time-related functions to achieve acceleration and deceleration function, the main way is two major categories, one is u3d, the other is cocos. How do we do that? "Whether it is a unity game by Unityappcontroller or not." If it's a unity game, it will use the hook OC method, and if not the unity game, it will use the usual hook gettimeofday way to modify the game. ”

modifying parameters

Crack effect

As long as the hands of the tour, the basic are external infringement, "Travel frog" is now very fire of the Buddha-system game, NetEase Cloud Yi Shield Senior Security Development Engineer then it was analyzed: through the combination of iOS and installation package analysis, you can find that iOS is using the il2cpp mode, C # script to C + + code, Use Ii2cppdumper to restore symbols. Wang Guilin said: "Know these developments, you can search for clover, lottery voucher code, by modifying the corresponding code to reach the number of Clover Unlimited, lottery tickets into their desired effect. ”

Whether it's an accelerator or a plug-in that hurts normal players-including paid players-and also affects the revenue of game developers, what do we do when faced with these situations?

IOS game security, effective "kick"

How can the iOS game be protected appropriately? Face the scene everyone look forward to the eyes, Wang Guilin shared the NetEase Cloud Yi Shield effective "kick":

· The first axe is anti-static analysis, which includes string encryption, symbol confusion, code logic confusion and game archival encryption;

         Second axe is anti-dynamic debugging, Anti-Debug and communication security (data encryption);

· The third axe is external detection, accelerated hanging, memory modification and automatic task hanging and so on.

String encryption

Code Logic Confusion

Specifically, string encryption, symbol confusion, code logic confusion. String encryption, that is, when the compiler compiles the source code, the string in the program encryption, dynamic decryption when running, the symbol is used in the code to replace the class name, method name, attribute to other meaning of the name; Code logic confusion, is the compiler when compiling the source code, the structure of the transformation, Improve the complexity of the code and the difficulty of reverse analysis, so that the protection program is not easy to crack, it can also encrypt the algorithm logic and specific validation logic, such as the initial code structure is very simple, change will become very complex.

Anti-debug

Wang Guilin said that all of the above belong to the static analysis category, it is to encrypt the variable protection, so that the cracker can not search. Plug-ins will have anti-debug analysis, so static analysis is also anti-dynamic debugging, such as anti-debugging, it makes the application can not be debugged, to avoid the risk of dynamic analysis, at the same time, Yi Dun will also do communication data encryption, to prevent the capture package tool capture analysis.

Do the above protection, Yi Dun also take the initiative, do external detection, accelerated hanging, memory modification hanging and automatic task hanging and so on.

"This is the effective kick of NetEase cloud easy shield--from static analysis to anti-dynamic debugging to the last plug-in recognition, all-round protection of iOS apps and game security. "Wang Guilin finally said.

Mobile Security diagnostic room activity

today's Beijing, outside the snow, indoor enthusiasm like fire. Yi Dun United Cocos first launched a mobile game-oriented diagnostic room service, with on-site sharing answers, effectively reduce the game developers to crack the risk of the plug. Many participants praised Yi Dun's classmates for the spirit of the man-because they helped them solve a lot of practical problems.


How do I make iOS apps secure? This has a proven "kick".

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.