The topic of code obfuscation for iOS application security is divided into the following chapters:
1.iOS Application Safety Code obfuscation design article
2.iOS Application Security Code obfuscation implementation Chapter
The security of iOS application is becoming more and more important with the exposure of various events. What can be done about the security aspects of iOS applications. How to let us develop the application a little safer. To know how to be safe, it is necessary to understand how iOS applications are not safe. Now with the improvement of jailbreak technology and the improvement of various tools, it makes the reverse analysis of an iOS application become a breeze. Therefore, to make the iOS application more secure, then from the various stages of reverse engineering to layer block. Of course, this only increases the reverse to the difficulty ~.
The reverse analysis of iOS is divided into static analysis and dynamic analysis. The premise of the analysis is that there is a jailbreak equipment first, then apply to shell, will shell after the application of the tool class-dump export header file (first revealed, this article is for it, haha ~), for analysis of program logic and design implementation, using IDA or Hoper disassembly. Both of the above methods are static analysis. Using LLDB to debug the application dynamically, the method is dynamic analysis. The reverse of the matter is not much said (know these-_-|), this article is designed to increase the export of the first file analysis of the difficulty, so that the reverse personnel look at the first file two stars ~ ~
In order to have a look at the effect of two stars, it is intended to confuse the following:
1. File name
2. Class name
3. Agreement name
4. Property name
5. The name of the function
Yuan Fang, what do you think? Confuse the above content and compile the publication. The use of Clas-dump exported header files should also be confusing. And that's what we're going to achieve.
Which way to confuse it. Confusion is nothing but the original word interpretation of the key words become unreadable, that simple point, directly call the system with the MD5 encryption algorithm encryption can be.
That confusion is very simple, confusion seems to be just in the corner ~
Obfuscation principle: Extract the above content keyword that needs to be confused, then md5 the encryption, then replace the keyword that appears in the project.
The principle is very simple, what questions to consider.
1. How to extract keywords.
2. Obfuscation algorithm is simple, this is not a problem ...
3. Confuse the keyword, how to replace the original keyword it.
4. After the confusion of the project to be restored back to it.
5. The manner in which the obfuscation procedure is implemented.
...
1. How to extract keywords.
Extract the keyword, of course, based on the various keywords of their own characteristics using the tool to automatically complete the extraction. Manual extraction that's not crazy. If the tool is extracted, the keyword that conforms to the rule, including the system, is extracted. Does the program still compile? That is to say, extract the keyword, can only extract the custom, not to the system itself generated or used to extract. This is a bit troublesome ~~~~~.
2. Obfuscation algorithm
MD5, this is irreversible, so confuse, to retain the keyword and the corresponding table after the encryption, easy to follow up on the elimination of bugs.
3. Confuse the keyword, how to replace the original keyword it.
This is of course the use of tools in bulk replacement, if you encounter the following situation.
Original string: ' This is my fish. ' To replace is to ' is '. What we want is, of course, "This isn't" my fish. "Instead of" This isn't "my fis noth.". In other words, to achieve the desired goal, it must be a word matching replacement, this is very important.
4. After the confusion of the project to be restored back to it.
Can be confused, of course, can be restored back, but there seems to be no need oh ~ ~, then do not consider restore back, my site listen to me, hehe.
5. The manner in which the obfuscation procedure is implemented.
First of course is the script, command line tools rich very, can be used. Just a pity, but also to learn.
What's the point of the whole hour? When it's gone, start the whole chant.