IOS-Reverse-objective-c code obfuscation-confuse.sh file notation

Class-dump can be very convenient to export the program header file, not only to let the attackers understand the program structure to facilitate the reverse, but also to hurry to catch up with the progress of the imperfect program written to the peer left a laughingstock.

So, we are desperate to confuse our code.

The conventional thinking of confusion

Confusion points to many ideas, such as:

1) Flower Code flower instruction, that is, random to the program to add the code instruction of the confusing person

2) Easy-to-read character substitution

Wait a minute

An effective way to prevent class-dump from reading information is to replace the easy-to-read character.

Objective-c Method Name Confusion

The timing of the confusion

We want to keep clear and readable program code at the time of development to make it easy for you.

At the same time, the binary that you want to compile contains messy, confusing program code that is disgusting to others.

Therefore, we can set the string substitution for the method name before compiling in build Phrase.

The method of confusion

Method name confusion is actually a string substitution, there are 2 methods can be, one is # define, one is the use of tops.
The advantage of using the # define method is that it is possible to merge the results of the confusion in a. h, #import the prefix.pch at the front of the project. It is confusing to not import or compile, import.

A single-segment selector, such as Func:, can be substituted by a # define Func.
Multiple segments of selector, such as A:B:C:, can be replaced by a string of # A, B, and C respectively.

My obfuscation tool

I wrote a simple confusion script, the main idea is to focus on the sensitive method name in a file called Func.list, one-to-a-box into random characters, append write. h.

The script is as follows:

[Plain]View PlainCopy

2. #!/usr/bin/env Bash
6. Tablename=symbols
8. symbol_db_file= "Symbols"
10. String_symbol_file= "Func.list"
12. head_file= "$PROJECT _dir/$PROJECT _name/codeobfuscation.h"
14. Export Lc_ctype=c
18. #维护数据库方便日后作排重
20. CreateTable ()
22. {
24. echo "CREATE table $TABLENAME (src text, des text);" | Sqlite3 $SYMBOL _db_file
26. }
30. Insertvalue ()
32. {
34. echo "INSERT into $TABLENAME values (' $ ', ' $ ');" | Sqlite3 $SYMBOL _db_file
36. }
40. Query ()
42. {
44. echo "SELECT * from $TABLENAME where src= ' $ ';" | Sqlite3 $SYMBOL _db_file
46. }
50. Ramdomstring ()
52. {
54. OpenSSL rand-base64 64 | Tr-cd ' a-za-z ' |head-c 16
56. }
60. Rm-f $SYMBOL _db_file
62. Rm-f $HEAD _file
64. CreateTable
68. Touch $HEAD _file
70. Echo ' #ifndef Demo_codeobfuscation_h
72. #define Demo_codeobfuscation_h ' >> $HEAD _file
74. echo "//confuse string at ' Date '" >> $HEAD _file
76. Cat "$STRING _symbol_file" | While Read-ra line; Do
78. if [[!-Z ' $line]]; Then
80. Ramdom= ' ramdomstring '
82. echo $line $ramdom
84. Insertvalue $line $ramdom
86. echo "#define $line $ramdom" >> $HEAD _file
88. Fi
90. Done
92. echo "#endif" >> $HEAD _file
98. Sqlite3 $SYMBOL _db_file. Dump

Operation Steps

1. Place the confusion script confuse.sh in the project directory
MV Confuse.sh your_proj_path/


2. Modify PREFIX.PCH
Open Xcode, modify xxx-prefix.ch, add obfuscation header file:

[OBJC]View PlainCopy

1. #ifdef __objc__
2. #import <UIKit/UIKit.h>
3. #import <Foundation/Foundation.h>
4. //Add obfuscation header file (this file name is defined in script confuse.sh)
5. #import "CodeObfuscation.h"
6. #endif

3. Configure Build Phase
Add the Execute script action in the project build phase, execute the confuse.sh script,

4. Create the Function name list func.list, write the function names to be confused, such as:
-(void) sample;
-(void) SEG1: (NSString *) string SEG2: (Nsuinteger) num;


Write it like this:
Sample
Seg1
Seg2


and place the file in the same sibling as the confuse.sh script
MV Func.list your_proj_path/




5. Compiling view results
Direct build, the obfuscation script will run before compiling, random substitution of characters, and the random characters of each build are different,

IOS-Reverse-objective-c code obfuscation-confuse.sh file notation