iOS security Attack (23): Objective-c Code obfuscation

Source: Internet
Author: User

iOS Security Attack (23): Objective-c Code obfuscation

Class-dump can be very convenient to export the program header file, not only to let the attackers understand the program structure to facilitate the reverse, but also to hurry to catch up with the progress of the imperfect program written to the peer left a laughingstock.

So, we are desperate to confuse our code.



The conventional thinking of confusion


Confusion points to many ideas, such as:

1) Flower Code flower instruction, that is, random to the program to add the code instruction of the confusing person

2) Easy-to-read character substitution

Wait a minute

An effective way to prevent class-dump from reading information is to replace the easy-to-read character.




Objective-c Method Name Confusion

The timing of the confusion we hope to maintain a clear and readable program code at the time of development, for your convenience.

At the same time, the binary that you want to compile contains messy, confusing program code that is disgusting to others.

Therefore, we can set the string substitution for the method name before compiling in build Phrase.



Confusion Method Method Name confusion is actually a string substitution, there are 2 methods can be, one is # define, one is the use of tops.
The advantage of using the # define method is that it is possible to merge the results of the confusion in a. h, #import the prefix.pch at the front of the project. It is confusing to not import or compile, import.

A single-segment selector, such as Func:, can be substituted by a # define Func.
Multiple segments of selector, such as A:B:C:, can be replaced by a string of # A, B, and C respectively.




My obfuscation tool
I wrote a simple confusion script, the main idea is to focus on the sensitive method name in a file called Func.list, one-to-a-box into random characters, append write. h.

The script is as follows:

#!/usr/bin/env bashtablename=symbolssymbol_db_file= "Symbols" string_symbol_file= "func.list" HEAD_FILE= "$PROJECT _ dir/$PROJECT _name/codeobfuscation.h "Export lc_ctype=c# Maintenance database facilitates future weight createtable () {echo" CREATE table $TABLENAME (src Text, des text); "| Sqlite3 $SYMBOL _db_file}insertvalue () {echo "INSERT into $TABLENAME values (' $ ', ' $ $ ');" | Sqlite3 $SYMBOL _db_file}quer Y () {echo "select * from $TABLENAME where src= ' $ ';" | sqlite3 $SYMBOL _db_file}ramdomstring () {OpenSSL rand-base64 64 | Tr-cd ' a-za-z ' |head-c 16}rm-f $SYMBOL _db_filerm-f $HEAD _filecreatetabletouch $HEAD _fileecho ' #ifndef Demo_codeobfusca Tion_h#define demo_codeobfuscation_h ' >> $HEAD _fileecho "//confuse string at ' Date '" >> $HEAD _filecat "$ String_symbol_file "| While Read-ra line; do if [[!-Z ' $line]]; Then ramdom= ' ramdomstring ' echo $line $ramdom insertvalue $line $ramdom echo #define $line $r Amdom ">> $HEAD _file Fidoneecho" #endif ">> $HEAD _filesqLite3 $SYMBOL _db_file. Dump 


Operation Steps

1. Place the confusion script confuse.sh in the project directory
MV Confuse.sh your_proj_path/


2. Modify PREFIX.PCH
Open Xcode, modify xxx-prefix.ch, add obfuscation header file:

#ifdef __objc__    #import <UIKit/UIKit.h>    #import <Foundation/Foundation.h>    // Add a confusing header file (this file name is defined in script confuse.sh)    #import "CodeObfuscation.h" #endif


3. Configure Build Phase
Add the Execute script action in the project build phase, execute the confuse.sh script,







4. Create the Function name list func.list, write the function names to be confused, such as:
-(void) sample;
-(void) SEG1: (NSString *) string SEG2: (Nsuinteger) num;


Write it like this:
Sample
Seg1
Seg2


and place the file in the same sibling as the confuse.sh script
MV Func.list your_proj_path/




5. Compiling view results
Direct build, the obfuscation script will run before compiling, random substitution of characters, and the random characters of each build are different,








Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.