IOS security defense (18): Data Protection API

Data Protection API

 

 

Digress

In the beginning, I spoke a few other things. Many of my friends asked me why I didn't write defense. I did hesitate.
Hackers always imagine how to write a hacker if he is a developer before he can find the starting point. Similarly, developers also need to think about what hackers will do to take appropriate defense measures. Then there is a recursive game.
Take the jailbreak detection as an example. At first, you only need to determine whether Cydia is installed or not. hackers say yes, so I can do it without installing Cydia. The developers also said that you must use MobileSubstrate, bash, and ssh to check whether these tools are installed on your mobile phone. But what's the purpose? You can determine what I went around.

 

When class-dump becomes popular and function symbols are exposed, developers try their best to hide their own sensitive function code. Hackers also know where class-dump is, so new search methods emerge. That is to say, when a defense means becomes popular, it will no longer be a defense means that makes hackers scold "really difficult. For example, if hackers knows that all developers have erased data in the memory, it's okay to hook memset and read it before you erase it. The developer said: I directly write the hard disk and delete it! Hackers said: Have you heard of file restoration?

Okay, there are a lot of poor ones. This article introduces defense-related topics-Data Protection APIs for iOS.

 

 

Data Protection API

Files in the file system and items in the keychain are encrypted and stored. After the user unlocks the device, the system generates a password key for decryption through the UDID key and the password set by the user, which is stored in the memory until the device is locked again, developers can use the Data Protection API to set when files in the file system and items in the keychain should be decrypted.

1) File Protection

 

 

1. /* Set the protection level for the filePath file */
2. NSDictionary * attributes = [NSDictionary dictionaryWithObject: NSFileProtectionComplete
3. ForKey: NSFileProtectionKey];
4. [[NSFileManager defamanager manager] setAttributes: attributes
5. OfItemAtPath: filePath
6. Error: nil];

 

 

 

1. // File Protection Level Attribute list
2. NSFileProtectionNone // The file is unprotected and can be accessed at any time (Default)
3. NSFileProtectionComplete // The file is protected and accessible only when the device is not locked
4. NSFileProtectionCompleteUntilFirstUserAuthentication // The file is protected until the device is started and the user enters the password for the first time.
5. NSFileProtectionCompleteUnlessOpen // The file is protected and can be opened only when the device is not locked. However, even when the device is locked, files that have been opened can still be used and written.

 

2) keychain item Protection

 

1. /* Set the keychain item protection level */
2. NSDictionary * query =@{ (_ bridge id) kSecClass: (_ bridge id) kSecClassGenericPassword,
3. (_ Bridge id) kSecAttrGeneric: @ "MyItem ",
4. (_ Bridge id) kSecAttrAccount: @ "username ",
5. (_ Bridge id) kSecValueData: @ "password ",
6. (_ Bridge id) kSecAttrService: [NSBundle mainBundle]. bundleIdentifier,
7. (_ Bridge id) kSecAttrLabel :@"",
8. (_ Bridge id) kSecAttrDescription :@"",
9. (_ Bridge id) kSecAttrAccessible :( _ bridge id) kSecAttrAccessibleWhenUnlocked };
11. OSStatus result = SecItemAdd (_ bridge CFDictionaryRef) (query), NULL );

 

1. // List of keychain protection levels
2. KSecAttrAccessibleWhenUnlocked // The keychain item is protected and can be accessed only when the device is not locked.
3. KSecAttrAccessibleAfterFirstUnlock // The keychain item is protected until the device starts and the user enters the password for the first time
4. KSecAttrAccessibleAlways // The keychain is unprotected and can be accessed at any time (Default)
5. KSecAttrAccessibleWhenUnlockedThisDeviceOnly // The keychain item is protected and can be accessed only when the device is not locked and cannot be transferred to another device
6. KSecAttrAccessibleAfterFirstUnlockThisDeviceOnly // The keychain item is protected until the device starts and the user enters the password for the first time and cannot be transferred to another device
7. KSecAttrAccessibleAlwaysThisDeviceOnly // The keychain is unprotected and can be accessed at any time, but cannot be transferred to other devices

 

 

 

Application Instance

Write a piece of information infoStrng string into the file, and then set Protection through the Data Protection API.

 

 

1. NSString * documentsPath = [NSSearchPathForDirectoriesInDomains (NSDocumentDirectory, NSUserDomainMask, YES) firstObject];
2. NSString * filePath = [documentsPath stringByAppendingPathComponent: @ "DataProtect"];
3. [InfoString writeToFile: filePath
4. Atomically: YES
5. Encoding: NSUTF8StringEncoding
6. Error: nil];
7. NSDictionary * attributes = [NSDictionary dictionaryWithObject: NSFileProtectionComplete
8. ForKey: NSFileProtectionKey];
9. [[NSFileManager defamanager manager] setAttributes: attributes
10. OfItemAtPath: filePath
11. Error: nil];

After the Device Locks the screen (with password protection), the cat will be denied to read the file even if it is a jailbreaking machine with the root permission.