2015/01/06

Object-C Code Obfuscators

iOS application protection


Object-C是有反射(reflect)机制的,可以被用来做混淆,在一定程度上提高代码的安全性。
关键代码把核心逻辑尽量放在c层, 这样还有一个好处是iOS和android可以公用.

数据加密,服务器解析
一般对各个参数进行签名验证,对核心参数进行加密,而且防止别人进行重放攻击,一般都会将时间戳做为一个参数

Protection Techniques:
  1. Control flow obfuscation e.g. ARM instruction flows are mangled with redundant instructions to try to hide the original purpose of the code,
  2. Class and Method renaming - renames your methods and classes to meaningless names although you have to be careful where this is used as you can easily break your app because the Objective-C runtime is expecting to find certain names,
  3. String encryption - all static strings in the app are encrypted and code is inserted to decrypt the strings just before use in order to make static analysis harder
  4. Anti-debug - code is inserted to break the usual debuggers (not always successfully),
  5. Anti-tamper - usually builds a network of checksums that protect the binary code from modification,
  6. Objective-C runtime protection - usually checks obj-c registered method implementations to make sure that they are in the app and haven't been 'swizzled'. 
  7. encrypt constant, strings, decrypt in real-time
  8. encrypt local stored files

Detection Techniques:
  • detect debug status
  • detect jail-break status
  • integrity check of data or piece of code

Object-C code obfuscators:
  • EnsureIT for Apple iOS
  • Contaxiom Code Protection
  • Arxan,
  • Metaforic,
  • Cryptanium
  • iOS class-guard to rename class /method names

RE tools:
  • class-dump
  • gdb
  • IDA pro/hopper disassembler

没有评论: