Foreword:
Speaking of code obfuscation , many iOS development partners must be familiar with it. Whether it is for the security of the APP or Apple review teamafter it has withstood all kinds of damage, iOS code obfuscation has become particularly important.
What is code obfuscation
Here is a simple explanation of iOS code obfuscation:
iOS code obfuscation is a technique used to increase the security of an application, making it more difficult to reverse engineer or crack. Obfuscation transforms code to make it difficult to understand, but leaves its functionality unaffected at runtime. Here are some common iOS code obfuscation techniques:
- Name Obfuscation : Obfuscate code by changing the names of variables, methods, and classes to irrelevant names. For example,
loginButtonrename toa1b2c3, to make the code harder to understand.- Control flow obfuscation : Obfuscate the code logic by modifying the control flow of the code, such as inserting useless conditional branches, jumps, and loops. This can increase the difficulty of analysis.
- String encryption : Encrypt strings in your application so they can only be decrypted at runtime. This protects sensitive information such as API keys and passwords.
- Constant obfuscation : Changing constant values (such as numbers, enumeration values) into opaque expressions so that they are no longer obvious.
- Method Obfuscation : Obfuscate code by changing the names and signatures of methods. This can make it more difficult to understand the code.
- Anti-debugging techniques : Embed logic to detect and counteract debugging tools in the code to prevent malicious users from trying to debug in the application.
- Code Optimization : Code is optimized to make it more complex, difficult to analyze, and maintain high performance at runtime.
- Virtualization : Convert part of the code into virtual machine bytecode to increase the difficulty of analysis. This is typically used to protect highly sensitive portions of code.
- Resource Obfuscation : Obfuscate resource files (such as images, audio files) so that they are not easily extracted and reused.
- Runtime Detection : Detect reverse engineering attempts while the application is running, such as Detection,
Hookingand Detection.
Special Note
This article mainly talks about the confusion about Apple’s review . If you want to know more about application reinforcement, we will continue to update it in subsequent articles😁!
In iOS obfuscation, we usually use six methods such as naming obfuscation , control flow obfuscation , string encryption , constant obfuscation , method obfuscation , and resource obfuscation .
Specific operations
Next, we will briefly explain the differences and specific operations of the above 6 methods using Objective-C.
- Naming confusion
#import "ViewController.h"
@interface ViewController ()
@property (nonatomic, copy) NSString *propertyA;
@end
@implementation ViewController
- (void)viewDidLoad {
[super viewDidLoad];
// Do any additional setup after loading the view.
}
/// A
-(void)func_methodA {
NSString *string = @"A";
string = [string stringByAppendingPathComponent:@"B"];
NSLog(@"%@", string);
}
@end
In ViewController.m, there is a property: propertyA, and a method: func_methodA,