Protect iOS Project
Overview
Virbox Protector supports to protect/encrypt the iOS project with GUI tool and CLI tool both.
The format of executive iOS application is MachO format.
Here we use the project "CoupletLabel" as a example to introduce how to use Virbox Protector to protect and distribute the project to Apple store.
Tips
It is suggested to protect iOS projects in Mac environment, which is easier and convenient to sign the iOS application;
The security of iOS application
Although the iOS application download from App Store has been protected, but with the more powerful crack tool available in the market (for example, Clutch) , with these tools, it will not make too big challenge to professional cracker to decrypt the protected iOS application. further more, the cracker may:
use the tools:
class-dump
to dump and export all of head file of MachO fille;
use hopper or IDA tools to analysis the code MachO file to reverse the source code;
So, for those machO file which require highly security, it is mandatory and necessary to protect with code hardening and app shielding tools.
Functionality
Virbox Protector
supports developer to protect iOS application, IPA package, developer may use Virbox Protector GUI tool or CLI tool, to protect specified critical functions with fine grained and general protection to iOS application or IPA package. which effectively to prevent reverse engineering, dumping, debugging tampering and repackaging to iOS application and IPA package.
General Protection to iOS app, IPA package
Set general protection in "Protection Option" tab
Memory Check
with Memory Check
, it will check and verify integrity of iOS package when load the apps, when tampering has been detected, then quit the execution;
when developer need to check memory in app execution, you can use and set the SDK label
to check memory in source code accordingly;
Objective C Name obfuscation
OC name of obfuscation, means to obfuscate class name into a meaningless string name, and cracker can not identify the calling relationship by use of class name.
Tips
OC name of obfuscation, supports to obfuscate the class name only,
doesn't support to obfuscate the name of method, for the class name which calling other resources, it doesn't support also;
If the obfuscate code involves the reflection calls cross-module , OC name obfuscation may cause the GUI interface functions doesn't work properly.
Sample
Not using OC name of obfuscation, use decompiler to decompile the class name of original iOS package, the decompiled result as shown in below:
When using the OC name of Obfuscation, the decompiled result to the class name of iOS application as shown in below:
Comparison: all class name has be obfuscated and meaningless. no useful by cracker
Debugger Detect
Debugging is important way in reverse engineering process, it will be quickly tracing & positioning to relevant logic in massive binary instruction when debugging used.
Debugger Detect feature, when this feature enabled, it will detect/monitor if current module process being debugged by IDA Pro/ lldb tools, when debugging has been detected, the protected application will be quit execution.
Strip Debugging information
the execution program in IPA package may contained debug
information and static symbol table
, which contained the information to functions name, address, etc. if such kind of information has been included when launched and released. it will have potential threaten to your apps;
Use and enable the feature: Strip Debugging information
, it will remove/strip the .debug info and static symbol table
Sample
The symbol contained in the original program: as shown in below:
The symbol when click to enable Strip debugging information
, as shown in below:
Signature Verification
To verify developer signature certificate (Team ID), to prevent the IPA package being repackaged and signed again by third party;
Tips:
1) To enable the sign verification, it is mandatory to enable sign option;
2) To enable sign, Sign verification can be optional;
Sign setting
When sign enabled, it must select the sign certificate consistent with the certificate when use xCode to compile the xCarchive, then protected app has been signed on default;
When sign disabled, then protected app will not signed on default, developer need to manual sign the protected app (for example, developer may use codesign
, iOS app Signer to sign the app);
Protect Function (Function Option tab)
Developer may select and set the protection option to specified functions in "Function Option" tabs when you use Virbox GUI tool;
Code of Obfuscation
Code obfuscation means the process of the converting the original instructions in a function into random instruction fragments that are difficult to read with the method of equivalent transformation, immediate number encryption, indirect jump, false branch, junk instruction scrambling, and instruction slicing.
Sample
Use decompiler to decompile the original applications (without code of obfuscation), as shown in below:
Use decompiler to decompile the app with the Code of obfuscation, as shown in below:
Code of Virtualization
Code of Virtualization, means with the "Virtualization" process, the original assembly instructions in the function are converted into customized virtual instructions, which are executed in a customized virtual machine at runtime, simulating the memory access, conditional judgment, register status, etc. in the assembly instructions.
Sample
Use decompiler to decompile the "Virtualized" app, as shown in below:
Protection Process: (Using Virbox Protector GUI tool)
Developer may select either the Virbox Protector GUI tool or CLI tool to protect iOS applications.
Compile application with Xcode
Compile and build
xcarchive
file which contained the dSYM file
Modify the compile option, the xcarchive
package compiled contained the dSYM file
Operation:
to select to enable Option:
DWARF with dYSM option
Tips:
The purpose to select and enable this option is to make the xcarchive file being built contained the dSYM file, which to show the function's names when Virbox Protector parse the iOS project. otherwise the functions will only show the relevant address respectively.
Diable the Bitcode option
Virbox Protector doesn't support the bitcode, and also, the Xcode editor disable the bitcode
option start from V 15., so, for developer who use the xCode editor higher than 15. you can ignore below operation;
For developer still use the xCode version under 15, it is necessary to disable the option of bitcode
when compiling project, as shown in below:
Xcode->TARGETS->Build Setting->Build Options->Enable Bitcode->no;
Build and archive the project
Build/Archive the project:
Xcode->Product->Archive
Next, Go to the Archive page
Select the project archived and right click in "Finder" to open the archive
Find the the xcarchive being built, and right click
Show Package Content
Go to the archive, find the un-protected application located at:
Products\Applications
Protect iOS Project
Open Virbox Protector GUI tools and Sign-in with your account
Find the sub directory which "application" located, Drag the "applications" into the Virbox Protector GUI tools
Protect the critical functions (in Function option tab)
Go to:
Function Option
tab and click "Add Functions
" button in upper right corner of the page
Click the "Add Function
" button in Upper right corner to select the functions which need to be protected, and right click to select the "Protection mode" to each functions: Virtualization
, Obfuscation
, or No protect
Tips
The Functions selection and protection process to iOS project is similar process to Android and native application process. more information you may refer Android protection process or Native project protection process.
Tips
For those iOS application which compiled with Objective C or Swift language, the symbole contained by themself, so Virbox Protector will parse and identify the name of function whether or not contained dSYM file;
For those iOS application called library which compiled by C/C++, then the library doesn't include symbol after compiled, so dSYM file required to identify the name of functions;
Save the dYSM file into the same directory of app files located. then Virbox Protector may parse and shown the function's name. Otherwise, the functions parsed will be shown the address only;
For xcarchive package, it is no need to save the dYSM file into the same directory. Virbox Protector will reading relevant information automatically.
The dYSM file location: as shown in below:
General Protection Setting (Setting in Protection Option tab)
Go to "Protection Option
" tab
Set the Output
path and output
file name, click box in right to change output path and output name;
Set the protection option to iOS apps in General to prevent debugging and decompiling
Memory Check: To prevent apps being tampered.
Objective-C, Name Obfuscation: To prevent the Objective-C class dumping, to get the name of method.
Debugger Detection: to detect the debugger, to prevent dynamic analysis and debug apps
Strip Debugging Info: To remove the debugging information
Sign Setting
Click to enable the Signature option, then please keep the signature certificate in consistent with the certificate signed when Xcode compile and build the xcarchive, and then the protected apps has been signed on default.
If you doesn't click to enable the signature, then the protected apps will be Not signed on default. so, it is necessary for developer to sign the protected applications manually (for example, use the "codesign " command line to sign, or use the iOS App Signer tool to sign the apps), and keep the certificated signed consistent with the certificate signed when use Xcode to built project.
Tips
If the protected apps will be installed in the mobile which non jailbreak. make sure the account specified in Xcode compiling: signing>Team, is consistent with the account used to sign in Virbox Protector.
Click "Protect Selected Project" to start protection
When protection completed, following "file" will be generated:
***.app.ssp: this is the configuration file which saved the setting of Function Option
and Protection Option
Tabs. this configuration file location is same as the original file. so it is no need to re set the configuration when you use the Virbox Protector to re protect the file. use the previous configuration file will be fine.
/protected/***.ipa: the new IPA package which protected and new generated;
/protected/***.app: the new application after protection/shielding.
Distribute the Protected Application to App store
Before distribute the application to App store, it is necessary to back up and move the original applications to another folder. and:
Move the protected application to the folder which the original application located. please don't save it in the xcarchive package.
after above update completed, back to Archived page and click "Distribute App
" to launch applications
Protection Process: By Virbox Protector CLI tool
Virbox Protector provides CLI to developer to protect iOS application;
The CLI tools: virboxprotector_con
,
located at (on default installation path):
With the Configuration file to protect iOS application
(Protection option configuration file) will be generated: .ssp
file, then developer can use the same setting (protection configuration file) and use Virbox Protector CLI to protect iOS applications, the CLI command:
then, virboxprotector_con
, the CLI tools will automatically to search the <input_file.ssp, as a configuration file and use protection option setting defined in the configuration to start the protection.
Generate the configuration file
In this step, Use Virbox Protector GUI to set the protection option in "Function Option
" and "Protection Option
" Tabs to generate .SSP file.
The setting process is similar with the process by use of Virbox Protector GUI tool to protect the apps. only difference is in last step, after you complete the all setting options, click the button:
Save all Configuration
as shown in below snapshot.
This configuration file generated will be used by CLI tool in second steps.
Use Virbox Protector CLI to protect iOS apps
Go to the sub directory which Virbox Protector CLI tool located and find the CLI tools
find the Virbox Protector app, open the app folder, you can find the
under the /contents/MacOS/bin
directory
View "Help" information:
Open the terminal windows, go to the folder: "virboxprotector_con
", input:
virboxprotector_con
to view the help information
Execute the protection command
Without the Configuration file to protect iOS application
in case the Configuration file doesn't generated, when developer use the Virbox Protector CLI to protect applications,
The CLI tool virboxprotector_con
will use the on default protection option setting to protect iOS applications;
Developer also may set the protection option by pass the options, you may refer CLI Option in below:
Protection Option setting to CLI tool
Protection Option Setting
Sample
To protect IPA package, select and enable the option:
Memory Check
Debugger Detection
Strip Debugging info
,
and disable
Sign
Use following command:
Sign Option setting
Sample
Use Command line to view system certificate
To protect IPA package, click to select the option:
Memory Check
Debugger Detection
Sign enable & Verification
Use following command:
Function Protection option setting
Support to protect functions with specified function name or set a rule to protect functions, to split each setting with semicolon,
support with wildcard *
Example
Upload the protected application
Developer use Xcode, or Transpoter to upload the protected application to App Store, developer may also use other tools to upload the application to App Store.
Here we introduce how to use Xcode and Transporter to upload/distribute the protected application into App Store.
Upload with Xcode
Before distribute the application to App store, it is necessary to back up and move the original applications to another folder;
Then move the protected application to the folder which the original application located. Please delete the related .ssp file.
after step above, return with Archive page, click
Distribute App
to upload the protected applications
Upload with Transporter
drag the protected application into the Transporter directly;
click
Verification
and wait to complete the verification process;when verification completed, click
upload
Appendix
1. How to Get crash information (find the Virbox log file) when the protected application crashed
The issue:
if the protected iOS application crashed when running in the mobile terminal, it is necessary to submit the crash information (log file which contained the crash information) to Virbox support teams, so developer need to find the log file and submit to Virbox team.
Step1
Please connect the mobile with the mac machine, and make sure the IP address of mobile keep the same IP network segment with the mac Machine's.
Step2
Open the Xcode, select the Windows>Devices and Simulator
Option
Click View Device Log
s Option
If the IP address of mobile is in the same network segment with mac machine, if the application running in the mobile terminal crashed, then the log file will be automatically synchronized to following page:
Click the Type to be the "Crash", right click "Export Log" and save the log to local machine.
2. How to use the Command line to sign (Code signing)
2.1 Use the command to query the digital certificate in the machine
2.2 Use the command codesign the application
3. How to pack the application into IPA package
3.1 Create a folder, folder name is payload
3.2 Save the protected application into the folder created in above steps
3.3 Compress the payload folder (on default compress in zip file)
3.4 Rename the suffix from .zip to .ipa
Last updated