Protect iOS Project

Overview

Virbox Protector supports to protect/encrypt the iOS project with GUI tool and CLI tool both.

The format of executive iOS application is MachO format.

Here we use the project "CoupletLabel" as a example to introduce how to use Virbox Protector to protect and distribute the project to Apple store.

Tips

It is suggested to protect iOS projects in Mac environment, which is easier and convenient to sign the iOS application;

The security of iOS application

Although the iOS application download from App Store has been protected, but with the more powerful crack tool available in the market (for example, Clutch) , with these tools, it will not make too big challenge to professional cracker to decrypt the protected iOS application. further more, the cracker may:

use the tools:

class-dump to dump and export all of head file of MachO fille;

use hopper or IDA tools to analysis the code MachO file to reverse the source code;

So, for those machO file which require highly security, it is mandatory and necessary to protect with code hardening and app shielding tools.

Functionality

Virbox Protector supports developer to protect iOS application, IPA package, developer may use Virbox Protector GUI tool or CLI tool, to protect specified critical functions with fine grained and general protection to iOS application or IPA package. which effectively to prevent reverse engineering, dumping, debugging tampering and repackaging to iOS application and IPA package.

General Protection to iOS app, IPA package

Set general protection in "Protection Option" tab

Memory Check

with Memory Check, it will check and verify integrity of iOS package when load the apps, when tampering has been detected, then quit the execution;

when developer need to check memory in app execution, you can use and set the SDK label to check memory in source code accordingly;

Objective C Name obfuscation

OC name of obfuscation, means to obfuscate class name into a meaningless string name, and cracker can not identify the calling relationship by use of class name.

Tips

  1. OC name of obfuscation, supports to obfuscate the class name only,

doesn't support to obfuscate the name of method, for the class name which calling other resources, it doesn't support also;

  1. If the obfuscate code involves the reflection calls cross-module , OC name obfuscation may cause the GUI interface functions doesn't work properly.

Sample

Not using OC name of obfuscation, use decompiler to decompile the class name of original iOS package, the decompiled result as shown in below:

When using the OC name of Obfuscation, the decompiled result to the class name of iOS application as shown in below:

Comparison: all class name has be obfuscated and meaningless. no useful by cracker

Debugger Detect

Debugging is important way in reverse engineering process, it will be quickly tracing & positioning to relevant logic in massive binary instruction when debugging used.

Debugger Detect feature, when this feature enabled, it will detect/monitor if current module process being debugged by IDA Pro/ lldb tools, when debugging has been detected, the protected application will be quit execution.

Strip Debugging information

the execution program in IPA package may contained debug information and static symbol table, which contained the information to functions name, address, etc. if such kind of information has been included when launched and released. it will have potential threaten to your apps;

Use and enable the feature: Strip Debugging information, it will remove/strip the .debug info and static symbol table

Sample

The symbol contained in the original program: as shown in below:

The symbol when click to enable Strip debugging information, as shown in below:

Signature Verification

To verify developer signature certificate (Team ID), to prevent the IPA package being repackaged and signed again by third party;

Tips:

1) To enable the sign verification, it is mandatory to enable sign option;

2) To enable sign, Sign verification can be optional;

Sign setting

When sign enabled, it must select the sign certificate consistent with the certificate when use xCode to compile the xCarchive, then protected app has been signed on default;

When sign disabled, then protected app will not signed on default, developer need to manual sign the protected app (for example, developer may use codesign, iOS app Signer to sign the app);

Protect Function (Function Option tab)

Developer may select and set the protection option to specified functions in "Function Option" tabs when you use Virbox GUI tool;

Code of Obfuscation

Code obfuscation means the process of the converting the original instructions in a function into random instruction fragments that are difficult to read with the method of equivalent transformation, immediate number encryption, indirect jump, false branch, junk instruction scrambling, and instruction slicing.

Sample

Use decompiler to decompile the original applications (without code of obfuscation), as shown in below:

Use decompiler to decompile the app with the Code of obfuscation, as shown in below:

Code of Virtualization

Code of Virtualization, means with the "Virtualization" process, the original assembly instructions in the function are converted into customized virtual instructions, which are executed in a customized virtual machine at runtime, simulating the memory access, conditional judgment, register status, etc. in the assembly instructions.

Sample

Use decompiler to decompile the "Virtualized" app, as shown in below:

Protection Process: (Using Virbox Protector GUI tool)

Developer may select either the Virbox Protector GUI tool or CLI tool to protect iOS applications.

Compile application with Xcode

  1. Compile and build xcarchive file which contained the dSYM file

Modify the compile option, the xcarchive package compiled contained the dSYM file

Operation:

 Xcode->TARGETS->Build Setting->Build Options->Debug Information Format

to select to enable Option:

DWARF with dYSM option

Tips:

The purpose to select and enable this option is to make the xcarchive file being built contained the dSYM file, which to show the function's names when Virbox Protector parse the iOS project. otherwise the functions will only show the relevant address respectively.

  1. Diable the Bitcode option

Virbox Protector doesn't support the bitcode, and also, the Xcode editor disable the bitcode option start from V 15., so, for developer who use the xCode editor higher than 15. you can ignore below operation;

For developer still use the xCode version under 15, it is necessary to disable the option of bitcode when compiling project, as shown in below:

Xcode->TARGETS->Build Setting->Build Options->Enable Bitcode->no;

  1. Build and archive the project

Build/Archive the project:

Xcode->Product->Archive

  1. Next, Go to the Archive page

  1. Select the project archived and right click in "Finder" to open the archive

  1. Find the the xcarchive being built, and right click Show Package Content

  1. Go to the archive, find the un-protected application located at:

Products\Applications

Protect iOS Project

Open Virbox Protector GUI tools and Sign-in with your account

Find the sub directory which "application" located, Drag the "applications" into the Virbox Protector GUI tools

Protect the critical functions (in Function option tab)

Go to:

Function Option tab and click "Add Functions" button in upper right corner of the page

Click the "Add Function" button in Upper right corner to select the functions which need to be protected, and right click to select the "Protection mode" to each functions: Virtualization, Obfuscation, or No protect

Tips

The Functions selection and protection process to iOS project is similar process to Android and native application process. more information you may refer Android protection process or Native project protection process.

Tips

For those iOS application which compiled with Objective C or Swift language, the symbole contained by themself, so Virbox Protector will parse and identify the name of function whether or not contained dSYM file;

For those iOS application called library which compiled by C/C++, then the library doesn't include symbol after compiled, so dSYM file required to identify the name of functions;

Save the dYSM file into the same directory of app files located. then Virbox Protector may parse and shown the function's name. Otherwise, the functions parsed will be shown the address only;

For xcarchive package, it is no need to save the dYSM file into the same directory. Virbox Protector will reading relevant information automatically.

The dYSM file location: as shown in below:

General Protection Setting (Setting in Protection Option tab)

Go to "Protection Option" tab

Set the Output path and output file name, click box in right to change output path and output name;

Set the protection option to iOS apps in General to prevent debugging and decompiling

Memory Check: To prevent apps being tampered.

Objective-C, Name Obfuscation: To prevent the Objective-C class dumping, to get the name of method.

Debugger Detection: to detect the debugger, to prevent dynamic analysis and debug apps

Strip Debugging Info: To remove the debugging information

Sign Setting

Click to enable the Signature option, then please keep the signature certificate in consistent with the certificate signed when Xcode compile and build the xcarchive, and then the protected apps has been signed on default.

If you doesn't click to enable the signature, then the protected apps will be Not signed on default. so, it is necessary for developer to sign the protected applications manually (for example, use the "codesign " command line to sign, or use the iOS App Signer tool to sign the apps), and keep the certificated signed consistent with the certificate signed when use Xcode to built project.

Tips

If the protected apps will be installed in the mobile which non jailbreak. make sure the account specified in Xcode compiling: signing>Team, is consistent with the account used to sign in Virbox Protector.

Click "Protect Selected Project" to start protection

When protection completed, following "file" will be generated:

***.app.ssp: this is the configuration file which saved the setting of Function Option and Protection Option Tabs. this configuration file location is same as the original file. so it is no need to re set the configuration when you use the Virbox Protector to re protect the file. use the previous configuration file will be fine.

/protected/***.ipa: the new IPA package which protected and new generated;

/protected/***.app: the new application after protection/shielding.

Distribute the Protected Application to App store

Before distribute the application to App store, it is necessary to back up and move the original applications to another folder. and:

Move the protected application to the folder which the original application located. please don't save it in the xcarchive package.

after above update completed, back to Archived page and click "Distribute App" to launch applications

Protection Process: By Virbox Protector CLI tool

Virbox Protector provides CLI to developer to protect iOS application;

The CLI tools: virboxprotector_con ,

located at (on default installation path):

Windows:C:\Program Files\senseshield\Virbox Protector 3\bin 

Linux:/usr/share/virboxprotector/bin 

macOS:/Applications/Virbox Protector 3.app/Contents/MacOS/bin

With the Configuration file to protect iOS application

(Protection option configuration file) will be generated: .ssp file, then developer can use the same setting (protection configuration file) and use Virbox Protector CLI to protect iOS applications, the CLI command:

 virboxprotector_con <input_file> -o <output_file>

then, virboxprotector_con , the CLI tools will automatically to search the <input_file.ssp, as a configuration file and use protection option setting defined in the configuration to start the protection.

Generate the configuration file

In this step, Use Virbox Protector GUI to set the protection option in "Function Option" and "Protection Option" Tabs to generate .SSP file.

The setting process is similar with the process by use of Virbox Protector GUI tool to protect the apps. only difference is in last step, after you complete the all setting options, click the button:

Save all Configuration

as shown in below snapshot.

This configuration file generated will be used by CLI tool in second steps.

Use Virbox Protector CLI to protect iOS apps

Go to the sub directory which Virbox Protector CLI tool located and find the CLI tools

find the Virbox Protector app, open the app folder, you can find the

virboxprotector_con

under the /contents/MacOS/bin directory

View "Help" information:

Open the terminal windows, go to the folder: "virboxprotector_con", input:

virboxprotector_con

to view the help information

Execute the protection command

 virboxprotector_con helloworld.app -o ssp.helloworld.app

Without the Configuration file to protect iOS application

in case the Configuration file doesn't generated, when developer use the Virbox Protector CLI to protect applications,

The CLI tool virboxprotector_con will use the on default protection option setting to protect iOS applications;

Developer also may set the protection option by pass the options, you may refer CLI Option in below:

Protection Option setting to CLI tool

Protection Option Setting

Protection setting

Option

on default value

Memory Check

--mem-check=

0

Debugger detection

--detect-dbg=

0

Objective C Name Obfuscation

--objc-rename=

0

Sign setting: enable sign

--sign-check=

0

Strip Debugging info

--strip-dbginfo=

1

Sample

To protect IPA package, select and enable the option:

Memory Check

Debugger Detection

Strip Debugging info,

and disable

Sign

Use following command:

virboxprotector_con test.ipa --mem-check=1 --detect-dbg=1 --strip-dbginfo=1 -o protector/test.ipa

Sign Option setting

Setting

Option

Sign enable

--sign=

Certificate

--identity=

ipa package output

--ipa=

Sample

  1. Use Command line to view system certificate

     security find-identity -v -p codesigning

  2. To protect IPA package, click to select the option:

    Memory Check

    Debugger Detection

    Sign enable & Verification

    Use following command:

    virboxprotector_con test.ipa --mem-check=1 --detect-dbg=1 --sign-check=1 --sign=1 --identity="certficate id" -o protector/test.ipa

Function Protection option setting

Function Protection setting

Option

Code of Virtualization

-v

Code of Obfuscation (Mutation)

-m

Code of Encryption

-e

Ignore the function not support

--ignore-unsupported=

Support to protect functions with specified function name or set a rule to protect functions, to split each setting with semicolon,

support with wildcard *

Example

-m "function1;function2" -v "function3;function4" -e "test*" --ignore-unsupported=1

Upload the protected application

Developer use Xcode, or Transpoter to upload the protected application to App Store, developer may also use other tools to upload the application to App Store.

Here we introduce how to use Xcode and Transporter to upload/distribute the protected application into App Store.

Upload with Xcode

  1. Before distribute the application to App store, it is necessary to back up and move the original applications to another folder;

  2. Then move the protected application to the folder which the original application located. Please delete the related .ssp file.

  3. after step above, return with Archive page, click Distribute App to upload the protected applications

Upload with Transporter

  1. drag the protected application into the Transporter directly;

  2. click Verification and wait to complete the verification process;

  3. when verification completed, click upload

Appendix

1. How to Get crash information (find the Virbox log file) when the protected application crashed

The issue:

if the protected iOS application crashed when running in the mobile terminal, it is necessary to submit the crash information (log file which contained the crash information) to Virbox support teams, so developer need to find the log file and submit to Virbox team.

Step1

Please connect the mobile with the mac machine, and make sure the IP address of mobile keep the same IP network segment with the mac Machine's.

Step2

Open the Xcode, select the Windows>Devices and Simulator Option

Click View Device Logs Option

If the IP address of mobile is in the same network segment with mac machine, if the application running in the mobile terminal crashed, then the log file will be automatically synchronized to following page:

Click the Type to be the "Crash", right click "Export Log" and save the log to local machine.

2. How to use the Command line to sign (Code signing)

2.1 Use the command to query the digital certificate in the machine

 security find-identity -v -p codesigning

2.2 Use the command codesign the application

  codesign -fs <certificate info>  ***.app

3. How to pack the application into IPA package

3.1 Create a folder, folder name is payload

3.2 Save the protected application into the folder created in above steps

3.3 Compress the payload folder (on default compress in zip file)

3.4 Rename the suffix from .zip to .ipa

PreviousBest Practice to Protect Android AppsNextProtect Scripting language

Last updated