A short story about iOS hardening
According to legend, there is such a company that uses a unique method of iOS hardening: adding a virtual machine to the application to protect its code while the application is running. We don't know the specific implementation method, but we have to boast: talent!
Of course, Apple does not recognize them. Apple believes that they have violated the application development rules, so the company's applications were eventually banned from publishing on the App Store.
It's a story many years ago, and today we only talk about several conventional reinforcement methods.
Significance of iOS Hardening
Recently, many people have asked what is the use of iOS hardening? Does the app need hardening? In fact, it really varies from person to person. The main function of iOS is to improve the security of applications and prevent hacking and reverse engineering. Whereas "hacking and reverse engineering" would:
- Gaining unauthorized access: A common goal of hacking is to gain unauthorized access, such as breaking into a system, stealing passwords or authentication credentials, etc.
- Stealing confidential information: Hacking can also be done to steal sensitive information, such as credit card numbers, medical records, or government secrets.
- Destroying or cracking a system: Hacking may be an attempt to damage or crack a system, such as by compromising a computer system with malware, disrupting a network connection, or tampering with data.
- Gaining a commercial advantage: A common purpose of reverse engineering is to gain a commercial advantage. For example, reverse engineering can help competitors analyze your product designs and processes to improve their product quality and performance.
- Understanding and modifying software: Reverse engineering may be done to understand and modify software, for example to help diagnose and resolve software defects, or to enhance software performance and functionality, etc.
Therefore, for individuals, if the app does not have too much risk, the issue of reinforcement can basically be ignored. But for enterprises, especially banking, finance, car companies, e-commerce, games and other industries, the security of applications needs to be paid more attention to.
Common iOS Hardening Techniques
Below, we will introduce several common iOS hardening technologies, and then provide corresponding code demonstrations.
1. Anti-debugging
Anti-debugging is a common iOS hardening technique that detects whether an app is being debugged, and if so, takes appropriate action, such as crashing or exiting the app.
The following is a code example that uses the ptrace() function to implement anti-debugging:
#include <unistd.h>
#include <sys/syscall.h>
#include <dlfcn.h>
#include <string.h>
int anti_debug(void) {
void *handle = dlopen(0, RTLD_GLOBAL | RTLD_NOW);
if (handle) {
int (*ptrace_ptr)(int, pid_t, caddr_t, int) = dlsym(handle, "ptrace");
if (ptrace_ptr) {
if (ptrace_ptr(PT_DENY_ATTACH, 0, 0, 0) == -1) {
dlclose(handle);
return 1;
}
}
dlclose(handle);
}
return 0;
}
复制代码解释一下:这段代码首先使用dlopen()函数打开一个指向应用程序的句柄,然后使用dlsym()函数获取ptrace()函数的地址,最后调用ptrace()函数将PT_DENY_ATTACH标志设置为防止调试。如果ptrace()函数返回-1,则说明应用程序正在被调试,这时可以采取相应的措施,例如退出应用程序。
2. 混淆
混淆是指对应用程序的代码和数据进行混淆,以使其难以被理解和破解。 下面是一个使用LLVM混淆器进行代码混淆的代码示例:
int main(int argc, char *argv[]) {
printf("Hello, world!\n");
return 0;
}
复制代码使用LLVM混淆器可以将上面的代码混淆成以下代码:
#define _A _B + _C - _D + _E - _F
#define _B _C + _D - _E + _F - _G
#define _C _D + _E - _F + _G - _H
#define _D _E + _F - _G + _H - _I
#define _E _F + _G - _H + _I - _J
#define _F _G + _H - _I + _J - _K
#define _G _H + _I - _J + _K - _L
#define _H _I + _J - _K + _L - _M
#define _I _J + _K - _L + _M - _N
#define _J _K + _L - _M + _N - _O
#define _K _L + _M - _N + _O - _P
#define _L _M + _N - _O + _P - _Q
#define _M _N + _O - _P + _Q - _R
#define _N _O + _P - _Q + _R - _S
#define _O _P + _Q - _R + _S - _T
#define _P _Q + _R - _S + _T - _U
#define _Q _R + _S - _T + _U - _V
#define _R _S + _T - _U + _V - _W
#define _S _T + _U - _V + _W - _X
#define _T _U + _V - _W + _X - _Y
#define _U _V + _W - _X + _Y - _Z
#define _V _W + _X - _Y + _Z - argc
#define _W _X + _Y - _Z + argc - argv
#define _X _Y + _Z - argc + argv - main
#define _Y _Z + argc - argv + main - printf
#define _Z argc - argv + printf - return
#define _B0 _A1
#define _B1 _A0
#define _B2 _A3
#define _B3 _A2
#define _B4 _A5
#define _B5 _A4
#define _B6 _A7
#define _B7 _A6
#define _B8 _A9
#define _B9 _A8
#define _BA _AD
#define _BB _AC
#define _BC _AF
#define _BD _AE
#define _BE _B1
#define _BF _B0
#define a _BA
#define b _BB
#define c _BC
#define d _BD
#define e _BE
#define f _BF
int a(int b, char **c) {
return d("H") - f + e("e") + e("l") - d("o") + e(",") + e(" ") +
d("w") - e("o") + e("r") + e("l") + f + d("d") + e("!") +
e("\n");
}
复制代码可以看到,混淆后的代码与原始代码完全不同,这使得逆向工程变得困难,能达到我们防止逆向的目的。
3. 加密
加密是指对应用程序的代码和数据进行加密,以防止其被窃取和破解。下面是一个使用AES加密算法对字符串进行加密的代码示例:
#include <string.h>
#include <openssl/aes.h>
#define KEY "0123456789012345"
#define IV "0123456789012345"
int main(int argc, char *argv[]) {
char *plaintext = "Hello, world!";
unsigned char ciphertext[strlen(plaintext)];
memset(ciphertext, 0, sizeof(c
复制代码加密过程的代码如下所示:
AES_set_encrypt_key(KEY, 128, &aes_key);
AES_cbc_encrypt(plaintext, ciphertext, strlen(plaintext), &aes_key, IV, AES_ENCRYPT);
printf("Plaintext: %s\n", plaintext);
printf("Ciphertext: ");
for (int i = 0; i < strlen(plaintext); i++) {
printf("%02x", ciphertext[i]);
}
printf("\n");
return 0;
}
复制代码解释一下:这段代码首先定义一个密钥和初始向量,然后使用AES_set_encrypt_key()函数将密钥设置为128位的AES密钥。接下来,使用AES_cbc_encrypt()函数将明文加密成密文,并将结果存储在ciphertext数组中。最后,输出明文和密文。
不过,加密后的数据需要在应用程序中进行解密,否则无法正确地使用。所以,在应用程序中需要包含相应的解密代码。
总结
上面就是几种常见的iOS加固技术及相应的代码演示。虽然这些技术可以提高应用程序的安全性,但是并不能完全避免应用程序被破解和逆向工程。所以,为了保护应用程序的安全性,开发者最好还是需要采取其他措施,例如加强代码审查和安全测试,以及定期更新和修复漏洞。
PS:如果有哪位大佬知道怎么用虚拟机加固,一定要分享一下呀!(不是)
加固产品:免费试用