Swift:如何完全去除内部/内嵌符号? [英] Swift: how to fully strip internal/inline symbols?
问题描述
我需要在Swift中编写一些许可证检查代码.我知道Swift最初并不是那种代码的最佳选择,因为它很难混淆.但是,如果需要知道应用程序是否已注册的代码是用Swift编写的,那还是比将许可证检查代码放在一个可以换出的单独框架中更好.
I need to write some license checking code in Swift. I know Swift is not optimal for that kind of code in the first place, as it is harder to obfuscate. But if the code that needs to know whether the app is registered is written in Swift, this is still better than putting the license checking code in a separate framework that can be swapped out.
为了使对代码的攻击更加困难,我试图通过至少删除与代码相关的符号来使代码模糊.
To make attacking that code harder, I'm trying to obfuscate the code by at least removing the symbols related to it.
为此,我有一些具有内部可见性的内联方法,如下所示:
For this, I have some inlined methods with internal visibility as follows:
@inline(__always) static func checkLicense() { /* license checking code */ }
鉴于该方法应始终内联,因此无需在二进制文件的符号表中包括该方法的名称.(我知道 inline 批注通常仅是对编译器的提示,但我有理由相信它们在这种情况下确实有效.)
Given that the method should always be inlined, there should be no need to include the method's name in the binary's symbol table. (I know that inline annotations often only are hints to the compiler, but I have reason to believe that they do work in this case.)
与此相符, nm MyApp.app/Contents/MacOS/MyApp 不包含对 checkLicense 的引用.但是, strings MyApp.app/Contents/MacOS/MyApp 的输出仍然包含对 checkLicense 的引用,而且恐怕攻击者可能会更容易地使用该信息.攻击许可证检查代码.
In line with that, nm MyApp.app/Contents/MacOS/MyApp does not contain references to checkLicense.
However, the output of strings MyApp.app/Contents/MacOS/MyApp still contains references to checkLicense, and I'm afraid that an attacker could use that information to more easily attack the license checking code.
这是我的问题:
- 这些字符串将对攻击者有所帮助吗?或者,如果没有相应的符号信息(它们将由
nm公开),它们将无用吗? - 在运送我的代码时,下面列出的剥离设置(特别是剥离所有符号)是否会引起问题?尝试符号化堆栈跟踪时?我确实保留了已发送的二进制文件的dSYM.
- 将"Perform Single-Object Prelink"设置为"Yes"有助于混淆代码吗?我看到的唯一效果是dSYM的大小从〜8 MB缩小到〜6 MB.
- Will these strings help an attacker, or are they useless without the corresponding symbol info (which would be exposed by
nm)? - Would the strip settings listed below (in particular, stripping all symbols) cause a problem when shipping my code - e.g. when trying to symbolicate stack traces? I do keep the dSYMs of the shipped binaries.
- Would setting "Perform Single-Object Prelink" to Yes help in obfuscating the code? The only effect I can see is that the dSYMs size shrinks from ~8 MB to ~6 MB.
我当前正在使用以下构建选项:
I am currently using the following build options:
- 部署后处理=是
- 链接链接产品=是
- 使用单独的剥离=是
- 条形样式=所有符号
- 其他链接器标志="-Xlinker -x"
- 执行单对象预链接=否(请参见上文)
推荐答案
我再次对此进行了调查,发现以下剥离设置对发布版本有效:
I have investigated this again, and found the following strip settings to work well for Release builds:
- 部署后处理=是
- 链接链接产品=是
- 执行单对象预链接=否
- 使用单独的条带:可选,没有区别
- 条纹样式:
- 主应用程序的所有符号(根据 查看全文
