在iOS和反编译如何可能性prevent他们 [英] Decompilation possibilities in iOS and how to prevent them
问题描述
最近,我读到iOS应用程序的编译和我现在真的关心。如下面的帖子(声明#1 和<一个href=\"http://stackoverflow.com/questions/2661722/decompile-an-app-binary-to-get-back-to-source-$c$c\">#2)它可以反编译它分布到App Store在iOS,这可以通过越狱来完成,我认为从内存复制应用HDD,随着一些工具,可以
- 读出的字符串(字符串工具)
- 转储头文件
- 反向工程装配code
这似乎不是可能扭转工程师可可code。
由于安全是我创建软件的一个功能,我想prevent坏用户重建我的安全功能(加密与关键或者登录的网站)。所以,我想出了以下几个问题:
- 有人能重建我的储蓄和装配加密或登录方法?我的意思是他能明白究竟是怎么回事(是什么保存到此时哪条路,哪个键被使用等等,什么凭据到网站上进行登录)?我已经没有装配理解它看起来像矩阵我...
- 如何securly使用
NSString的不能用字符串中读出或组装看?我知道有一个可以做字符串混淆 - 但这仍然不牢固,是不是 ?
这是人们一直在追逐多年的一个问题,任何充分激励的人用技能将能够找到办法,找出任何信息你不'T希望他们能找出来,如果这些信息都保存在设备上。
如果没有越狱,有可能通过购买或下载的二进制拆卸的应用程序。这是静态的检查,并与标准拆卸工具容易。虽然你需要有一个工具,它是不够好,从链接器添加符号和理解方法调用到能够梳理出了什么事情。如果你想获得它是怎样工作的感觉,请料斗,这是一个很好的拆卸/逆向工程工具。
具体到你的安全日志中的问题,你有一个更大的问题,如果你有一个积极的攻击:基于系统的人在这方面的中间人攻击。在这种情况下,攻击者可以垫片出系统使用的网络code和看到任何这是通过标准网络发送。因此,你不能依赖于能够任何形式的未加密的数据发送到在操作系统或图书馆级安全管,并期望它不受待见。至少,你需要获取数据进入管道之前加密(即你可以不依赖于任何发送纯文本标准的SSL库)。您可以编译自己的SSL库,直接到您的应用程序,这意味着你没有得到任何系统的性能和安全性增强功能随着时间的推移链接它们,但你可以手动升级SSL库是必要的。你也可以创建自己的加密,但是这是充满了潜在的问题,因为动机的黑客可能会发现很容易在这一点上攻击你的有线协议(如SSL公开测试的协议通常比更安全你可以拼凑自己,除非你是多年的安全/加密经验)一个特别有天赋的开发者。
然而,这一切假设你的攻击者被充分激发。如果您删除了唾手可得的,你可以到prevent从制作在搞清楚你的系统的简单尝试休闲的黑客。有些事情,以避免:
- 存储明文加密密钥加密两侧
- 存储特别命名的资源(一个名为
serverkey.text或密钥存储在一个plist出现,其中包含键<名称的键/ code>都是经典) - 避免简单的密码尽可能
但是,最重要的是创造一个存储在应用程序的键(如果有的话)本身是无用户必须输入本身(直接或间接通过系统如OAUTH)信息无用的系统。服务器不应该相信任何重要的操作客户端,而曾与谁是可以信任的用户交互的一些
苹果钥匙扣提供了一个好地方来存储身份验证令牌,如一个OAuth序列中检索到的。该API是有点辛苦地工作着,但该系统是坚实的。
在最后,问题是,无论你做什么,你只是不停的在工作,它需要打败你的措施金额的赌注。攻击者获取到控制所有的方程的重要组成部分,所以他们最终会战胜设备上的任何内容。你将需要决定多少努力投入固定客户,VS保护服务器安全和监测滥用。由于攻击者拥有所有的卡片在设备上,你的更好的方法将是可在服务器上实现,以提高自己的目标的方法。
I recently read about decompilation of iOS apps and I'm now really concerned about it. As stated in the following posts (#1 and #2) it is possible to decompile an iOS which is distributed to the App Store. This can be done with jailbreak and I think with copying the app from memory to hdd. With some tools it is possible to
- read out strings (strings tools)
- dump the header files
- reverse engineer to assembly code
It seems NOT to be possible to reverse engineer to Cocoa code.
As security is a feature of the software I create, I want to prevent bad users from reconstructing my security functions (encryption with key or log in to websites). So I came up with the following questions:
- Can someone reconstruct my saving and encryption or login methods with assembly? I mean can he understand what exactly is going on (what is saved to which path at which time, which key is used etc., with what credentials is a login to which website performed)? I have no assembly understanding it looks like the matrix for me...
- How can I securly use
NSStringswhich cannot be read out with strings or read in assembly? I know one can do obfuscation of strings - but this is still not secure, isn't it?
This is a problem that people have been chasing for years, and any sufficiently-motivated person with skills will be able to find ways to find out whatever information you don't want them to find out, if that information is ever stored on a device.
Without jailbreaking, it's possible to disassemble apps by using the purchased or downloaded binary. This is static inspection and is facilitated with standard disassembly tools. Although you need to have a tool which is good enough to add symbols from the linker and understand method calls sufficiently to be able to tease out what's going on. If you want to get a feel for how this works, check out hopper, it's a really good disassembly/reverse-engineering tool.
Specifically to your secure log in question, you have a bigger problem if you have a motivated attacker: system-based man-in-the-middle attacks. In this case, the attacker can shim out the networking code used by your system and see anything which is sent via standard networking. Therefore, you can't depend on being able to send any form of unencrypted data into a "secure" pipe at the OS or library level and expect it not to be seen. At a minimum you'll need to encrypt before getting the data into the pipe (i.e. you can't depend on sending any plain text to standard SSL libraries). You can compile your own set of SSL libraries and link them directly in to your App, which means you don't get any system performance and security enhancements over time, but you can manually upgrade your SSL libraries as necessary. You could also create your own encryption, but that's fraught with potential issues, since motivated hackers might find it easier to attack your wire protocol at that point (publicly-tested protocols like SSL are usually more secure than what you can throw together yourself, unless you are a particularly gifted developer with years of security/encryption experience).
However, all of this assumes that your attacker is sufficiently motivated. If you remove the low-hanging fruit, you may be able to prevent a casual hacker from making a simple attempt at figuring out your system. Some things to avoid:
- storing plain-text encryption keys for either side of the encryption
- storing keys in specifically named resources (a file named
serverkey.textor a key stored in a plist with a name which containskeyare both classics) - avoid simple passwords wherever possible
But, most important is creating systems where the keys (if any) stored in the application themselves are useless without information the user has to enter themselves (directly, or indirectly through systems such as OAUTH). The server should not trust the client for any important operation without having had some interaction with a user who can be trusted.
Apple's Keychain provides a good place to store authentication tokens, such as the ones retrieved during an OAUTH sequence. The API is a bit hard to work with, but the system is solid.
In the end, the problem is that no matter what you do, you're just upping the ante on the amount of work that it takes to defeat your measures. The attacker gets to control all of the important parts of the equation, so they will eventually defeat anything on the device. You are going to need to decide how much effort to put into securing the client, vs securing the server and monitoring for abuse. Since the attacker holds all of the cards on the device, your better approach is going to be methods that can be implemented on the server to enhance your goals.
这篇关于在iOS和反编译如何可能性prevent他们的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
