在编译的iOS应用程序(IPA)中加密内容 [英] Encryption of contents in compiled iOS app ( IPA )
问题描述
由于IPA结构只是一个压缩文件,其中包含编译代码和媒体内容,如图像&音频,我如何保护内容免受别人的窃取?有没有加密可以添加到IPA?
对不起,这只是应用程序的二进制文件。其他媒体没有加密,不,没有办法加密.ipa。您可以尝试加密您的系统上的图像和其他媒体,提供一堆应用程序代码来在应用程序运行时解密这些资源,然后解密代码将成为加密应用程序二进制文件的一部分。您不能提交加密的IPA,但它需要是从Xcode直接输出的文件。
为了回应您的评论,我使用的是CommonCrypto 。您需要 #import< CommonCrypto / CommonCryptor.h> ,我用作我的起点的实现是 NSMutableData上的这个类别。
上述类别的简单使用示例:
NSMutableData * imageData = [NSMutableData dataWithContentsOfFile:pathToEncryptedFile];
[imageData decryptWithKey:@SuperSecretDecryptionKey];
UIImage * decryptptedImage = [UIImage imageWithData:imageData];
重要提示:如果有人要运行字符串实用程序在您的 .app 在越狱iphone上,甚至在iPhone上,他们可以通过USB进行文件系统访问,您应用中声明的所有字符串列表。这包括SuperSecretDecryptionKey。所以你可能想要使用一个整数,浮点或其他常量做一个字符串解密密钥的即时生成,或者确保你用来解密事物的字符串与正常的系统字符串完全相同没有人怀疑它是真正的关键。
更新:您应该查看 AQToolkit 对于这种事情,这是非常全面的。 >
要加密/解密 *。strings 文件,您应该以某种方式加密密钥和值字符串(可能是给您可以使用十六进制或任何字母数字字符),如果要访问给定值,请说 LicenceNumber ,请执行以下操作:
NSMutableData * keyToRequest = [@LicenceNumber
dataUsingEncoding:NSUTF8StringEncoding];
[keyToRequest encryptWithKey:@SuperSecretEncryptionKey];
NSMutableData * valueToRequest = [[NSBundle mainBundle]
localizedStringForKey:[NSString
stringWithUTF8String:[keyToRequest bytes]]
值:@无许可证
表:@ EncryptedStringsFile];
[valueToRequest decryptWithKey:@SuperSecretDecryptionKey];
As IPA structure is just a zipped file containing compiled codes & media contents like images & audio, how can I protect the contents from being extracted and stolen by others? Is there any encryption I can add into the IPA?
This answer mentions that the application is already encrypted by the time it gets onto your users' devices: Does Apple modify iOS application executables on apps submitted to the App Store?
Sorry, that's only the application binary. The other media are not encrypted, and no, there's no way to encrypt the .ipa. You could try encrypting your images and other media on your system, providing a bunch of application code to decrypt those resources when the app runs, and then your decryption code will become a part of the encrypted application binary. You can't submit an encrypted IPA though, it needs to be the file directly output from Xcode.
In response to your comment, the one I've used is CommonCrypto. You need to #import <CommonCrypto/CommonCryptor.h>, and the implementation I used as my starting point was this category on NSMutableData.
Simple usage example of the above category:
NSMutableData *imageData = [NSMutableData dataWithContentsOfFile:pathToEncryptedFile];
[imageData decryptWithKey:@"SuperSecretDecryptionKey"];
UIImage *decryptedImage = [UIImage imageWithData:imageData];
IMPORTANT NOTE HERE: IF someone was to run the strings utility on your .app on a jailbroken iphone, or even on an iPhone they have filesystem access to via USB, they will get a list of all strings declared in your app. This includes "SuperSecretDecryptionKey". So you may want to use an integer, floating-point or other constant to do on-the-fly generation of a string decryption key, or make sure that the string you use to decrypt things is exactly the same as a normal system string so no-one suspects it as the true key. Security through obscurity, in this case, is advantageous.
Update: You should check out AQToolkit for this kind of thing, it's quite comprehensive.
To encrypt/decrypt *.strings files, you should encrypt the key and value strings in some manner (maybe one which give you hexadecimal back, or any alphanumeric characters), and when you want to access a given value, say LicenceNumber, do this:
NSMutableData *keyToRequest = [@"LicenceNumber"
dataUsingEncoding:NSUTF8StringEncoding];
[keyToRequest encryptWithKey:@"SuperSecretEncryptionKey"];
NSMutableData *valueToRequest = [[NSBundle mainBundle]
localizedStringForKey:[NSString
stringWithUTF8String:[keyToRequest bytes]]
value:@"No licence"
table:@"EncryptedStringsFile"];
[valueToRequest decryptWithKey:@"SuperSecretDecryptionKey"];
这篇关于在编译的iOS应用程序(IPA)中加密内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
