如何在运行时确定应用程序是用于开发，应用程序商店还是临时分发？ [英] How to determine at run-time if app is for development, app store or ad hoc distribution?

问题描述

有没有办法以编程方式确定当前正在运行的应用程序是仅为开发而构建和签名还是为了分发而构建？并且可以确定是否为应用商店或临时分发构建？

是否为例如可能访问代码签名并从那里获取信息？或者某些变体中是否存在某些其他变体中不存在的文件？是捆绑信息的一部分吗？或者它可以从可执行文件派生吗？

任何提示都表示赞赏。

---

似乎embedded.mobileprovision文件是ASN.1格式。

解决方案

最简单的方法检查是看 embedded.mobileprovision （ [[NSBundle mainBundle] pathForResource：@embedded.mobileprovisionofType：nil] ）：

• 解析时有点痛苦，因为它是签名的plist（PKCS＃7签名数据，根据 openssl asn1parse -inform der ），但糟糕的黑客只是寻找< plist 和 < / plist> 。


• 开发包含UDID和< key> get-task-allow< / key>< true />


• Ad Hoc发行版包含UDID（和get-task-allow = false）


• App Store发行版不包含UDID。

您可以检查的另一件事是权利em在可执行文件中填充（ otool -l <​​/ code>将其列为 LC_CODE_SIGNATURE ）。解析这个更加繁琐（您需要解析Mach-O头和加载命令，对于现在默认的通用二进制文件，您需要检查当前加载的体系结构或所有体系结构）。 p>



• 开发版本包含< key> get-task-allow< / key>< true />


• Ad Hoc和App Store构建包含< key> get-task-allow< / key>< false />

我认为权利不区分Ad Hoc和App Store构建。

除了那些和它签署的证书之外，开发/ Ad Hoc / App Store应用程序之间没有区别（权利/配置文件中还有一些其他内容，但没有更可靠的我可以想到。）

安全注意事项

这些都难以规避。对于第一种方法，应用程序可能只是swizzle - [NSBundle pathForResource：ofType：] 。第二种方法有点困难，具体取决于您用来读取文件的API。

Is there a way to determine programmatically if the currently running app was built and signed for development only or whether it was built for distribution? And can one determine if was build for app store or ad hoc distribution?

Is it e.g. possibly to access the code signature and get the information from there? Or are there certain files present in one of variants that don't exist in the other ones? Is part of the bundle info? Or can it be derived from the executable file?

Any hints are appreciated.

---

It seems that the embedded.mobileprovision file is in ASN.1 format.

解决方案

The easiest way to check is to look at embedded.mobileprovision ([[NSBundle mainBundle] pathForResource:@"embedded.mobileprovision" ofType:nil]):

• It's a bit of a pain to parse since it's a signed plist (PKCS#7 signed data, according to openssl asn1parse -inform der), but a bad hack is to just look for <plist and </plist>.
• Development contains UDIDs and <key>get-task-allow</key><true/>
• Ad Hoc distribution contains UDIDs (and get-task-allow=false)
• App Store distribution contains no UDIDs.

The other thing you can check is the entitlements embedded in the executable (otool -l lists it as LC_CODE_SIGNATURE). Parsing this is even more tedious (you need to parse the Mach-O header and load commands, and for "universal" binaries which are now the default, you'll need to check the currently-loaded architecture or all architectures).

• Development builds contain <key>get-task-allow</key><true/>
• Ad Hoc and App Store builds contain <key>get-task-allow</key><false/>

I don't think the entitlements distinguish between Ad Hoc and App Store builds.

Apart from those and the certificate it's signed with, there's no difference between Development/Ad Hoc/App Store apps (there are a few other things in the entitlements/provisioning profile, but nothing more reliable that I can think of).

Security considerations

Neither of these are that difficult to circumvent. For the first method, the app could just "swizzle" -[NSBundle pathForResource:ofType:]. The second method is a bit more difficult depending on what API you use to read the file.

这篇关于如何在运行时确定应用程序是用于开发，应用程序商店还是临时分发？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！