You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think you've done a great job creating an easy-to-use class to add simple jailbreak and piracy checks to every developer's application. But I think your checks are mostly useless. Here's why:
SignerIdentity checks have been useless after iOS 3.0. SignerIdentity is no longer a default key in the info.plist. - Consider removing
Checking for the existence of the _CodeSignature and ResourceRule.plist is great, but most cracking methods nowadays no longer remove the file, they just delete the important entries/clear the file of all contents. - In the future, make sure that the file still contains something in it, or that it's formatted correctly
Checking the modified dates of the plist and executable and comparing them can sometimes be dead wrong. When compiling, the files can often be created at differing times (i.e. 11:59 and another at 12:00) - comparing them is often a bad idea, you may be better off checking if the dates are within a certain range rather than exactly the same
Checking for the existence of cydia and other jailbreak application files is the right move, but your obfuscation method is not. This will still show up in a hex editor clear as day. - Use a cypher or #define them
Other than that, here are some nitpicks of mine:
Don't just #ifdef the simulator, also check that we're not catching debug users or i386 users.
Check for more jailbreak files and use the permissions approach (increment checks to see if a certain threshold is reached)
Many cracking tools will block or prevent your app from writing to system files or checking your application files, check that you can still, at least, write to your own documents directory and use NSFileManager to verify what you know should already exist and not exist (basically, double check the validity of NSFileManager)
Use static inline functions! The clearly labeled objective-c function is wide open for attack.
If you fix these bugs, add better protection and obscurity, and you can research new methods of protection, this class will be invaluable. For now, it's dangerous at best. Please consider changing and helping other people protect their projects.
Thanks,
Shmoopi
The text was updated successfully, but these errors were encountered:
Hello,
I think you've done a great job creating an easy-to-use class to add simple jailbreak and piracy checks to every developer's application. But I think your checks are mostly useless. Here's why:
Other than that, here are some nitpicks of mine:
If you fix these bugs, add better protection and obscurity, and you can research new methods of protection, this class will be invaluable. For now, it's dangerous at best. Please consider changing and helping other people protect their projects.
Thanks,
Shmoopi
The text was updated successfully, but these errors were encountered: