iOS protection mechanisms

  • 4,058 views
Uploaded on

iOS protection mechanisms @ IT-Jam 2011, Odessa

iOS protection mechanisms @ IT-Jam 2011, Odessa

More in: Technology
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
4,058
On Slideshare
0
From Embeds
0
Number of Embeds
3

Actions

Shares
Downloads
30
Comments
0
Likes
4

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide

Transcript

  • 1. iOS protection mechanisms
    Max Bazaliy
  • 2. Max Bazaliy
    • Position: iOS developer atMagento
    Experience:
    • Solutions to prevent reverse engineering and code analysis
    • 3. iOS development
    • 4. maxim.bazalii@magento.com
  • Statistics
    • 200 million iOS devices
    • 5. 225 million iTunes Store accounts
    • 6. 425,000 apps in the app store
    • 7. Apple has paid $2.5 billion to developers
    IT-Jam 2011
  • 8. FairPlay DRM
    • Account
    • 9. Buying process
    Master key
    User key
    AES
  • 10. How to crack FairPlay DRM ?
    • Preparatory process
    • 11. Information gathering
    • 12. “Victim” launch
    • 13. Memory dump
    • 14. Replace encrypted data
    • 15. Resign app
  • FairPlay DRM auto unpackers
  • 16. Sad news
    • One-click cracking tools
    • 17. 10% of all devices are jailbroken
    • 18. 80% of jailbroken devices use pirated applications
    • 19. Industry losses over $450 million a year
  • Any solution ?
  • 20. Anti-cracking techniques
    • Anti-debug
    • 21. ptrace trick
    • 22. trace detection trick
    • 23. String protection
    • 24. Obfuscate important strings
    • 25. Generate encoding table for every application
    • 26. Resource protection
    • 27. Encrypt important resources
  • How to detect cracked app ?
    • App encryption check
    • 28. Check cryptid in LC_ENCRYPTION_INFO
    • 29. File size and date check
    • 30. Check mainbinary, info.plist and PkgInfodate
    • 31. Info.plistsizecheck
    • 32. Jailbreak detection
    • 33. Systemdirectory access check
  • Mobile platform protection
    • Trigger system
    • 34. Use in app mechanics
    • 35. Triggers are hard to detect
    • 36. Limit functionality
    • 37. Code protection
    • 38. Obfuscation
    • 39. Virtual machines
  • Resume
    • FairPlay DRM
    • 40. Bypassing FairPlay DRM
    • 41. Anti-cracking techniques
    • 42. Trigger system & Code protection
  • Questions ?
    • maxim.bazalii@magento.com