ios Static Library - how obfuscate directly? - ios

I have an application Unity that uses the iOS static library. Then this application Unity is build in XCode. I found several utilities that allow you to obfuscate the library in the application. for example this - PPiOS-Rename.
I carefully read their documentation "Obfuscate Static Libraries", but at the time of building, the iOS static library are already "hidden in the root" of the Unity app, and XCode cannot obfuscate this.
So I need to first obfuscate the library and then add it to the application. or is it not possible?

In my understanding of the documentation PPiOS-Rename stays an external tool, just the files *.plist can be added into the releases, for being able to use the tool on the compiled releases.
I might be completely wrong about it, especially as without iOS I can't test it, but I'd check if my statement is right and if you can omit the step to include the library in your compiled releases.
About handling of *.plist files, follow the instructions on the linked page, I'm not sure if you have one or more in the end. As it doesn't seem relevant to the core of your question, I never verified it deeper.

Related

When to use dynamic linking library in iOS ? And what is advantage of using dynamic library in iOS?

I feel weird about difference between advantage of dynamic linking library in Window or Linux and iOS.
⬇️ sentences below are to prove why I feel weird.
I learned that library can divided into static library and dynamic library
Advantage of using dynamic library is allow other application to use same dynamic library ( in Window, .dll file) so that each of application memory usage can be reduce and it can be easiar to redistribute dynamic library rather than to redistribute application.
Actually I could have experienced "there is no XXX.dll file" in using some applications
And in Xcode, when to create new project, we can choice framework and static library in framework & library.
And after creating project, we can choice how to being what Mach-O Type is like "Executable, Dynamic Library, Static Library" etc..
So, I think that if I choice Mach-O type with Dynamic Library, the project will be compiled using dynamic linking library in linking way.
⬇️ I really wonder about.
But like in Window, Could iOS user downloads .so file in their iPhone in order to work normally app or update dynamic library?
Could others app launched in iPhone use same dynamic library ?
Because I could't experience about that.
If it(1,2) can't be, why to use dynamic library even we couldn't get actual advantage of using dynamic library like in Window or Linux ?
Your understanding of dynamic and static libraries is correct.
Static Linking
The compiled source code (object code, the .o files) and the compiled library code are combined into a single executable [1]
Dynamic Linking
The compiled source code (object code) and the library code are not combined together. The references to the dynamically linked library are resolved at runtime while the app launches or while running (the second part is not applicable in the case of iOS Apps) [1]
Q1
iOS borrows heavily from MacOS on how its applications work. Executables in both the OSes are Mach-O files. Now, on macOS dynamically linked libraries or dylibs are intended and designed to be updated without having to update the entire app. And by design, this is possible in iOS as well. What prevents this is Apple's guidelines restricting apps from downloading executable code from the internet. Any new update has to go through their review process. [2]
Q2
Yes, some dynamically linked libraries are shared across apps. However, they are created and updated by Apple through iOS updates. All Apple frameworks like UIKit, SceneKit, etc are examples of this. This is why these frameworks are weakly linked in Xcode with the option 'Do Not Embed'
Q3
Using your own dylibs are not completely pointless. If you ship extensions in your app, then dylibs are an excellent option to share code between the app and extensions without increasing the binary size. In this case, the executables share the same library. [3]
[1] https://developer.apple.com/library/archive/documentation/DeveloperTools/Conceptual/DynamicLibraries/100-Articles/OverviewOfDynamicLibraries.html#//apple_ref/doc/uid/TP40001873-SW1
[2] https://developer.apple.com/app-store/review/guidelines/#app-completeness#2.5.2
[3] https://developer.apple.com/forums/thread/73802
[Vocabulary]
But like in Window, Could iOS user downloads .so file in their iPhone in order to work normally app or update dynamic library?
Dynamic library in iOS world is .dylib and they are updated along with OS updates. As an example Swift standard library[About] has a copy in every app before ABI OS stability[About]. But you cannot still download .dylib manually
Could others app launched in iPhone use same dynamic library ?
Of course. For example core libraries(runtime(Objective-C, Swift), Foundation)... distributed as dynamic libraries to share binaries through different applications and processes(IPC)
If it(1,2) can't be, why to use dynamic library even we couldn't get actual advantage of using dynamic library like in Window or Linux ?
You are able to create a dynamic framework with dynamic library inside(from iOS v8) which can be used for extensions(share some code inside different application)

How can frameworks used by a static library be automatically imported on iOS?

My company makes a static library for iOS apps. One annoying step for developers is that they have to manually link against all the required frameworks that the library uses, and failing to do so leads to somewhat confusing compiler errors.
I would have previously thought this wasn't possible, but the company Chartboost claims to automatically link against non-default frameworks like AdSupport and StoreKit. Based on my testing in their sample app (available from the linked page), so far this appears to be the case (Even when disabling "Enable Modules" and "Link Frameworks Automatically" in the app that links against the static library).
Is there some way to enable this feature when creating a static library? I've tried enabling modules and the "Link Frameworks Automatically" LLVM options in Xcode, but so far haven't been able to get it working.
There's a piece of code called CBDynamicallyLoadedDependencies that calls dlopen() on the appropriate system library before making the function or method call.
My original answer wasn't correct. the dlopen() call is just in the x86 code. On the device, it's something different, but my ARM assembly isn't strong enough to figure it out. All I can say is that there's a piece of code that's acting as a trampoline to the desired functions and that references the system library files (like /System/Library/Frameworks/AdSupport.framework/AdSupport).
But the point is that it's not a simple project trick that makes it work normally. There's internal code involved.
They might use modules you mentioned and #import instead of #import, which should make the libraries link automatically.
For reference, check this question.
This might not be what you're looking for, but if you don't yet support Cocoapods, I would strongly advise taking a look:
http://cocoapods.org/
(Edit: Cocoapods is essentially linked to Xcode. Other IDEs will need another solution.)
You can advertise Cocoapods to developers as the "easy" way to work with your library, and the manual method as...well, the manual method. ;)
I'm not aware of any industry resistance to Cocoapods, so I don't see a downside to supporting it, and it does solve the problem you're talking about (albeit in a roundabout sort of way).
Also I've found Chartboost VERY developer-friendly. You might even reach out to them and ask.

Extract dyld_shared_cache on iOS7.1?

I was trying to get the header files from the ToneKit framework on iOS7.1, but I found that I cannot use class-dump because there are no executable files inside the framework. From what I have found after some research, it seems as if the actual executable file is inside the dyld_shared_cache on the device. After reading this article, it seems as if there are some tools to decrypt the cache, but since iOS 3, Apple has implemented ASLR which has made the decryption tools not work. How can I extract the Frameworks from inside the dyld_shared_cache on iOS7.1?
I am very new to jailbroken ios development so please bear with me.
If you're interested in how they got those headers then the answer is very simple - iOS SDK. SDK contains ARM binaries of public and private frameworks because they are required to compile iOS applications. Class-dump them and you will get headers you need. ToneKit.framework binary is also in there.
Usually you don't need dyld_shared_cache, almost everything you need is either in iOS SDK or on a device itself like SpringBoard, other system applications etc.
Of course there are rare cases when dyld_shared_cache is the only place you can find certain binaries as they are missing from both iOS SDK and device. In that case I use IDA. It has free demo version that can open dyld_shared_cache files - you can even open individual binaries inside it rather than dump everything. You just need to copy dyld_shared_cache on your PC.
I think Elias Limneos's classdump-dyld can help you. If not, check out RuntimeBrowser. Failing that, even, weak-classdump has proven to be a very useful runtime tool for me.

Why doesn't Xcode have an ios framework option?

I've seen project such as ios-universal-framework, but I want to know why XCode iOS does not natively support having a framework. Is it some kind of legal issue. The static library option is not good enough because I want to be able to use .dylib files in my framework.
A little background on what I want to do with a framework. I have a project that is generated from Unity3D, and when we update, we have to manually add back all of our project changes.
What I want is to use a framework that can store most of those external libraries and resources to make it easier to upgrade our project when updates are released.
From a security perspective no code is allowed to be dynamically loaded, thus only static libraries are allowed.
It is possible to create static psudo-frameworks. Take a look at GitHub iOS-Universal-Framework.
What you need is a PosprocessBuilder as described in the build pipeline described in the Unity3d Documentation.
You can manage the Xcode configurations in this pipeline using scripts like the Xcode Zerg.
I've used one python script written by a guy called Calvin Rien that worked really well, if you want to know more about this script this blog post should give you a hint.
What you really need to look for to you automate the these steps is to look for posts of Continuous Integration using Unity 3d and iOS like this one:
Unity3d: from commit to deployment onto tester devices in 20 min using Jenkins

Secure 3rd party dependencies on iOS

So on iOS Apple won't let you release an application that has a dynamic library (dylib). (Xcode won't compile it although there are workarounds, and the app store won't approve it.)
We have an SDK that we are currently moving from Windows to iOS. On Windows, we statically link all of our dependencies into one dll, so we only have to provide 1 file to anyone using the dll, so we don't have to publicly release all of the libraries that we are using and to keep the size of that file small, since any parts of those libraries that we aren't using get compiled out.
On iOS, since it's not possible to release an application that loads a dynamic library, we would be forced to ship a framework or something like that, which includes all of the libraries that we link against. The developer consuming our sdk would then compile our lib with all of its dependencies into their application.
This would let anyone using our SDK know what libraries we're using and would increase the size of our deliverable, since it would have to include full version of all the libraries we're linking against. (At least with a framework we would still only be providing 1 "file".)
Is there any way that Apple allows to avoid letting everyone know what libraries we're using?

Resources