How to protect iOS Application from attackers using iXGuard - ios

Code obfuscation Process is there in Android Using DexGuard like that they are newly introduce iXGuard. Can any one know how to implement iXGuard in iOS project.

To protect an application with iXGuard you'll need to run ixguard-install from the terminal in the root of your Xcode project. It will update the project file and add a new iXGuard build phase, which calls the iXGuard binary as part of building your app. You'll also need to create a ixguard.yml configuration file to enable the different features.
For more information you can check the manual which is located (after installation) in /Library/iXGuard/documentation/
(I'm one of the developers of iXGuard)

Here is a small post be me - Getting Started with iXGuard — an obfuscation & app shrinking tool.
In this Tutorial, you’ll learn how to implement iXGuard in iOS project and how to strip down your app size by making use of iXGuard — an app shrinking and obfuscation tool.
This is a step by step process tutorial for installing iXGuard. Let me know of any issues. I have briefly explained the process below.
It is not possible to write or explain the whole tutorial with images in the stackoveflow answer so a link is provided.
Installing iXGuard
Install iXGuard for your version of Xcode using the standard procedure of installing a package file.
Create an IPA (based on Xcode 10.1)
Create a file for distribution with Product -> Archive in Xcode
2) Select the archive created in Organizer and select Distribute App.
3) Select iOS App Store then Next
4) Select Export and click Next.
5) Include bitcode for iOS content and Upload your app’s symbols to receive symbolicated reports from Apple After checking the items click Next
6) After setting the certificate related settings, export and save
Create ixguard.yml
a. The file may be different for each app. For details, please refer to the Configuration page of iXGuard.
b. From the folder where the exported ipa file is located to the terminal
ixguard.yml -o [Obfuscated IPA file name] [Generated IPA file name]
When you input the command, ixguard.yml default file is created.
Sample — ixguard.yml (This may vary from Project to Project
Apply iXGuard
From the folder where the exported ipa file is located to the terminal ixguard. Please enter the following command in the terminal.
config ixguard.yml -o [After obfuscation IPA] [File name] [Generated IPA file name] to apply iXGuard.
If there are no error’s in the operation, an obfuscated ipa file is created.
In the case of [warning] of the log in the terminal, the solution for each case is the same as that of the iXGuard manual
On the Troubleshooting -> Runtime Issues page. — Note: Appearance
Note: Result screen
Test your app
Test the function of the app by using methods such as TestFlight on the actual device.
In particular, tokens, authentication keys, etc. are required for logic-oriented testing.
Obfuscation verification
This part has been verified using the MachOView tool.
1) Perform step 2 to create an ipa file. Include bitcode for iOS content check
- Release and create two obsolete ipa and two ipa files that are not obfuscated.
2) Change the extension of the corresponding ipa file to zip and unzip it.
3) There is a Payload folder in the unpacked folder, and check the application file with the app name in it.
4) Right-click on the application and select View Package.
5) Copy the executable file with the name of the app in the package and extract it to an arbitrary directory.
6) Open the executable extracted before obfuscation and executable extracted after obfuscation with MachOView app,
Check the name of the debris and confirm that obfuscation is applied.
Image for reference in tutorial. (Above: prior to obfuscation, below: after obfuscation)
Finally , deploy the app in the App Store –
Xcode -> Open Developer Tool -> Application Loader.

Related

How to download and install iXGuard for iOS apps?

There is no any document for working with iXGuard.
How to download?
How to install?
How to working with it?
I have searched in website but not find any guid.
https://www.guardsquare.com/en/blog/ixguard-30-released
You need to request your quotation first before start using iXGuard, after you enroll they will give you access to guardsquare dashboard, And you can download iXGuard package (Documentation include on package)
Here is a small post be me - Getting Started with iXGuard — an obfuscation & app shrinking tool.
In this Tutorial, you’ll learn how to implement iXGuard in iOS project and how to strip down your app size by making use of iXGuard — an app shrinking and obfuscation tool. This is a step by step process tutorial for installing iXGuard. Let me know of any issues. I have briefly explained the process below.
It is not possible to write or explain the whole tutorial with images in the stackoveflow answer so a link is provided.
Installing iXGuard
Install iXGuard for your version of Xcode using the standard procedure of installing a package file.
Create an IPA using Xcode
1) Create a file for distribution with Product -> Archive in Xcode
2) Select the archive created in Organizer and select Distribute App.
3) Select iOS App Store then Next
4) Select Export and click Next.
5) Include bitcode for iOS content and Upload your app’s symbols to receive symbolicated reports from Apple After checking the items click Next
6) After setting the certificate related settings, export and save
Create ixguard.yml
a. The file may be different for each app. For details, please refer to the Configuration page of iXGuard.
b. From the folder where the exported ipa file is located to the terminal
ixguard.yml -o [Obfuscated IPA file name] [Generated IPA file name]
When you input the command, ixguard.yml default file is created.
Sample — ixguard.yml (This may vary from Project to Project
Apply iXGuard From the folder where the exported ipa file is located to the terminal ixguard. Please enter the following command in the terminal. config ixguard.yml -o [After obfuscation IPA] [File name] [Generated IPA file name] to apply iXGuard.
If there are no error’s in the operation, an obfuscated ipa file is created.
In the case of [warning] of the log in the terminal, the solution for each case is the same as that of the iXGuard manual
On the Troubleshooting -> Runtime Issues page. — Note: Appearance
Note: Result screen
Test your app
Test the function of the app by using methods such as TestFlight on the actual device.
In particular, tokens, authentication keys, etc. are required for logic-oriented testing.
Obfuscation verification
This part has been verified using the MachOView tool.
1) Perform step 2 to create an ipa file. Include bitcode for iOS content check - Release and create two obsolete ipa and two ipa files that are not obfuscated.
2) Change the extension of the corresponding ipa file to zip and unzip it.
3) There is a Payload folder in the unpacked folder, and check the application file with the app name in it.
4) Right-click on the application and select View Package.
5) Copy the executable file with the name of the app in the package and extract it to an arbitrary directory.
6) Open the executable extracted before obfuscation and executable extracted after obfuscation with MachOView app,
Check the name of the debris and confirm that obfuscation is applied.
Image for reference in tutorial. (Above: prior to obfuscation, below: after obfuscation)
Finally , deploy the app in the App Store –
Xcode -> Open Developer Tool -> Application Loader.
Application Loader is not available now. You can use Transporter app which is available in Mac app store.

How do I install the XCUITest runner app and ipa on a real device and get the results?

How do I install the XCUITest runner app and ipa on a real device and get the results?
I have a runner.app that was generated by building it for testing, and a deployed/signed .ipa.
Now what I would like to happen is to have it installed on a real device, execute it, and get the device log.
You can use bundleId :
let app = XCUIApplication(bundleIdentifier: "yourapp.bundle.id")
You can try to use:
xcodebuild test-without-building -xctestrun somepath/YourAppName_iphoneos14.4-arm64.xctestrun -destination 'platform=iOS, id=some_id'
I moved YourAppName_iphoneos14.4-arm64.xctestrun, YourAppName.app,
YourAppNameUITests-Runner.app to some local folder from a regular Library/Developer/etc.. build folder. Then I opened *.xctestrun file, which is an xml file, and modified paths to my local folder manually.
I couldn't find any official information about it but it seems like the *.xctestrun file is used by xcodebuild in order to find all relevant artefacts i.e both app folders. I would guess that's how they manage to run tests just with app's or ipa's without source code on various clouds...
PS. The question was about IPA, but it's convertible to the app, right? At least there is a thread - How to convert .ipa to .app file?
Edited with answer...
It is possible to achieve this. In order to build an ipa of the UI Testing app bundle you can follow these steps:
Open your project containing in Xcode.
Select the device you'd like to build the ipa for next to the scheme. This can be an actual device or a simulator.
Product > Build For > Testing
Find [your_ui_test_bundle_name].app file in Derived Data.
Derived data by default is located at ~/Library/Developer/Xcode/DerivedData/
To locate this file, dive into DerivedData for your project, navigating to Build > Products and then the respective directory based on what you chose in step 2. If you chose a simulator, look in -iphonesimulator/ or if you chose a device look in -iphoneos/. The UI test bundle .app file should be in that directory.
Create a directory named Payload case sensitive and it must be named this.
Move the .app file into the Payload directory.
Compress the Payload directory.
Rename the compressed directory to have a file extension of .ipa. You'll be prompted and select Keep .ipa.
Now you have you UI test bundle application saved as an ipa. You can also upload this ipa to a device manually in Xcode via the following process (bonus info, yay!)
Window > Devices and Simulators
Select your connected device.
Tap the + button under Installed Apps.
Navigate to and select your UI test .ipa file that you compressed previously.
It should install onto the device.
Credit where it is due: https://medium.com/ios-os-x-development/how-to-run-your-iphone-test-on-aws-device-farm-98f18086811e

How to link a custom framework or library against an iOS executable/binary file?

First of all, this is for enterprise ad-hoc apps, not for submitting to the app store.
I have created a framework(could also be a static library) that contains some categories. I would like to use some command line tool to link this against an executable file in an ipa file. Create a combined/modified executable file. Then re-sign and package the app to modify some of its behavior. Is this possible? The bottom line is, sometimes I don't have the source code and can't build this in xcode. All I have is an ipa file.
My thought is to tell the dynamic linker to load it(DYLD_INSERT_LIBRARIES) but I don't know the exact command. Can someone provide me some details?

Is it possible to disassemble & reassemble an iOS IPA file from the command line?

I've got an issue with how PhoneGap:Build is currently building iOS applications: splash screens are duplicated, greatly increasing the compiled file size of my applications.
Previously they had an issue wherein they were copying the wrong icon into the Android XHDPI icon folder for Android builds, and I was able to write a script that automated fixing this bug post-build since they seemed to show no interest in fixing the bug (almost a year now since the original bug report & while it seems it might be fixed presently, they haven't commented lately).
I know that I can rename an IPA to a ZIP, unzip it, and browse its contents. I could automate the following steps easily:
Rename
Unzip
Find & remove originals for splash screen images via config.xml file
Re-zip (& rename?)
...But I'm not sure where I'd have to go from there. I've found a few threads that discuss using Xcode to run different utilities, perform signing, etc; but they all seem to assume you've got an xcode project locally, which I don't. (I use PhoneGap & PhoneGap:Build specifically to avoid those headaches.)
I'll have access to all of the same key files that are uploaded to PhoneGap:Build for the original signing process, and I know all of the necessary passwords. I have Xcode installed (just not a local xcode project)...
Is it possible to re-assemble a "fixed" zip into a signed IPA for dev/release distribution using command line utilities & without creating a local Xcode project? If so, how?
Yes, this is possible.
You can export an IPA, unzip it, delete the duplicate file (assuming your code doesn't reference it), then re-sign the app and zip the IPA back up.
You'll find examples on how to use the commandline tool "codesign" to resign a .app directory on stackoverflow!

Why does xcode archive succeed but create an empty .xcarchive file?

Background
I have an application I'm trying to archive and submit to the app store for approval. Part of the process requires the archive to be prepared and loaded using application loader. I used product-> archive and it prompts archive succeeded but it does not appear on the Organizer -> Archive tab.
Detail of Project build
1 app target, "AppName"
1 static library, cocos2d libraries (cocos2d v0.99.5-rc1)
Xcode Version 4.0.2
First steps
Setting "Skip Install" to "No":
Project
AppName target
cocos2d libraries
Setting skip install on the three allows me the archive to be built and show up(non-empty xcarchive) on the organizer. However, when I try to validate, it'll prompt:
"AppName" does not contain a single–bundle application or contains multiple products. Please select another archive, or adjust your scheme to create a single–bundle application.
I checked that the archive package contents include the cocos2d libraries within a directory "Products". According to some posts and the cocos2d forum, we're not supposed to submit that as part of the binary for approval.
Steps taken to the Zero KB .xcarchive
Since the static cocos2d libraries library should not to be included, I've changed the cocos2d libraries target to have skip install: "Yes". Now, if I archive the project it prompts build succeeded but it creates an empty .xcarchive file that cannot be seen on the organizer->archives tab.
I have the solution to my problem and if anyone else is facing the same problem here are the steps i took to fix the problem.
cocos2d library
-Set the skip install to YES for all configurations in your cocos2d library.
-Set the code signing identity to Don't code sign for all configurations. Static libraries are not code signed.
-Update the installation directory to /usr/local/lib.
app library
-Update the installation build products location to /tmp/$(PROJECT_NAME).dst
-Update the installation directory to $(LOCAL_APPS_DIR) (/Applications).
-Update the code signing identity section.
What worked for me was to delete the lines SKIP_INSTALL = YES; from the various *.pbxproj files.
Hat tip to this blog. (No instances of INSTALL_PATH found in our files.)

Resources