I would like to encrypt a plist file at building time (XCode) and then decrypt it at running time when launching the app. As you can see, the purpose is to encrypt the entire plist file, and not just some text inside it.
I've tried to encrypt this file with a run script and OpenSSL, and decrypt it with RNCryptor for Swift, but I couldn't find a good result.
On the other hand, I've seen some posts talking about OpenSSL vs new Mac OS, and maybe this command is not good enough to encrypt due it's deprecated.
Please any idea about it?
Thanks!!
Related
I am using few third party libraries for which I need to store the license keys somewhere globally (So that it's easy to update, when needed) inside the app.
As of now, I'm having a Plist file in Resources bundle which has all the license keys in Dictionary format. This is working fine as I expected because I can access Plist file from all the source files.
But, when it comes security, is this a good approach? I was just trying to rename the .IPA file to .zip and unzip the same. The entire Plist file becomes accessible to others.
So, I was thinking this might be a better approach to store the license keys in Objective-C source files using extern static (to make it globally available).
Can anyone please suggest me on this. Please let me know if I missed something.
Your 2 options are about the same, it would take an extra XX minutes to pull the keys out of the code if they were static strings. It does take a little more knowledge but most normal people wouldn't generally know how to unzip the app I guess...
A simple option is to keep the same storage, either way, but to store obfuscated keys and have a piece of code that you use to unpack and restore the keys.
There are also some libraries that you can use to store obfuscated keys and return the originals, but, as libraries become more popular it gets easier for people to guess what kind of obfuscation is used and therefore discover the truth... You're just trying to make it a bit more difficult and less obvious what your keys are and what they're for.
How easy is it to open up an app submitted to Apple's store?
I'm going to submit a new app to the store soon, and want to protect the app file from being opened up to the source-code. So for instance, if I were to download my own app, how easy would it be to pull out all the .h and .m files and recreate it in Xcode?
Does Apple encrypt it somehow?
What steps can I take to mitigate the code being viewed?
EDIT: Allow me to rephrase the question a little better - can I take decompiled code and make it human-readable?
An IPA is just a zip. But you don't even need to access the IPA.
Just get iExplorer and access all available assets of your installed apps from your Mac.
The m files however build a compiled binary and can not be read (if you consider de-compiled code as not readable, as I do)
Adding on the answer, it is possible to decompile the binary, but the only thing that would be directly removable from the binary itself would be the headers (or to my knowledge of what I've seen). Then the application would be reverse engineered from there. That would probably be the only thing I'd be worried about when it comes to people stealing my code.
What's the easiest way to zip and encrypt a file with AES (128 or 256) in a Rails app, so that the zip archive can be opened with WinZip?
Requirements:
Zip archive can be opened by WinZip (so no 7-zip)
Zip archive is encrypted with AES-128 or AES-256 (which WinZip supports)
Gems:
Rubyzip: doesn't support encryption
Zipruby: supports only the traditional/legacy non-AES encryption which is significantly less secure.
Any advice on what I can do here?
Thanks!
Are commercial products out of the question? Chilkat Ruby Zip appears to support WinZip AES. The example code looks pretty temptingly easy.
There also appears to be a Java library available. If you're running in JRuby... Or if you feel like porting!
Though we can add a pass in the pass application in iOS 6.0 programmatically given we have .pkpass file in our document directory or we get it from the server. But i have searched all the apple documentation in which steps are given to generate the .pkpass file manually.
Is this feasible to create a .pkpass file programmatically using Xcode.
The .pkpass file is composed of several components. The most difficult component that must be done programmatically is the signature of the manifest file. The other parts are trivial to assemble on the iPhone platform programmatically. You may note that Apple's documentation uses a shell command to compute this value using the OpenSSL library. I had to manually write a function that signed the manifest files using the OpenSSL C library, however it is not trivial due to a lack of examples and the complexity of the library. The signing function selected by Apple for the manifest is not present in their CommonCrypto framework.
Also, in order to sign these passes on the phone, the credentials must be present in the binary's bundle or compiled assets which is probably not a good idea to distribute if you would like to protect the integrity of your profile and signing identities.
So in summary: This is certainly possible, and is doable using the existing specifications and libraries. However, I would not recommend doing this on the phone. It is fairly difficult, and may introduce security risks if not done properly. Additionally, if you incorporate the OpenSSL library in your binary then you must report to Apple that you incorporate encryption in your device and must register for an ERN with the government. There may also be other export conditions on your code depending on your locality (but of course I am not a lawyer so this is a guess).
Is there anyway to programmatically get a list of iOS apps from iTunes?
AppleScript does not seem able to do this.
The only way I can think of is looking in the 'iTunes Media/Mobile Applications' folder. But this way a lose all metadata.
Any suggestions to get list of iOS apps including the metadata?
Thanks
I now actually went with the solution to scan the 'Mobile Applications' folder.
In order to get the metadata I had to do the following:
the *.ipa are simply archives
unzip/extract the 'iTunesMetadata.plist' inside
parse the plist
voila you got all metadata
This whole process is actually pretty straightforward in python as your already have both zipfile and plistlib.
One thing to lookout for though is that plistlib in python can not handle the new binary plist files. So you first have to convert them to their corresponding xml format. (only some *.ipa seem to be in binary form).
This can be done quite easily with the following line of code:
os.system("/usr/bin/plutil -convert xml1 %s" % file_name )
Now the only thing I still have to figure out is how to get the currently installed apps on the device...