Opening up an .ipa file - Piracy - ios

How easy is it to open up an app submitted to Apple's store?
I'm going to submit a new app to the store soon, and want to protect the app file from being opened up to the source-code. So for instance, if I were to download my own app, how easy would it be to pull out all the .h and .m files and recreate it in Xcode?
Does Apple encrypt it somehow?
What steps can I take to mitigate the code being viewed?
EDIT: Allow me to rephrase the question a little better - can I take decompiled code and make it human-readable?

An IPA is just a zip. But you don't even need to access the IPA.
Just get iExplorer and access all available assets of your installed apps from your Mac.
The m files however build a compiled binary and can not be read (if you consider de-compiled code as not readable, as I do)

Adding on the answer, it is possible to decompile the binary, but the only thing that would be directly removable from the binary itself would be the headers (or to my knowledge of what I've seen). Then the application would be reverse engineered from there. That would probably be the only thing I'd be worried about when it comes to people stealing my code.

Related

How to decompile iOS apps?

I want to see the code of an iOS app.
The app I downloaded is .deb.
First question: Is it possible to install .deb file on iOS or I downloaded a wrong file?
After unpacking the .deb file, I got some files, including .nib, .storyboard and some other files.
My main question is, How to decompile these .nib files?
I tried to decompile these files using NibToXibConverter, but I didn't succeed.
Answer to your first question:
I think you downloaded the wrong file. .deb files for iOS are common for jailbreak community and not for apps, I think all of the Cydia stuffs are packed into .deb's. If your app is especially made for the jailbreak scene then you may try to install it using Cydia's auto install feature on a jailbroken device.
Answer to your main question:
This is general info about decompiling and modifying iOS apps (not specific for nibs, but you may still find it useful).
iOS apps are distibuted in .ipa archives, which are ordinary zip archives. They contain, usually one executable in the form of Mach-O file, and resources like .plist, sounds, images - every resource you include in your xcode project. Decompiling the executable file is only possible on jailbroken iDevice, because it is encrypted especially for the current device and the magic key to decrypt the binary is burned inside the device CPU and as far as I know there is no software way to read that key. The encryption system here is called FairPlay.
Briefly described, one way to decrypt that binary is to have the app installed on a jailbroken device, and launch it from command line using a debugger (gdb) which you can download from Cydia. You have to set a breakpoint somewhere, and when your code execution pauses at the breakpoint, you are doing a memory dump of the device ram - and that is your decrypted bin.
So when you have the decrypted binary, you can run one tool called "class-dump", and get the information for declared classes and their methods if the app is written in Objective C. Once you know this information you can alter the implementation of given method from some class used in your app using "Cydia Subtstrate" a.k.a "Mobile Substrate". In fact that is the way all of the jailbroken iOS tweaks are made. Basically you are hooking a method call, and when that method get invoked, it uses your implementation. Furthermore your implementation can call the original implementation, and that is really useful if you want to make some small code addition.
I am not sure whether those things possible in Swift, but if you are dealing with a Hybrid app like the ones done with cordova, phonegap, etc., then you can see all of its javascript source because it is persisted as a resource inside the "ipa" file. In addition you can alter that javascript code directly if you have a jailbroken device and find where the app is installed on file system (usually /var/containers/Bundle/Application/uuid_for_your_app/). However, I think there is no way to get that patched version and redistribute it (correct me if I'm wrong).

What are an iOS app's Compiled/Build Files?

I am delivering an iOS app for a client and they are asking for the compiled/build files for the app and not the source code or an exported .ipa. I am wondering what compiled/build files are.
Is it just the .app that is created in /products whenever I build my app or something else that I need to do? I believe they are after these files so they can sign the app with their own production provisioning profile and to create a .ipa themselves.
What is an iOS app's compiled/build files and if it is just the .app how it differs from an exported .ipa?
Although vague, it's also possible they're looking for an Xcode Archive. This includes the compiled .app file as well as symbol information. You can build an archive to seed an application for testing or to validate and submit an application to iTunes Connect. If they want to submit or distribute the app without the source code, this is how you would do it.
"Building" is a fairly general term, and it can refer to anything that is needed to go from editable source material (source code, scripts, raw data files, etc.) to a shippable software product. Building can (and usually does) involve several steps, such as pre-processing, compiling, linking, converting data files, running automated tests, packaging, etc.
"Compiling" is more specific, and almost invariably refers to a process that takes source code as its input, and outputs something runnable, typically machine code for either a physical or virtual machine, or source code in a different language.
I bet they are wanting the .app. Unfortunately, since they are being relatively vague with their request, I think you should confirm this with them. I wouldn't feel uncomfortable asking, because their terminology is not some universally accepted way of refering to some method of building iOS applications. Or, if you can find out what they plan to do with the compiled binary, that might help understand what they need.
FYI, here's a brief description of the difference between a .app or .ipa.

Steps to develop an iOS app to open PSL files?

In this project I've to develop an iOS application which reads the .psl files and arranges the data in the relevant section. For eg: the inbox messages from the psl file into the app's inbox folder and so on.
Can anyone guide me regarding the steps? And how would my project proceed also tell the workflow of this whole process.
The first thing you're going to have to tackle is to figure out how to get the file onto the phone. If you're getting it from the web; you could register as a sharable-target for that file type, or you could potentially integrate the DropBox api or something similar.
Once you have the file; you'll have to develop something to parse the file and use it as a datafile. Depending on the size and complexity of the file there will be different possible approaches to this, and you'll need to figure out what's going to be performant for you.
Then you'll build view controllers that leverage your model and make awesome things happen on the phone.
Your question is extremely general; so this is a very general answer. To me; the immediate critical questions are: how to get the file to the phone; and how to read the file format without loading the whole thing into RAM at one time?

Isaac Wasserman: How can look at all of the source code for an iOS app?

[3/16/15, 7:38:28 PM] Isaac Wasserman: I want to make an app that uses similar mechanics to Madden mobile. I want to look at the code using Xcode, but it doesn’t seem like I can read it if it’s not a project. It contains .viv files.
You can't get the code from the app, the app is a compiled binary. On top of that it is encrypted so even getting the binary is difficult.
Even if you could that would be stealing unless you had explicit permission.
If you have connections with the developer they might give you the source, but that's about it. You can always take notes on what the app does that you want to replicate and then come up with your own solution to accomplish it.

Files security in XCode project

I am trying to build an iOS application which has a PDF file emdebbed in it, and I don’t want the user to access or find it by unpacking the IPA file. I found that if I UNCHECK the “Add to Target” check box (when I drag and drop the PDF file into my project), the PDF file will be hidden and no one can see it after showing the IPA contents.
My question is, should I be worry from this case, in another word, if I unchecked this option, will I face any issue in publishing my application or in deploying/supporting any of my targeted devices, or should I be worry from any issue may face the users in reading this PDF through my application?
I did some research regarding this point, but I couldn’t find any good or clear answer, I appreciate any help in this.
If you uncheck the "Add to target" button it means that the .pdf file will not be packed to the .ipa file and it will not be accessible at all when someone downloads your app. So this is definitely not an option for what you want to achieve. It is better to encrypt the pdf file and decrypt it on runtime if you dont want it to be accessed when someone unpacks the .ipa file.
How important is your security? You could just zip it, then name the file something other than "*.zip".
However that would not stop someone who was determined. You would be advised then to use real encryption.
But even that would not stop a truly-determined attacker, who might use a jailbroken device to capture your PDF while it was loaded in your program's memory.
You can make it difficult to get at your PDF, but if you can get at it from your App, then I myself could get at it if I downloaded your app to my device.

Resources