Veracode, Debug Symbols, and XCode - ios

I'm attempting to have an iOS application scanned by Veracode: an application security platform. In order for them to scan an .IPA, the .IPA needs to contain debug symbols.
For the Archive build-configuration and project/target being used, I've specified:
Generate Debug Symbols : YES
Strip Debug Symbols During Copy : NO
Dead Code Stripping : NO
Symbols Hidden By Default : NO
Strip Linked Product : NO
Yet, Veracode still gives me the following error when submitting the .IPA:
Primary Files Compiled without Debug Symbols - 1 File
Is there another step I need to take to create debug symbols, perhaps wrt archiving?

I had the same issue. I was able to resolve it by following the veracode instructions below. It basically tells you to manually create archive package, move the .app and .app.sym folders to a new location and then rename the zip file to an ipa.
From Veracode Help Center:
"Because Xcode does not create .IPA packages that contain DSYM information, you must create the package yourself. Xcode dynamically creates a folder to contain the .app and .app.dsym files. There is no definite path to this folder, but you can search the folder after you build your application. To do this, open Xcode and click Products on the left side of the window. Right-click the .app file, and select Reveal in Finder, which takes you to the folder where the .app and .app.dsym files are located. Once you have located the DSYM information, you can package your compiled iOS application as follows:
Select the .app and .app.dSYM folders for your application.
Copy both folders into a folder called Payload. Note: the folder name
must be capitalized.
Create a zip archive containing the Payload
folder. You can do this on a Mac by selecting the Payload folder and
choosing Compress from the context menu, or by using the
zip-compatible archiving utility of your choice.
Change the extension of the resulting archive to .ipa.
Upload this archive to the Veracode application profile.
"

Related

How to download and install iXGuard for iOS apps?

There is no any document for working with iXGuard.
How to download?
How to install?
How to working with it?
I have searched in website but not find any guid.
https://www.guardsquare.com/en/blog/ixguard-30-released
You need to request your quotation first before start using iXGuard, after you enroll they will give you access to guardsquare dashboard, And you can download iXGuard package (Documentation include on package)
Here is a small post be me - Getting Started with iXGuard — an obfuscation & app shrinking tool.
In this Tutorial, you’ll learn how to implement iXGuard in iOS project and how to strip down your app size by making use of iXGuard — an app shrinking and obfuscation tool. This is a step by step process tutorial for installing iXGuard. Let me know of any issues. I have briefly explained the process below.
It is not possible to write or explain the whole tutorial with images in the stackoveflow answer so a link is provided.
Installing iXGuard
Install iXGuard for your version of Xcode using the standard procedure of installing a package file.
Create an IPA using Xcode
1) Create a file for distribution with Product -> Archive in Xcode
2) Select the archive created in Organizer and select Distribute App.
3) Select iOS App Store then Next
4) Select Export and click Next.
5) Include bitcode for iOS content and Upload your app’s symbols to receive symbolicated reports from Apple After checking the items click Next
6) After setting the certificate related settings, export and save
Create ixguard.yml
a. The file may be different for each app. For details, please refer to the Configuration page of iXGuard.
b. From the folder where the exported ipa file is located to the terminal
ixguard.yml -o [Obfuscated IPA file name] [Generated IPA file name]
When you input the command, ixguard.yml default file is created.
Sample — ixguard.yml (This may vary from Project to Project
Apply iXGuard From the folder where the exported ipa file is located to the terminal ixguard. Please enter the following command in the terminal. config ixguard.yml -o [After obfuscation IPA] [File name] [Generated IPA file name] to apply iXGuard.
If there are no error’s in the operation, an obfuscated ipa file is created.
In the case of [warning] of the log in the terminal, the solution for each case is the same as that of the iXGuard manual
On the Troubleshooting -> Runtime Issues page. — Note: Appearance
Note: Result screen
Test your app
Test the function of the app by using methods such as TestFlight on the actual device.
In particular, tokens, authentication keys, etc. are required for logic-oriented testing.
Obfuscation verification
This part has been verified using the MachOView tool.
1) Perform step 2 to create an ipa file. Include bitcode for iOS content check - Release and create two obsolete ipa and two ipa files that are not obfuscated.
2) Change the extension of the corresponding ipa file to zip and unzip it.
3) There is a Payload folder in the unpacked folder, and check the application file with the app name in it.
4) Right-click on the application and select View Package.
5) Copy the executable file with the name of the app in the package and extract it to an arbitrary directory.
6) Open the executable extracted before obfuscation and executable extracted after obfuscation with MachOView app,
Check the name of the debris and confirm that obfuscation is applied.
Image for reference in tutorial. (Above: prior to obfuscation, below: after obfuscation)
Finally , deploy the app in the App Store –
Xcode -> Open Developer Tool -> Application Loader.
Application Loader is not available now. You can use Transporter app which is available in Mac app store.

How do I install the XCUITest runner app and ipa on a real device and get the results?

How do I install the XCUITest runner app and ipa on a real device and get the results?
I have a runner.app that was generated by building it for testing, and a deployed/signed .ipa.
Now what I would like to happen is to have it installed on a real device, execute it, and get the device log.
You can use bundleId :
let app = XCUIApplication(bundleIdentifier: "yourapp.bundle.id")
You can try to use:
xcodebuild test-without-building -xctestrun somepath/YourAppName_iphoneos14.4-arm64.xctestrun -destination 'platform=iOS, id=some_id'
I moved YourAppName_iphoneos14.4-arm64.xctestrun, YourAppName.app,
YourAppNameUITests-Runner.app to some local folder from a regular Library/Developer/etc.. build folder. Then I opened *.xctestrun file, which is an xml file, and modified paths to my local folder manually.
I couldn't find any official information about it but it seems like the *.xctestrun file is used by xcodebuild in order to find all relevant artefacts i.e both app folders. I would guess that's how they manage to run tests just with app's or ipa's without source code on various clouds...
PS. The question was about IPA, but it's convertible to the app, right? At least there is a thread - How to convert .ipa to .app file?
Edited with answer...
It is possible to achieve this. In order to build an ipa of the UI Testing app bundle you can follow these steps:
Open your project containing in Xcode.
Select the device you'd like to build the ipa for next to the scheme. This can be an actual device or a simulator.
Product > Build For > Testing
Find [your_ui_test_bundle_name].app file in Derived Data.
Derived data by default is located at ~/Library/Developer/Xcode/DerivedData/
To locate this file, dive into DerivedData for your project, navigating to Build > Products and then the respective directory based on what you chose in step 2. If you chose a simulator, look in -iphonesimulator/ or if you chose a device look in -iphoneos/. The UI test bundle .app file should be in that directory.
Create a directory named Payload case sensitive and it must be named this.
Move the .app file into the Payload directory.
Compress the Payload directory.
Rename the compressed directory to have a file extension of .ipa. You'll be prompted and select Keep .ipa.
Now you have you UI test bundle application saved as an ipa. You can also upload this ipa to a device manually in Xcode via the following process (bonus info, yay!)
Window > Devices and Simulators
Select your connected device.
Tap the + button under Installed Apps.
Navigate to and select your UI test .ipa file that you compressed previously.
It should install onto the device.
Credit where it is due: https://medium.com/ios-os-x-development/how-to-run-your-iphone-test-on-aws-device-farm-98f18086811e

How to protect iOS Application from attackers using iXGuard

Code obfuscation Process is there in Android Using DexGuard like that they are newly introduce iXGuard. Can any one know how to implement iXGuard in iOS project.
To protect an application with iXGuard you'll need to run ixguard-install from the terminal in the root of your Xcode project. It will update the project file and add a new iXGuard build phase, which calls the iXGuard binary as part of building your app. You'll also need to create a ixguard.yml configuration file to enable the different features.
For more information you can check the manual which is located (after installation) in /Library/iXGuard/documentation/
(I'm one of the developers of iXGuard)
Here is a small post be me - Getting Started with iXGuard — an obfuscation & app shrinking tool.
In this Tutorial, you’ll learn how to implement iXGuard in iOS project and how to strip down your app size by making use of iXGuard — an app shrinking and obfuscation tool.
This is a step by step process tutorial for installing iXGuard. Let me know of any issues. I have briefly explained the process below.
It is not possible to write or explain the whole tutorial with images in the stackoveflow answer so a link is provided.
Installing iXGuard
Install iXGuard for your version of Xcode using the standard procedure of installing a package file.
Create an IPA (based on Xcode 10.1)
Create a file for distribution with Product -> Archive in Xcode
2) Select the archive created in Organizer and select Distribute App.
3) Select iOS App Store then Next
4) Select Export and click Next.
5) Include bitcode for iOS content and Upload your app’s symbols to receive symbolicated reports from Apple After checking the items click Next
6) After setting the certificate related settings, export and save
Create ixguard.yml
a. The file may be different for each app. For details, please refer to the Configuration page of iXGuard.
b. From the folder where the exported ipa file is located to the terminal
ixguard.yml -o [Obfuscated IPA file name] [Generated IPA file name]
When you input the command, ixguard.yml default file is created.
Sample — ixguard.yml (This may vary from Project to Project
Apply iXGuard
From the folder where the exported ipa file is located to the terminal ixguard. Please enter the following command in the terminal.
config ixguard.yml -o [After obfuscation IPA] [File name] [Generated IPA file name] to apply iXGuard.
If there are no error’s in the operation, an obfuscated ipa file is created.
In the case of [warning] of the log in the terminal, the solution for each case is the same as that of the iXGuard manual
On the Troubleshooting -> Runtime Issues page. — Note: Appearance
Note: Result screen
Test your app
Test the function of the app by using methods such as TestFlight on the actual device.
In particular, tokens, authentication keys, etc. are required for logic-oriented testing.
Obfuscation verification
This part has been verified using the MachOView tool.
1) Perform step 2 to create an ipa file. Include bitcode for iOS content check
- Release and create two obsolete ipa and two ipa files that are not obfuscated.
2) Change the extension of the corresponding ipa file to zip and unzip it.
3) There is a Payload folder in the unpacked folder, and check the application file with the app name in it.
4) Right-click on the application and select View Package.
5) Copy the executable file with the name of the app in the package and extract it to an arbitrary directory.
6) Open the executable extracted before obfuscation and executable extracted after obfuscation with MachOView app,
Check the name of the debris and confirm that obfuscation is applied.
Image for reference in tutorial. (Above: prior to obfuscation, below: after obfuscation)
Finally , deploy the app in the App Store –
Xcode -> Open Developer Tool -> Application Loader.

iOS app does not have a Build directory with .app in - for binary upload

I have an iOS app which I need to upload the binary of. From what I could find online, I have to ZIP the .app folder and upload that.
Problem is I cannot find my .app directory. In my other apps I do find it. But in this specific one, there is no Build directory whatsoever.
Must I set it in my Target or somewhere for it to create that folder?
(This is in Xcode 4.2)
Does the app appear in the Products folder for your project (should be at the bottom of the project file/folder list in the left column)? If it does, right click on the .app file and choose the Open in Finder option. Zip the Application file and you should be fine.
If this is an app that you can run on a device, choose Build > Archive. The Organizer window will open, and now you can select and "share" the archive.
Otherwise, open the Preferences window and, under Locations, click the arrow next to the Derived Data pathname. Your build folder is usually inside the derived data folder for this project.

iphone: Where the .dSYM file is located in crash report

According to this page here if you have proper application binary and .dSYM file then it is easy to symbolic them. But where are .dSYM and application binary files located?
Right Click on your archive -> Show in Finder -> Right click on file and click on Show package contents.
Here you will find your .dSYM file.
You can locate .dSYM and application binary file in archive.
Select Window -> Organizer
This will open up Organizer window containing last created Archive of project
Right click on Archive and select 'Show in Finder'
Select 'Show Package Content' for archive
Project.xcarchive contains dSYMs, Info.plist and Products
dSYMs folder contains dSYM file of your project.
Application folder in Project contains application binary of your project.
If you have archived your project, you can find the dSYM file as above.
If you have build you project for a real device, you can also find the dSYM file by the following way:
Go to Project Navigator, and find Products folder
Right click the app, and choose Show in Finder.
Make sure that the app is in black color, not red. Because red color means that you have not build the target for a real device.
You can find the dSYM file with the same name with your app, in the same folder.
Before all of these actions, make sure you have configured the xcode build settings right, as follows:
Generate Debug Symbols setting is enabled.
Debug Infomation Format are set to DWARF with dSYM File.
Hope this will help.
I found my .dsym file in /Users/<username>/Library/Developer/Xcode/DerivedData/<appname>/Build/Products/<appname>
If you removed archive from Xcode's Organizer like me, you can download dsym at the appstore. Select your app, select target version and go to Activity tab. Here you can download desired dsym.
In Xcode 5.1.1 you will find it under Xcode -> Preferences -> Locations -> DerivedData. Under DerivedData you will see a bunch of random directory names. Find the ones that starts with your project name. Then get the latest directory that was created for your project. Then under that directory go to Build/Products/<Your specific release>/*.app.dSYM.
You can even click on your end product under "Products" in project explorer and do a "Show in finder" to get there directly.
The .dSYM file should have been generated when you built your application. Look in your build product directory.
If you have the UUID you are looking for, you can search the files with the following command:
mdfind "com_apple_xcode_dsym_uuids == <UUID>"
It's simple. Please follow the steps here:
Open your project in Xcode, and select the project file in the Xcode Navigator.
Select your main build target from the Select a project or target dropdown.
Open the target's Build Settings tab.
Click All near the top of the tab.
Search for "debug information format".
Set Debug Information Format to DWARF with dSYM File.
Now go to Product > Archive > Your Build > right click on your build and click on Show in Finder. Now right click and go to Show Package Contents > dSYMs > Yourappname.app.dSYM_
If you haven't generated an archive and are trying to debug it on the device, dsym can be found at
/Library/Developer/Xcode/DerivedData/YOUR_APP/Build/Products/Debug-iphoneos
1.Select Window -> Organizer
2.Right click on Archive(your app name) and select 'Show in Finder'
3.Select 'Show Package Content' for archive
4.Right click on yourProject.xcarchive contains dSYMs, Info.plist and Products
5.select yourappname.app.dSYM
I just want to share something from my experience. Every time when I release a new version of my framework I save its dSYM in a separate folder. So, later I can find the relevant dSYM easily when I need it. It could be easily done by adding this line of code to the bash script in Build Settings (e.g. in this example I'm saving it to the desktop).
cp -r "${BUILD_DIR}/${CONFIGURATION}-iphoneos/${FRAMEWORK_NAME}.framework.dSYM" "${HOME}/Desktop/${FRAMEWORK_NAME}.framework.dSYM"
Just one more way to find them all, UUID as a bonus
mdfind -name .dSYM | while read -r line; do dwarfdump -u "$line"; done
If you want, you can download them from App Store Connect.
It's under Testflight > Builds > Click your build version code > Build Metadata > Download dSYM
[dSYM]
.dSYM is generated near .app..dSYM is defined by Build location[About]. Usually it is a Derived Data folder.
For example F49088168M.app.dSYM is located
/Users/alex/Library/Developer/Xcode/DerivedData/F49088168M-gltfsnpvscodolcmxrvkbaebeppp/Build/Products/Debug-iphonesimulator/F49088168M.app.dSYM
I found build configuration should be Release to generate .dSYM file.
First check both of them are in the same configuration - DWARF with dSYM File
If it is okay, then navigate to the following path of your finder or from your terminal
/Library/Developer/Xcode/DerivedData/YOUR_APP/Build/Products/Debug-iphoneos
Find App Name and Open Package Content, you will find your .dsym file

Resources