iOS - saving in app purchase data in plist files? - ios

NOTE ---- The answer below uses iOS6- methods, Apple has since then removed developer's access to MAC addresses. If you are developing for iOS7+ disregaurd first answer and just encrypt your IAP unlock data based on other variables that will be unique to each device (like the date the app was first launched)
I have features that need tone unlocked so I store them in my plist files.... a feature like a new avatar in a chat room could have the id "13891" and if it is unlocked I might assign it some key like "93" and if it's locked it might have any other key "37" for example....
So the plist will say: "13891" = "93"
My question is can jailbroken phones edit the plist files easily and unlock features for themselves?
What's a better way of storing this data?
I don't want to have to check Apple's servers every time, it takes too long with low internet connection.
Edit: Current Answer:
4 measures to take:
1) Store it in the keychain. (Or plist I guess now that I've added measure #4)
2) Check Apple's servers every time but if you are worried about the lag that follows just check it in the background and in the meantime let the user use the app if it says they can.
3) Store your variables as encrypted keys in the keychain... don't store "FishingRod = unlocked" store "3dhk34D#HT% = d3tD##".
4) Encrypt each key with the devices MAC address (these MAC addresses do NOT change and are available with or without WiFi connection... code below). That way if a user downloads a plist off of the internet and tries to use it, it won't work because when you decrypt it using their device ID you will can't random nonsense instead of the unlock key (in my examples case that would be "d3tD##".)!!! -- Mac Address can no longer be accessed as of iOS7+, instead encrypt with other device unique things, such as the date the app was first launched
MAC address code (Just stick it in the view controllers ViewDidAppear... in the .H import )
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <net/if.h>
#include <net/if_dl.h>
-(void)viewDidAppear:(BOOL)animated {
int mgmtInfoBase[6];
char *msgBuffer = NULL;
NSString *errorFlag = NULL;
size_t length;
// Setup the management Information Base (mib)
mgmtInfoBase[0] = CTL_NET; // Request network subsystem
mgmtInfoBase[1] = AF_ROUTE; // Routing table info
mgmtInfoBase[2] = 0;
mgmtInfoBase[3] = AF_LINK; // Request link layer information
mgmtInfoBase[4] = NET_RT_IFLIST; // Request all configured interfaces
// With all configured interfaces requested, get handle index
if ((mgmtInfoBase[5] = if_nametoindex("en0")) == 0)
errorFlag = #"if_nametoindex failure";
// Get the size of the data available (store in len)
else if (sysctl(mgmtInfoBase, 6, NULL, &length, NULL, 0) < 0)
errorFlag = #"sysctl mgmtInfoBase failure";
// Alloc memory based on above call
else if ((msgBuffer = malloc(length)) == NULL)
errorFlag = #"buffer allocation failure";
// Get system information, store in buffer
else if (sysctl(mgmtInfoBase, 6, msgBuffer, &length, NULL, 0) < 0)
{
free(msgBuffer);
errorFlag = #"sysctl msgBuffer failure";
}
else
{
// Map msgbuffer to interface message structure
struct if_msghdr *interfaceMsgStruct = (struct if_msghdr *) msgBuffer;
// Map to link-level socket structure
struct sockaddr_dl *socketStruct = (struct sockaddr_dl *) (interfaceMsgStruct + 1);
// Copy link layer address data in socket structure to an array
unsigned char macAddress[6];
memcpy(&macAddress, socketStruct->sdl_data + socketStruct->sdl_nlen, 6);
// Read from char array into a string object, into traditional Mac address format
NSString *macAddressString = [NSString stringWithFormat:#"%02X:%02X:%02X:%02X:%02X:%02X",
macAddress[0], macAddress[1], macAddress[2], macAddress[3], macAddress[4], macAddress[5]];
NSLog(#"Mac Address: %#", macAddressString);
// Release the buffer memory
free(msgBuffer);
//return macAddressString;
NSLog(#"MAC: %#", macAddressString);
//F0:DC:E2:1D:EB:50
}
// Error...
NSLog(#"Error: %#", errorFlag);
}
Note: I got the MAC address code from a friend... I'm not claiming that I wrote the code... I don't know if he wrote it or got it from someone else as well.

4 measures to take:
1) Store it in the keychain. (Or plist I guess now that I've added measure #4)
2) Check Apple's servers every time but if you are worried about the lag that follows just check it in the background and in the meantime let the user use the app if it says they can.
3) Store your variables as encrypted keys in the keychain... don't store "FishingRod = unlocked" store "3dhk34D#HT% = d3tD##".
4) Encrypt each key with the devices MAC address (these MAC addresses do NOT change and are available with or without WiFi connection... code below). That way if a user downloads a plist off of the internet and tries to use it, it won't work because when you decrypt it using their device ID you will can't random nonsense instead of the unlock key (in my examples case that would be "d3tD##".)!!! -- Mac Address can no longer be accessed as of iOS7+, instead encrypt with other device unique things, such as the date the app was first launched
MAC address code (Just stick it in the view controllers ViewDidAppear... in the .H import )
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <net/if.h>
#include <net/if_dl.h>
-(void)viewDidAppear:(BOOL)animated {
int mgmtInfoBase[6];
char *msgBuffer = NULL;
NSString *errorFlag = NULL;
size_t length;
// Setup the management Information Base (mib)
mgmtInfoBase[0] = CTL_NET; // Request network subsystem
mgmtInfoBase[1] = AF_ROUTE; // Routing table info
mgmtInfoBase[2] = 0;
mgmtInfoBase[3] = AF_LINK; // Request link layer information
mgmtInfoBase[4] = NET_RT_IFLIST; // Request all configured interfaces
// With all configured interfaces requested, get handle index
if ((mgmtInfoBase[5] = if_nametoindex("en0")) == 0)
errorFlag = #"if_nametoindex failure";
// Get the size of the data available (store in len)
else if (sysctl(mgmtInfoBase, 6, NULL, &length, NULL, 0) < 0)
errorFlag = #"sysctl mgmtInfoBase failure";
// Alloc memory based on above call
else if ((msgBuffer = malloc(length)) == NULL)
errorFlag = #"buffer allocation failure";
// Get system information, store in buffer
else if (sysctl(mgmtInfoBase, 6, msgBuffer, &length, NULL, 0) < 0)
{
free(msgBuffer);
errorFlag = #"sysctl msgBuffer failure";
}
else
{
// Map msgbuffer to interface message structure
struct if_msghdr *interfaceMsgStruct = (struct if_msghdr *) msgBuffer;
// Map to link-level socket structure
struct sockaddr_dl *socketStruct = (struct sockaddr_dl *) (interfaceMsgStruct + 1);
// Copy link layer address data in socket structure to an array
unsigned char macAddress[6];
memcpy(&macAddress, socketStruct->sdl_data + socketStruct->sdl_nlen, 6);
// Read from char array into a string object, into traditional Mac address format
NSString *macAddressString = [NSString stringWithFormat:#"%02X:%02X:%02X:%02X:%02X:%02X",
macAddress[0], macAddress[1], macAddress[2], macAddress[3], macAddress[4], macAddress[5]];
NSLog(#"Mac Address: %#", macAddressString);
// Release the buffer memory
free(msgBuffer);
//return macAddressString;
NSLog(#"MAC: %#", macAddressString);
//F0:DC:E2:1D:EB:50
}
// Error...
NSLog(#"Error: %#", errorFlag);
}

You don't even need to jailbreak. Wherever you store a writable file, an application like iPhone Explorer can let the user grab and modify that file then write it back out to the device. It would only take one person purchasing to send the unlocked plist file out to the internet at large.
What I would do is store the unlocked items in the keychain on the device (just to obscure it a tiny bit more), and trust that on launch - but then also every time try to contact the Apple servers in the background to verify that the user really should have those unlocked items. That way they may have the items unlocked for a short time even if they can forge the keychain entries, but the ability will be removed if the device is connected to the internet at all while the app runs. Having to remember to disconnect a device from internet connectivity before each run is probably too annoying to make the stolen unlock worth it for the forger.
Since the keychain persists even across application deletion, you may also want to write out a plist file on first launch, if you do not detect that initially created plist file on later launches clear out the keychain.
If anything though, the risk of someone fiddling and unlocking things in your app is probably low. Always err on the side of giving user access when the situation is murky so you do not cause problems for real users.

can jailbroken phones edit the plist files easily and unlock features for themselves?
Yes, exactly.
What's a better way of storing this data?
Maybe the keychain, but that can be altered too on jailbroken devices.
I don't want to have to check Apple's servers every time, it takes too long with low internet connection.
Too bad. If you want to be secure at least to some extent, you better check Apple's server, or even better, your own server as well. (That's also not a 100% guarantee that your game won't be hacked on a jailbroken phone, since the behavior of the app can be modified as one wishes using MobileSubstrate, but at least it's a bit more secure.)

Related

Stm32f4 dma m2m

I'm using STM32F407VG Discovery Board and I've issue with DMA memory to memory transfer. I want to copy 32 bytes of data from one place in memory to other using DMA by writing copy_dma() function. In while loop i'm checking Transfer Complete flag but DMA never returns it. I want to ask where i'm making mistake? Maybe something in configuration is wrong. I'm using Standart Peripheral Libraries. Here's my code.
#include "stm32f4xx.h"
#define BUFFER_SIZE 32
uint8_t src_buffer[BUFFER_SIZE];
uint8_t dst_buffer[BUFFER_SIZE];
void copy_dma(void);
int main(void)
{
RCC_AHB1PeriphClockCmd(RCC_AHB1Periph_DMA1, ENABLE);
int i;
DMA_InitTypeDef dma;
DMA_DeInit(DMA1_Stream4);
DMA_StructInit(&dma);
dma.DMA_Channel = DMA_Channel_1;
dma.DMA_PeripheralBaseAddr = (uint32_t)src_buffer;
dma.DMA_PeripheralInc = DMA_PeripheralInc_Enable;
dma.DMA_Memory0BaseAddr = (uint32_t)dst_buffer;
dma.DMA_MemoryInc = DMA_MemoryInc_Enable;
dma.DMA_BufferSize = BUFFER_SIZE;
dma.DMA_DIR = DMA_DIR_MemoryToMemory;
dma.DMA_FIFOMode = DMA_FIFOMode_Disable;
dma.DMA_MemoryBurst = DMA_MemoryBurst_Single;
dma.DMA_MemoryDataSize = DMA_MemoryDataSize_Byte;
dma.DMA_PeripheralBurst = DMA_PeripheralBurst_Single;
dma.DMA_PeripheralDataSize = DMA_PeripheralDataSize_Byte;
dma.DMA_Mode = DMA_Mode_Normal;
dma.DMA_Priority = DMA_Priority_High;
DMA_Init(DMA1_Stream4, &dma);
for (i = 0; i < BUFFER_SIZE; i++) {
src_buffer[i] = 100 + i;
}
copy_dma();
while(1) {
}
}
void copy_dma(void) {
DMA_Cmd(DMA1_Stream4, ENABLE);
while (DMA_GetFlagStatus(DMA1_Stream4, DMA_FLAG_TCIF4) == RESET);
}
In app note "Using the STM32F2 and STM32F4 DMA controller"(http://stm32.eefocus.com/download/index.php?act=down&id=6312)
is mentioned:
"Memory to memory (only DMA2 is able to do such transfer, in this mode, the circular and direct modes are not allowed.)"
So, try to use DMA2.
In addition to Mariusz Górka's awnser:
When using the DMA you need to know which memory region you are using. The stm32f4 has a memory section called Core Coupled Memory (CCM). The DMA does not have access to this region.
Check your map file and make sure your buffers are not in the region 0x10000000 - 0x1000FFFF.

Get parent process information at runtime on iOS application

I'm trying to obtain some process information at runtime on iOS, particularly the parent process name.
While I'm able to obtain the current process name, it seems that I can't to do the same for its parent.
Here is what I'm doing:
static inline bool is_debugserver_present() {
int err;
int mib[4];
struct kinfo_proc info;
size_t size;
// Initialize the flags so that, if sysctl fails for some bizarre
// reason, we get a predictable result.
info.kp_proc.p_flag = 0;
// Initialize mib, which tells sysctl the info we want, in this case
// we're looking for information about a the parent process ID.
mib[0] = CTL_KERN;
mib[1] = KERN_PROC;
mib[2] = KERN_PROC_PID;
mib[3] = getppid();
// Call sysctl.
size = sizeof(info);
int n = sizeof(mib) / sizeof(*mib);
err = sysctl(mib, n, &info, &size, NULL, 0);
return (strncmp(info.kp_proc.p_comm, "launchd", sizeof("launchd") - 1) != 0);
}
The problem is that the call to sysctl always return -1 thus an error.
The parent process id obtained by getppid()is that same if I ask to the current process for its kp_eproc.e_ppid.
Am I missing something?
You cannot obtain the information of other processes since iOS 9. sysctl is sandboxed now. You can do this only in a iDevice previous iOS 9 or a Simulator.
sysctl() retrieves system information for processes with appropriate privileges
iOS apps are not permitted to see what other apps are running
In iOS 9, the sandbox now prevents a process from accessing the kern.proc,
kern.procargs, and kern.procargs2 values for other processes
see:
WWDC Privacy Introduction
Privacy and your app (Page 29)

Objective C / C. I get wrong Value when i try to get Mac Adress on IOS device

I'm trying to use a C code to obtain mac adress on any IOS device.
I'm trying it on a iPhone 6 plus but it seems not work.
My output will look as follows:
2015-02-15 15:37:37.947 MyDemo[438:223963] Mac Address: 02:00:00:00:00:00
Anyone can help me for this please ?
Thanks.
This is the GetMacAdress.m
Original source code courtesy John from iOSDeveloperTips.com
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <net/if.h>
#include <net/if_dl.h>
...
- (NSString *)getMacAddress
{
int mgmtInfoBase[6];
char *msgBuffer = NULL;
size_t length;
unsigned char macAddress[6];
struct if_msghdr *interfaceMsgStruct;
struct sockaddr_dl *socketStruct;
NSString *errorFlag = NULL;
// Setup the management Information Base (mib)
mgmtInfoBase[0] = CTL_NET; // Request network subsystem
mgmtInfoBase[1] = AF_ROUTE; // Routing table info
mgmtInfoBase[2] = 0;
mgmtInfoBase[3] = AF_LINK; // Request link layer information
mgmtInfoBase[4] = NET_RT_IFLIST; // Request all configured interfaces
// With all configured interfaces requested, get handle index
if ((mgmtInfoBase[5] = if_nametoindex("en0")) == 0)
errorFlag = #"if_nametoindex failure";
else
{
// Get the size of the data available (store in len)
if (sysctl(mgmtInfoBase, 6, NULL, &length, NULL, 0) < 0)
errorFlag = #"sysctl mgmtInfoBase failure";
else
{
// Alloc memory based on above call
if ((msgBuffer = malloc(length)) == NULL)
errorFlag = #"buffer allocation failure";
else
{
// Get system information, store in buffer
if (sysctl(mgmtInfoBase, 6, msgBuffer, &length, NULL, 0) < 0)
errorFlag = #"sysctl msgBuffer failure";
}
}
}
// Befor going any further...
if (errorFlag != NULL)
{
NSLog(#"Error: %#", errorFlag);
return errorFlag;
}
// Map msgbuffer to interface message structure
interfaceMsgStruct = (struct if_msghdr *) msgBuffer;
// Map to link-level socket structure
socketStruct = (struct sockaddr_dl *) (interfaceMsgStruct + 1);
// Copy link layer address data in socket structure to an array
memcpy(&macAddress, socketStruct->sdl_data + socketStruct->sdl_nlen, 6);
// Read from char array into a string object, into traditional Mac address format
NSString *macAddressString = [NSString stringWithFormat:#"%02X:%02X:%02X:%02X:%02X:%02X",
macAddress[0], macAddress[1], macAddress[2],
macAddress[3], macAddress[4], macAddress[5]];
NSLog(#"Mac Address: %#", macAddressString);
// Release the buffer memory
free(msgBuffer);
return macAddressString;
}
That is some pretty nasty low-level code.
I personally think that anyone who writes code of the form:
if ((a=b)==c)
...should be shot. We're not writing assembler here - Don't write code that looks like a typo to save 1 statement. (That rant is directed at the original author, not you.)
I'm not familiar enough with the low-level system functions to be able to tell what's wrong without a lot of digging.
However, stepping back from why your code isn't working, WHY do you need the MAC address? Does it have to be the actual network MAC address?
Apple no longer allows you to get that information because it allows you to uniquely track the user's device. If you do find a way to do it, your app will be rejected. (Not really Apple's fault; there was a big stink in the industry and all the device vendors had to block providing this info.)
#mad_mask's suggestion of using identifierForVendor is probably the best solution. That gives you an ID that's unique for that device for your company.
It is not possible to get the MAC address for an apple device any longer. This was added to prevent applications from using the MAC address as a unique identifier for tracking. It always comes out as 02:00:00:00:00:00 regardless of the route you take to finding it.
The vendor and marketing Ids you have to use instead are not the MAC address but something else.
I have written a network scanner and as far as I have been able to tell, there is no way round this unless you can talk to an external device on the same LAN segment which has visibility of the device on the network and can send it to you.

NSMutableData encryption in place using NSInputStream

I am trying to use CommonCrypto to encrypt an NSMutableData object in place (copying the resulting bytes to itself, without duplicating it). Previously, I was using CCCrypt() "one-shot" method, mainly because it seemed simple. I noticed that my data object got duplicated in memory.
To avoid this, I tried using an NSInputStream object with a buffer size of 2048 bytes. I am reading my NSMutableData object, and continuously call CCCryptorUpdate(), to handle the encryption. The problem is, that it still seems to be duplicated. Here's my current code (please note that it's a category on NSMutableData - mainly because of historical reasons - thus the "self" references):
- (BOOL)encryptWithKey:(NSString *)key
{
// Key creation - not relevant to the dercribed problem
char * keyPtr = calloc(1, kCCKeySizeAES256+1);
[key getCString: keyPtr maxLength: sizeof(keyPtr) encoding: NSUTF8StringEncoding];
// Create cryptographic context for encryption
CCCryptorRef cryptor;
CCCryptorStatus status = CCCryptorCreate(kCCEncrypt, kCCAlgorithmAES128, kCCOptionECBMode, keyPtr, kCCKeySizeAES256, NULL, &cryptor);
if (status != kCCSuccess)
{
MCLog(#"Failed to create a cryptographic context (%d CCCryptorStatus status).", status);
}
// Initialize the input stream
NSInputStream *inStream = [[NSInputStream alloc] initWithData:self];
[inStream open];
NSInteger result;
// BUFFER_LEN is a define 2048
uint8_t buffer[BUFFER_LEN];
size_t bytesWritten;
while ([inStream hasBytesAvailable])
{
result = [inStream read:buffer maxLength:BUFFER_LEN];
if (result > 0)
{
// Encryption goes here
status = CCCryptorUpdate(
cryptor, // Previously created cryptographic context
&result, // Input data
BUFFER_LEN, // Length of the input data
[self mutableBytes], // Result is written here
[self length], // Size of result
&bytesWritten // Number of bytes written
);
if (status != kCCSuccess)
{
MCLog(#"Error during data encryption (%d CCCryptorStatus status)", status);
}
}
else
{
// Error
}
}
// Cleanup
[inStream close];
CCCryptorRelease(cryptor);
free(keyPtr);
return ( status == kCCSuccess );
}
I am definitely missing something obvious here, encryption, and even using input streams is a bit new to me..
As long as you only call CCUpdate() one time, you can encrypt into the same buffer you read from without using a stream. See RNCryptManager.m for an example. Study applyOperation:fromStream:toStream:password:error:. I did use streams here, but there's no requirement that you do that if you already have an NSData.
You must ensure that CCUpdate() is only called one time, however. If you call it multiple times it will corrupt its own buffer. This is an open bug in CommonCryptor (radar://9930555).
As a side note: your key generation is extremely insecure, and use of ECB mode for this kind of data barely qualifies as encryption. It leaves patterns in the ciphertext which can be used to decrypt the data, in some cases just by looking at it. I do not recommend this approach if you actually intend to secure this data. If you want to study how to use these tools well, see Properly Encrypting With AES With CommonCrypto. If you want a prepackaged solution, see RNCryptor. (RNCryptor does not currently have a convenient method for encrypting in-place, however.)
In the line:
result = [inStream read:buffer maxLength:BUFFER_LEN];
the data is read into buffer and result is set to the outcome of the execution.
in lines:
status = CCCryptorUpdate(cryptor, &result, ...
You should be using buffer for the input data, not the status
status = CCCryptorUpdate(cryptor, buffer, ...
Using better names would help eliminate the simple error. If instead of result the variable had been named readStatus the error would most likely not occurred. Likewise instead of naming rthe data variable buffer it had been named streamData things would also have been more clear. Poor naming really can cause errors.

iPhone app kill process

I am basically looking to create Memory (RAM) optimization function as given in following applications. (For iPhone sdk)
https://itunes.apple.com/us/app/memory-100-pro/id644853504?mt=8
https://itunes.apple.com/th/app/memory-pro/id483447668?mt=8
This function basically kills third party app background process to achieve the same.
Can any one guide me that how can I find that particular process is not system process and kill the process.
I am using following code to get list of process with process id.
struct kinfo_proc *procs = NULL, *newprocs;
char thiscmd[MAXCOMLEN + 1];
pid_t thispid;
int mib[4];
size_t miblen;
int i, st, nprocs;
size_t size;
size = 0;
mib[0] = CTL_KERN;
mib[1] = KERN_PROC;
mib[2] = KERN_PROC_ALL;
mib[3] = 0;
miblen = 3;
st = sysctl(mib, miblen, NULL, &size, NULL, 0);
do {
size += size / 10;
newprocs = realloc(procs, size);
if (newprocs == 0) {
if (procs)
free(procs);
errx(1, "could not reallocate memory");
}
procs = newprocs;
st = sysctl(mib, miblen, procs, &size, NULL, 0);
} while (st == -1 && errno == ENOMEM);
nprocs = size / sizeof(struct kinfo_proc);
/* Now print out the data */
for (i = 0; i < nprocs; i++) {
thispid = procs[i].kp_proc.p_pid;
strncpy(thiscmd, procs[i].kp_proc.p_comm, MAXCOMLEN);
thiscmd[MAXCOMLEN] = '\0';
printf("%d\t%s\n", thispid, thiscmd);
NSString * processName = [[NSString alloc] initWithFormat:#"%s", procs[i].kp_proc.p_comm];
if([processName isEqualToString:#"templerunbrave"])
kill(thispid, SIGKILL);
}
/* Clean up */
free(procs);
A 3rd party app is sandboxed and does not have the power or authority to arbitrarily kill processes and threads that do not belong to it.
The way these "memory" apps work is by manually allocating memory incrementally in a for loop until they get memory warnings, then manually freeing the memory. Because the OS does not know that your memory is not being used in the app, it takes active memory away from other apps, sometimes even force closing them in order to provide their memory resources to your app. Once you manually free the memory, this memory that was allocated to your app is now available to the whole system, but the other apps which were killed or in deep sleep will remain killed or in deep sleep.

Resources