Reinforcement is one of the important means to protect THE security of App. It can not only ensure the security of App code and prevent it from being cracked, invaded and tampered with, but also meet the requirements of compliance such as guarantee and testing.
More recently, the company created a sports App, aimed at Apple users. I tried all the major iOS reinforcement products on the market. Although there are domestic and foreign, but the gap is very large. Of course, no more than 6 items can be taken out and said separately. The following is a little experience of iOS App reinforcement product selection, mainly including Obfuscator-LLVM, netease iOS reinforcement, 360iOS reinforcement, top image iOS reinforcement and digital dun armor iOS reinforcement.
Obfuscator-LLVM
Obfuscator-llvm is a project initiated by the Security Laboratory of Northwestern University of Applied Technology in Switzerland in June 2010, which aims to provide a set of open source code obfuscation tools for LLVM to increase the difficulty of reverse engineering. Later, it moved to commercial project strong.Protect. Currently, OLLVM already supports LLVM-4.0.
As an excellent open source project for code confusion, Obfuscator-LLVM provides control flow flattening, instruction replacement, false control flow and other functions. It does not support Swift and Bitcode and has low reinforcement strength.
Obfuscator-LLVM must be integrated into Xcode when used, that is, in the form of plug-in for reinforcement, development and debugging is very simple.
Obfuscator-llvm obfuscation styles are as follows:
Netease iOS Hardening
IOS Hardening (dun.163.com/product/ios… It is a mobile security product under netease Easy Shield. It mainly provides functions such as string encryption, code logic obfuscation, string obfuscation and reverse debugging. It also does not support Swift and Bitcode, and the hardening strength is medium.
The netease iOS hardening tool is an independent tool that has been developed and debutted to a moderate degree.
It offers a 15-day free trial for businesses. A bundleID and mailbox are required.
The use process is as follows:
360 ios reinforcement
360iOS hardening (jiagu.360.cn/#/global/in… It is a product of 360 Reinforcement Insurance. It mainly provides source code for constant encryption, logical confusion, structure replacement, multipath execution and other protection. It also does not support Swift and Bitcode, and the reinforcement strength is medium.
360iOS hardening takes the form of online hardening. Register an account on the official website and upload a file for use. The development and debugging degree is more troublesome.
Digital Meld armor iOS hardening
Digital meltdowns are an upstart reinforcement manufacturer. The iOS hardening product mainly provides functions such as binary hardening, string obfuscation, and advanced undebugging. It does not support Swift and Bitcode, and the hardening strength is low.
The following is a reinforcement result.
Top like iOS hardening
Top like iOS hardening (www.dingxiang-inc.com/business/io… Is the top image technology end security products, mainly provides code virtualization, string encryption, code confusion and other functions. Support swift and Bitcode (this is currently the only support for these two languages hardening tools), the hardening strength is high.
Say more, the product team mainly from Alibaba mobile security product team.
Top like iOS hardening is more interesting, available in two online and plug-in forms.
Add online to join, and then directly upload the file can be used.
To facilitate file upload, top image also made an auxiliary tool, used to extract hardening files and merge files.
The second method is a plug-in, similar to obfuscator-llVM, which is also in Xcode. The usage process is as follows:
Comparison of five iOS hardening tools
Write the summary at the end
1. Function. These tools all have basic functions such as string encryption, code and symbol obfuscation, and code clutter that are common in the market today. Among them, netease iOS reinforcement and Digital Dun Jia iOS reinforcement also provide anti-debugging function. Anti-debugging code is automatically injected after it is enabled, eliminating handwriting. The top image iOS hardening integrates the code virtualization function. After this function is enabled, the function body disappears and the virtual machine runs. The overall hardening effect is better.
2. Operation. Obfuscator-llvm is integrated into the new XCode (9.4.1), which is a bit cumbersome to operate. The netease iOS hardening tool is easy to operate, but cannot be integrated into Xcode. 360 reinforcement and digital dun armor iOS reinforcement is online services, but also relatively simple; Like iOS hardening, it can be used online or integrated into Xcode.
3. Language support. Swift is a new programming language released by Apple in 2014. Bitcode is an intermediate language for compilation, which is more commonly used. However, it is not supported except for iOS hardening.
4. Configuration mode. The configuration methods of Obfuscator-LLVM, netease iOS hardening and Top Image iOS hardening are similar.
5. Version update. Obfuscator-LLVM is all free, but has stopped updating. All other products have been updated.
6. Harden files. Top like iOS hardening online use, do not need to upload the source code, which is different from several other online hardening products.