This article combines: directions for iOS

Reverse protection of the heavy signature

Full resignature

The certificate, Mobileprovision, and Bundle ID information correspond to the same information. This re-signing method has the same effect as directly signing codes.

Advantages:

Long period of validity, high stability;Copy the code

Disadvantages:

The maintenance cost is high. Each re-signed IPA must change the Bundle ID and match the corresponding signing certificate and mobileprovision description file.Copy the code

Scope of application:

The stability of signature is required;Copy the code

Incomplete re-signature

Ensure that the certificate and Mobileprovision are consistent, regardless of whether they are consistent with the Bundle ID of the original IPA.

Advantages:

Looks easy to maintain;Copy the code

Disadvantages:

In fact, the original IPA signature is not completely replaced, so it is easy to re-sign failure and the stability is not high. Therefore, it is necessary to re-sign and use with caution.Copy the code

Scope of application:

Stability requirements are not high;Copy the code

Photo introduction:

The hooks and injection

Software encryption technology is constantly updated and improved, and the level of attack and defense is constantly improved. Simple static level security confrontation is rarely seen, and analysts are faced with more high-strength code encryption technology and program tamper proof technology. In this context, Hook and injection, a new software analysis technology, emerge at the right moment

Decomcompiling APK, modifying or adding code to repackage APK will change the hash value and signature information of the original file. Software anti-tamper technology is to determine whether the program is damaged by checking the hash value and signature of the original file while the software is running.

Hook technology is also called “Hook technology”. The principle is to first “Hook” the function to be modified, and then replace it with a custom function, so that the program can execute the custom function at run time, so as to achieve the purpose of dynamic software modification.

Take Hook anti-tamper technology as an example. When detecting the hash value and signature of the program, the anti-tamper system will call the system API to read the APK signature information. Using Hook technology, these system apis can be “hooked” to directly return the signature information of the original program, so as to effectively “cheat” the anti-tamper system. Resolve signature checking after code is repackaged.

This involves two techniques: how to implement the “hook” action; How to write a custom function

Video details:Click here