问题描述
由于IPA结构只是一个压缩文件,其中包含编译代码和媒体内容,如图像&音频,我如何保护内容免受别人的窃取?有没有加密可以添加到IPA?
此答案提到应用程序已被加密到获取时间在您的用户设备上:。
上述类别的简单使用示例:
NSMutableData * imageData = [NSMutableData dataWithContentsOfFile:pathToEncryptedFile];
[imageData decryptWithKey:@SuperSecretDecryptionKey];
UIImage * decryptptedImage = [UIImage imageWithData:imageData];
重要提示:如果有人要运行字符串
实用程序在您的 .app
在越狱iphone上,甚至在iPhone上,他们可以通过USB进行文件系统访问,您应用中声明的所有字符串列表。这包括SuperSecretDecryptionKey。所以你可能想要使用一个整数,浮点或其他常量做一个字符串解密密钥的即时生成,或者确保你用来解密事物的字符串与正常的系统字符串完全相同没有人怀疑它是真正的关键。
更新:您应该查看对于这种事情,这是非常全面的。 >
要加密/解密 *。strings
文件,您应该以某种方式加密密钥和值字符串(可能是给您可以使用十六进制或任何字母数字字符),如果要访问给定值,请说 LicenceNumber
,请执行以下操作:
NSMutableData * keyToRequest = [@LicenceNumber
dataUsingEncoding:NSUTF8StringEncoding];
[keyToRequest encryptWithKey:@SuperSecretEncryptionKey];
NSMutableData * valueToRequest = [[NSBundle mainBundle]
localizedStringForKey:[NSString
stringWithUTF8String:[keyToRequest bytes]]
值:@无许可证
表:@ EncryptedStringsFile];
[valueToRequest decryptWithKey:@SuperSecretDecryptionKey];
As IPA structure is just a zipped file containing compiled codes & media contents like images & audio, how can I protect the contents from being extracted and stolen by others? Is there any encryption I can add into the IPA?
This answer mentions that the application is already encrypted by the time it gets onto your users' devices: Does Apple modify iOS application executables on apps submitted to the App Store?
Sorry, that's only the application binary. The other media are not encrypted, and no, there's no way to encrypt the .ipa. You could try encrypting your images and other media on your system, providing a bunch of application code to decrypt those resources when the app runs, and then your decryption code will become a part of the encrypted application binary. You can't submit an encrypted IPA though, it needs to be the file directly output from Xcode.
In response to your comment, the one I've used is CommonCrypto. You need to #import <CommonCrypto/CommonCryptor.h>
, and the implementation I used as my starting point was this category on NSMutableData.
Simple usage example of the above category:
NSMutableData *imageData = [NSMutableData dataWithContentsOfFile:pathToEncryptedFile];
[imageData decryptWithKey:@"SuperSecretDecryptionKey"];
UIImage *decryptedImage = [UIImage imageWithData:imageData];
IMPORTANT NOTE HERE: IF someone was to run the strings
utility on your .app
on a jailbroken iphone, or even on an iPhone they have filesystem access to via USB, they will get a list of all strings declared in your app. This includes "SuperSecretDecryptionKey". So you may want to use an integer, floating-point or other constant to do on-the-fly generation of a string decryption key, or make sure that the string you use to decrypt things is exactly the same as a normal system string so no-one suspects it as the true key. Security through obscurity, in this case, is advantageous.
Update: You should check out AQToolkit
for this kind of thing, it's quite comprehensive.
To encrypt/decrypt *.strings
files, you should encrypt the key and value strings in some manner (maybe one which give you hexadecimal back, or any alphanumeric characters), and when you want to access a given value, say LicenceNumber
, do this:
NSMutableData *keyToRequest = [@"LicenceNumber"
dataUsingEncoding:NSUTF8StringEncoding];
[keyToRequest encryptWithKey:@"SuperSecretEncryptionKey"];
NSMutableData *valueToRequest = [[NSBundle mainBundle]
localizedStringForKey:[NSString
stringWithUTF8String:[keyToRequest bytes]]
value:@"No licence"
table:@"EncryptedStringsFile"];
[valueToRequest decryptWithKey:@"SuperSecretDecryptionKey"];
这篇关于在编译的iOS应用程序(IPA)中加密内容的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!