问题描述
我们中许多人知道,最近有苹果的情况是黑客能够免费获得任何应用内购买。苹果最近发布了 描述如何修补它,但我有点困惑在第4步,并将感谢任何帮助。第一步是将他们的补丁.h和.m下载到项目中,并将其与Security框架相链接。好的,好吧。然后苹果说:
4。提供base64编码器,base64解码器以及验证成功时执行的操作。
编码器的部分究竟是什么意思应该做? (验证成功时执行的操作对我来说很清楚。)我看到在$ code> base64_encode 和 base64_decode 中的函数课,当然。但是要问什么?这是否只是我知道的特殊PIN码,以防止黑客入侵?我不知道该怎么做当然,我得到了编码和解码的整体概念,而不是在这种情况下如何正确生成一个编程细节。
Apple编写的代码,如果这有帮助:
- (NSString *)encodeBase64:(const uint8_t *)输入长度:(NSInteger)length
{
#warning替换此方法。
return nil;
}
- (NSString *)decodeBase64:(NSString *)输入长度:(NSInteger *)长度
{
#warning替换此方法。
return nil;
}
#warning实现此功能。
char * base64_encode(const void * buf,size_t size)
{return NULL; }
#warning实现这个功能。
void * base64_decode(const char * s,size_t * data_len)
{return NULL;我还感到困惑的是有2个编码和2个解码功能。我发现有一对返回 NSString * 的对,但是为什么第二对返回一个 char * 和一个 void *的?这些功能有什么期望返回?我真的不明白解决方案请查看一个解决方案:,由未知作者发布。
包含以下代码,我测试并适用于我:
//单个base64字符转换
static int POS (char c)
{
if(c> ='A'&& c< ='Z')return c - 'A'
if(c> ='a'&& c< ='z')return c - 'a'+ 26;
if(c> ='0'&& c< ='9')return c - '0'+ 52;
if(c =='+')return 62;
if(c =='/')return 63;
if(c =='=')return -1;
[NSException raise:@无效的BASE64编码格式:@无效的BASE64编码];
return 0;
- (NSString *)encodeBase64:(const uint8_t *)输入长度:(NSInteger)length
{
return [NSString stringWithUTF8String:base64_encode(input, (为size_t)长度)];
}
- (NSString *)decodeBase64:(NSString *)输入长度:(NSInteger *)length
{
size_t retLen;
uint8_t * retStr = base64_decode([input UTF8String],& retLen);
if(length)
* length =(NSInteger)retLen;
NSString * st = [[NSString alloc] initWithBytes:retStr
length:retLen
encoding:NSUTF8StringEncoding] autorelease];
free(retStr); //如果base64_decode返回动态分配的内存
return st;
char * base64_encode(const void * buf,size_t size)
{
static const char base64 [] =ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 + /;
char * str =(char *)malloc((size + 3)* 4/3 + 1);
char * p = str;
unsigned char * q =(unsigned char *)buf;
size_t i = 0;
while(i< size){
int c = q [i ++];
c * = 256;
if(i< size)c + = q [i];
i ++;
c * = 256;
if(i< size)c + = q [i];
i ++;
* p ++ = base64 [(c& 0x00fc0000)>> 18];
* p ++ = base64 [(c& 0x0003f000)>> 12];
if(i> size + 1)
* p ++ ='=';
else
* p ++ = base64 [(c& 0x00000fc0)>> 6];
if(i> size)
* p ++ ='=';
else
* p ++ = base64 [c& 0x0000003f];
}
* p = 0;
return str;
}
void * base64_decode(const char * s,size_t * data_len_ptr)
{
size_t len = strlen(s);
if(len%4)
[NSException raise:@base64_decode中的无效输入格式:@%d是BASE64解码输入字符串的长度无效,len] ;
unsigned char * data =(unsigned char *)malloc(len / 4 * 3);
int n [4];
unsigned char * q =(unsigned char *)数据;
(const char * p = s; * p;)
{
n [0] = POS(* p ++);
n [1] = POS(* p ++);
n [2] = POS(* p ++);
n [3] = POS(* p ++);
if(n [0] == - 1 || n [1] == - 1)
[NSException raise:@base64_decode中的无效输入格式:@无效的BASE64编码];
if(n [2] == - 1&& n [3]!= - 1)
[NSException raise:@base64_decode中的无效输入格式:@ BASE64编码无效];
q [0] =(n [0] > 4);
if(n [2]!= -1)q [1] =((n [1]& 15)< 4)+(n [2]> 2);
if(n [3]!= -1)q [2] =((n [2]& 3)< 6)+ n [3]
q + = 3;
}
//确保data_len_ptr不为空
if(!data_len_ptr)
[NSException raise:@base64_decode中的无效输入格式:@输出字符串长度的目标无效];
* data_len_ptr = q-data - (n [2] == - 1) - (n [3] == - 1);
返回数据;
}
As many of us know, there's been a recent situation with Apple where hackers are able to get any In-App Purchase for free. Apple recently released this document describing how to patch it, but I'm a bit confused on step #4 and would appreciate any help.
The first steps are to download their patch .h and .m, include it in your project, and link it against the Security framework. Okay, good, got it. Then Apple says:
4. Provide a base64 encoder, a base64 decoder, and the action to perform when validation succeeds.
What exactly does the part about the encoders mean I should do? (The action to perform when validation succeeds is clear to me.) I see the functions named base64_encode and base64_decode in the class, certainly. But what is it asking for? Is this like a special PIN number that only I know, to prevent hacking? I'm not sure what to do here. I get the overall concepts of encoding and decoding, of course, but not the programmatic specifics of how to generate one properly in this situation.
The code as Apple writes it, if this helps any:
- (NSString *)encodeBase64:(const uint8_t *)input length:(NSInteger)length
{
#warning Replace this method.
return nil;
}
- (NSString *)decodeBase64:(NSString *)input length:(NSInteger *)length
{
#warning Replace this method.
return nil;
}
#warning Implement this function.
char* base64_encode(const void* buf, size_t size)
{ return NULL; }
#warning Implement this function.
void * base64_decode(const char* s, size_t * data_len)
{ return NULL; }
I'm also perplexed that there are 2 encode and 2 decode functions. I get that there's a pair that returns NSString*s, but why does the second pair return a char* and a void*? What are these functions expected to return? I really don't get it.
解决方案 Please have a look at a solution presented: here, posted by unknown author.
which contains the following code, which I tested and works for me:
// single base64 character conversion
static int POS(char c)
{
if (c>='A' && c<='Z') return c - 'A';
if (c>='a' && c<='z') return c - 'a' + 26;
if (c>='0' && c<='9') return c - '0' + 52;
if (c == '+') return 62;
if (c == '/') return 63;
if (c == '=') return -1;
[NSException raise:@"invalid BASE64 encoding" format:@"Invalid BASE64 encoding"];
return 0;
}
- (NSString *)encodeBase64:(const uint8_t *)input length:(NSInteger)length
{
return [NSString stringWithUTF8String:base64_encode(input, (size_t)length)];
}
- (NSString *)decodeBase64:(NSString *)input length:(NSInteger *)length
{
size_t retLen;
uint8_t *retStr = base64_decode([input UTF8String], &retLen);
if (length)
*length = (NSInteger)retLen;
NSString *st = [[[NSString alloc] initWithBytes:retStr
length:retLen
encoding:NSUTF8StringEncoding] autorelease];
free(retStr); // If base64_decode returns dynamically allocated memory
return st;
}
char* base64_encode(const void* buf, size_t size)
{
static const char base64[] = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
char* str = (char*) malloc((size+3)*4/3 + 1);
char* p = str;
unsigned char* q = (unsigned char*) buf;
size_t i = 0;
while(i < size) {
int c = q[i++];
c *= 256;
if (i < size) c += q[i];
i++;
c *= 256;
if (i < size) c += q[i];
i++;
*p++ = base64[(c & 0x00fc0000) >> 18];
*p++ = base64[(c & 0x0003f000) >> 12];
if (i > size + 1)
*p++ = '=';
else
*p++ = base64[(c & 0x00000fc0) >> 6];
if (i > size)
*p++ = '=';
else
*p++ = base64[c & 0x0000003f];
}
*p = 0;
return str;
}
void* base64_decode(const char* s, size_t* data_len_ptr)
{
size_t len = strlen(s);
if (len % 4)
[NSException raise:@"Invalid input in base64_decode" format:@"%d is an invalid length for an input string for BASE64 decoding", len];
unsigned char* data = (unsigned char*) malloc(len/4*3);
int n[4];
unsigned char* q = (unsigned char*) data;
for(const char*p=s; *p; )
{
n[0] = POS(*p++);
n[1] = POS(*p++);
n[2] = POS(*p++);
n[3] = POS(*p++);
if (n[0]==-1 || n[1]==-1)
[NSException raise:@"Invalid input in base64_decode" format:@"Invalid BASE64 encoding"];
if (n[2]==-1 && n[3]!=-1)
[NSException raise:@"Invalid input in base64_decode" format:@"Invalid BASE64 encoding"];
q[0] = (n[0] << 2) + (n[1] >> 4);
if (n[2] != -1) q[1] = ((n[1] & 15) << 4) + (n[2] >> 2);
if (n[3] != -1) q[2] = ((n[2] & 3) << 6) + n[3];
q += 3;
}
// make sure that data_len_ptr is not null
if (!data_len_ptr)
[NSException raise:@"Invalid input in base64_decode" format:@"Invalid destination for output string length"];
*data_len_ptr = q-data - (n[2]==-1) - (n[3]==-1);
return data;
}
这篇关于修补应用内购买黑客;坚持第四步的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!