iOS protection mechanisms

Max Bazaliy

Max Bazaliy

Position: iOS developer at Magento

Experience: Solutions to prevent reverse engineering and code analysis iOS development

maxim.bazalii@magento.com

Statistics

• 200 million iOS devices

• 225 million iTunes Store accounts

• 425,000 apps in the app store

• Apple has paid $2.5 billion to developers

IT-Jam 2011

FairPlay DRM Account

Buying processUser key Master key

AES

How to crack FairPlay DRM ?

• Preparatory process

• Information gathering

• “Victim” launch

• Memory dump

• Replace encrypted data

• Resign app

FairPlay DRM auto unpackers

Sad news

• One-click cracking tools

• 10% of all devices are jailbroken

• 80% of jailbroken devices use pirated applications

• Industry losses over $450 million a year

Any solution ?

• Anti-debug• ptrace trick• trace detection trick

• String protection• Obfuscate important strings• Generate encoding table for every application

• Resource protection• Encrypt important resources

Anti-cracking techniques

How to detect cracked app ?

• App encryption check• Check cryptid in LC_ENCRYPTION_INFO

• File size and date check• Check main binary, info.plist and PkgInfo date • Info.plist size check

• Jailbreak detection• System directory access check

Mobile platform protection

• Trigger system• Use in app mechanics• Triggers are hard to detect• Limit functionality

• Code protection• Obfuscation• Virtual machines

Resume

FairPlay DRM

Bypassing FairPlay DRM

Anti-cracking techniques

Trigger system & Code protection

Questions ?

maxim.bazalii@magento.com