减少 iPhone 应用程序的盗版

发布于 2024-07-19 05:38:53 字数 320 浏览 8 评论 0原文

有哪些公认的减少 iPhone 应用程序盗版且不违反 Apple 评估流程的方法?

如果我的应用程序“打电话回家”以提供其运行的唯一设备 ID,我还需要收集哪些其他信息(例如,用于购买应用程序的 Apple ID)来创建授权使用该应用程序的有效注册令牌? 同样,我将使用什么代码来访问这些额外数据?

目前解决这个问题的最佳可用技术方法是什么?

(请避免使用关于盗版如何不可避免的非编程答案等。我知道盗版是不可避免的。我对基于编程的答案感兴趣,这些答案讨论了如何提前感谢您的理解。)

What are accepted methods to reduce iPhone application piracy, which do not violate Apple's evaluation process?

If my application "phones home" to provide the unique device ID on which it runs, what other information would I need to collect (e.g., the Apple ID used to purchase the application) to create a valid registration token that authorizes use of the application? Likewise, what code would I use to access that extra data?

What seem to be the best available technical approaches to this problem, at the present time?

(Please refrain from non-programming answers about how piracy is inevitable, etc. I know piracy is inevitable. I am interested in programming-based answers that discuss how to reduce it. Thanks in advance for your understanding.)

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

汹涌人海 2024-07-26 05:38:53

更新

访问并阅读

感谢评论中的chpwn。

代码太旧了! - 2009 年 5 月 11 日

现在有一种更简单的方法可以检测您的 iPhone 应用程序是否已被破解以供盗版使用。 这并不涉及您根据可接受的 ID 列表检查 iPhone 唯一 ID。

目前破解者要做三件事:

  1. 编辑 Info.plist 文件
  2. 将 Info.plist 从二进制解码为
    UTF-8 或 ASCII
  3. 将密钥对添加到 Info.plist{SignerIdentity,
    Apple iPhone OS 应用程序签名}

最后一个最容易使用此代码进行检查:

NSBundle *bundle = [NSBundle mainBundle]; 
NSDictionary *info = [bundle infoDictionary]; 
if ([info objectForKey: @"SignerIdentity"] != nil) 
{ /* do something */  }

通常我们在我们构建的任何 App Store 应用程序中都没有 SignerIdentity,因此检查 nil 然后执行设置指令应该会让破解者和盗版者变得更加困难。

我不能将此归功于我,所以请访问 如何阻止 iPhone IPA破解者。 这里有大量关于 iPhone 盗版以及如何遏制盗版的信息。

UPDATE

Please visit and read

Thanks to chpwn in the comments.

Code that's way too old! - 11th May 2009

For now there's an easier way to detect if your iPhone application has been cracked for piracy use. This does not involve you to check the iPhone unique IDs against a list of accepted IDs.

Currently there are three things crackers do:

  1. Edit the Info.plist file
  2. Decode the Info.plist from binary to
    UTF-8 or ASCII
  3. Add a key-pair to Info.plist{SignerIdentity,
    Apple iPhone OS Application Signing}

The last one is easiest to check with this code:

NSBundle *bundle = [NSBundle mainBundle]; 
NSDictionary *info = [bundle infoDictionary]; 
if ([info objectForKey: @"SignerIdentity"] != nil) 
{ /* do something */  }

Generally we don't have SignerIdentity in any of the App Store applications we build so checking for nil then performing set instructions should make it more difficult for crackers and pirates.

I can't take credit for this so please visit How to Thwart iPhone IPA Crackers. There's loads of information there about piracy on iPhone and how to curb it.

探春 2024-07-26 05:38:53

正如 Andrey Tarantsov 在评论中指出的那样,在二进制文件中查找“SignerIdentity”字符串(使用 HexEdit 等应用程序)并替换它非常容易。

您可以对该字符串进行编码,但您所要做的就是更改它的一个字符,应用程序将不再查找“SignerIdentity”密钥,而是查找可能不存在的其他密钥(因此为 null )。 该密钥为空,应用程序认为它没有被破解(因为如果应用程序没有被破解,SignerIdentity 应该为空)。

相反,我宁愿检查 info.plist 的大小并将其与参考值进行比较。 我注意到模拟器和设备版本没有相同的 info.plist 文件大小。 调试、发布和分发版本也是如此。 因此,请确保使用设备分发版本的 info.plist 文件大小设置参考值。

如何查找启动时的文件大小

As pointed out by Andrey Tarantsov in the comments, looking for the "SignerIdentity" string in the binary (using an app like HexEdit) and replacing it is pretty easy.

You could encode that string, but then again all you have to do is change one char of it and the app is not going to look for the "SignerIdentity" key anymore but for some other key that probably doesn't exist (therefore is null). That key being null, the app thinks it isn't cracked (since SignerIdentity should be null if the app isn't cracked).

Instead, I'd rather check the size of the info.plist and compare it to a reference value. I noticed Simulator and Devices builds don't have the same info.plist file size. Same goes for Debug, Release and Distribution builds. Therefore, make sure you set the reference value using the info.plist file size for the Device Distribution Build.

How to look for the filesize at launch:

与风相奔跑 2024-07-26 05:38:53

看起来保存 Plist 的 MD5 校验和并检查 CryptID 应该会在一段时间内表现良好。

It looks like saving MD5 checksum of Plist and checking CryptID should do well till some time.

偏爱自由 2024-07-26 05:38:53

检查 iTunesMetadata.plist 的购买日期,因为有时,当应用程序被破解时,该日期会更改为令人震惊的内容。

另请检查购买者姓名字段是否存在。 根据我破解个人使用的应用程序的经验,这通常会被删除。 如果有人知道 Temple Run 的反转储保护是如何工作的,您可以将其与 poedCrackMod 无法获得的一些保护结合使用(google poedCrackMod 创建 hackulo.us 帐户,去开发中心查找 poedCrackMod,将其安装在 iDevice 上) 。

Clutch 不会通过类似 Temple Run 的保护来破解东西,它有一个名为 OverDrive 的功能,旨在阻止应用程序的破解检测。 poedCrackMod 有 LamestPatch,但不太好。 poedCrackMod 也是一个可以进行逆向工程的开源 bash 脚本。 回顾一下,您有一个具有复制保护的应用程序,该应用程序无法通过离合器/过载来规避,但可以通过 poedCrackMod 进行破解。 但是 poedCrackMod 无法规避应用程序内的盗版检查。 很难手动修补应用程序可执行文件中的完整性检查。 所以你的应用程序很难破解。

Check iTunesMetadata.plist for the date of Purchace as sometimes, when an app is cracked, that date is changed to something outrageous.

Also check to see if the purchacer name field exists. In my experience with cracking apps for personal use, that is usually removed. If anyone knows how the anti dump protection of Temple Run works, you could use that in conjunction with some protection that poedCrackMod can't get (google poedCrackMod create hackulo.us account, go to dev center look for poedCrackMod, install it on iDevice).

Clutch which will not crack things with Temple Run like protection, has a feature called OverDrive intended to silence an app's crack detection. poedCrackMod has LamestPatch, which isn't as good. Also poedCrackMod is an open source bash script that can be reverse engineered. To recap, you have an app that has copy protection that can't be circumvented with clutch / overdrive but can be cracked with poedCrackMod. However poedCrackMod can't circumvent the app's in app piracy checks. It is hard to manually patch integrety checks in the app's executable. So your app is hard to crack.

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文