Objective-c 方法混淆在 DEBUG 中有效,但在 RELEASE 中崩溃
我创建了一个 xcode 项目,在其中做了一些安全工作,他们要求我混淆方法名称
,这样
#define specialMethod a9328238
+(void) specialMethod
{
// do security stuff
}
我就从项目(项目 A )创建了一个 .framework 库并将其包含到另一个项目(项目 B )中。
但是当我使用发布构建配置运行(项目 B)时,它总是像这样崩溃。
*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '+[SecurityClass a9328238]: unrecognized selector sent to class 0x337cc4'
因此当它尝试访问该方法时会崩溃。
但是当我使用调试构建配置运行(项目 B)它时,它运行顺利
(我将所有构建配置设置保留为默认值)
I made a xcode project where i did some security stuff and they asked me to obfuscate the method names
like so
#define specialMethod a9328238
+(void) specialMethod
{
// do security stuff
}
i made a .framework library from the project ( project A ) and included it into another project ( project B ).
but when i run (project B) with a Release build configuration it always crashes like so.
*** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '+[SecurityClass a9328238]: unrecognized selector sent to class 0x337cc4'
so it crashes when it tries to acces the method.
But when i run (project B) it with a Debug build configuration it runs smooth
(i have kept all my build configuration settings as default)
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(4)
您将用于混淆的
#define放在哪里?是在框架的头文件(.h)中还是在框架的实现文件(.m)中?为了使混淆有效,必须将其放置在实现和调用者都包含的文件中。
您还可以通过检查预处理文件来检查预处理是否正常。选择实施文件并进入菜单
Product >生成输出>生成预处理文件(您可以选择屏幕底部的配置)。Where have you placed the
#definefor obfuscation ? Is it in the header file (.h) or in the implementation file (.m) of the framework ?For the obfuscation to be effective, it must be placed in a file that is both included by the implementation and the caller.
You can also check that the pre-processing is ok by inspecting the pre-processed file. Select the implementation file and go to the menu
Product > Generate Output > Generate Preprocessed File(you can select the configuration at the bottom of the screen).我的预感也是
#define位置/可见性。但你可能想从另一个角度考虑这个问题。您可以将:更改
为:
完全删除
#define。使用中:
由于这是一个类方法,因此您可以编写一个封装在人类可读内联中的混淆函数。精心设计的 C 实现将比 objc 更难区分。
一个更完整的例子将帮助我们缩小可能性。
还要验证没有警告 - 如果您调用了未声明的选择器,编译器可能会警告您。在其他情况下
#define不可见的情况下可能会调用该方法。My hunch is the
#definelocation/visibility as well.But you may want to consider this from another angle. You could change:
to:
dropping
#definealtogether.In use:
Since this is a class method, you could write an obfuscated function wrapped in a human readable inline instead. A well crafted C implementation will be much more difficult to pick apart than objc.
A more complete example would help us narrow down the possibilities.
Also verify there are no warnings -- the compiler may warn you if you have called an undeclared selector. It's possible that the method is called where the
#defineis not visible in other cases.似乎导入混淆框架的可执行文件试图访问非混淆方法。
您应该检查框架中的符号。在框架中的静态库上使用 nm 来查看导出的符号(用“t”标记)。确保符号被混淆。
It seems that the executable which imports the obfuscated framework tries to access the non-obfuscated methods.
You should check the symbols in the framework. Use
nmon the static library in the framework to see the exported symbols (marked with a 't'). Make sure the symbols are obfuscated.如果您已将所有内容包装到框架中,您是否确保适当的标头暴露在框架之外?框架内的标头的公开方式与普通文件不同。转到您的项目->构建阶段,在右下角您应该看到“添加复制标题”。这将在您的构建阶段添加一个新部分。在此部分中,单击“+”和定义方法名称的标题。
If you've wrapped everything into a framework, have you made sure that the appropriate headers are exposed outside of the framework? Headers inside a framework aren't exposed the same way as normal files are. Go to your Project->Build Phases, in the bottom right you should see "Add Copy Headers". This will add a new section in your build phases. Inside this section, click the "+" and the headers that define your method names.