IOS code obfuscation, waistcoat obfuscation on the shelf (Python script obfuscation iOS project)

Preface

I've been looking at Python lately, and I also like the flexibility of Python. Today I want to talk about code obfuscation in iOS. Why do I want to do code obfuscation? For the sake of the security of APP, in order to prevent others from cracking our code easily; and to make vest bags, we know that the market demand for vest bags is very large, but we can not spend too much energy on development, after all, it is only a vest, there is no need to spend too much cost!

Confusing Tools

After searching on the internet, the confusion of open source and free of charge is all about the confusion method of reproducing the sh script of Nian Qian's elder sister, or developing it on the basis of Nian Qian's script. You can see that Nian Qian's blog was written in 14 years. At that time, I just did iOS for a short time, and at that time, the audit in China was not so strict. If you still use that method for confusion now, you will definitely receive Apple's 2.3.1 gift package, so let's explore other confusion methods instead of digging graves.

Here I mainly write obfuscation tools through Python. Specific functions include method obfuscation, attribute obfuscation, class name obfuscation, adding spam code, deleting annotations, modifying Hash value of resource file, encrypted string, renovating resource name, simulating artificial obfuscation, obfuscating file name, obfuscating file directory, obfuscating word library, obfuscating log. Mapping list, image compression, crawler service, modification of project name, as follows:

software interface

Download address:

Git address: https://gitee.com/zfj1128/ZFJ...

Use teaching videos:

Links: https://pan.baidu.com/s/1pqUk... Password: 9sll

Begin to confuse

import addRubbishCode    as addCode
import cunfusionObjName  as conObjN
import confusionFun      as conFunc
import cunfusionProperty as conPro
import confusionLog      as conLog
import deleteNotes       as delNot
import updateSourceHash  as updHash
import encryptString     as encStr
import sourceName        as soName
import modifyProjectName as modProName
import missFolder
from singletonModel import ZFJPersoninfo

def start_fun(file_dir, funMap = {}):
    personinfo = ZFJPersoninfo()
    personinfo.isMissing = True
    if len(file_dir) == 0:
        return

    if int(funMap['property']) > 0:
        # Confusing attributes
        conLog.tips('*' * 30 + 'Fun:Begin to confuse attributes' + '*' * 30)
        conPro.startConfusionPro(file_dir, personinfo.prefixMap['proPreFix'])

    if int(funMap['funName']) > 0:
        # Confusion method
        conLog.tips('*' * 30 + 'Fun:Beginning confusion method' + '*' * 30)
        conFunc.startConfusionFun(file_dir, personinfo.prefixMap['funPreFix'])

    if int(funMap['objName']) > 0:
        # Confused class names
        conLog.tips('*' * 30 + 'Fun:Begin to confuse class names' + '*' * 30)
        conObjN.startObfuscatedObjName(file_dir, personinfo.prefixMap['objPreFix'])

    if int(funMap['souHashKey']) > 0:
        # Modify the hash value of the resource file 
        conLog.tips('*' * 30 + 'Fun:Modifying resources HASH value' + '*' * 30)
        updHash.startUpdateSourceHash(file_dir)

    if int(funMap['upSouName']) > 0:
        # Renovation of resource file name
        conLog.tips('*' * 30 + 'Fun:Renovation of resource file name' + '*' * 30)
        soName.startSourceName(file_dir, personinfo.prefixMap['imgPreFix'])

    if int(funMap['encryStr']) > 0:
        # Encrypted plaintext string
        conLog.tips('*' * 30 + 'Fun:Encrypted plaintext string' + '*' * 30)
        encStr.startEncryptStr(file_dir)

    if int(funMap['rubbishCode']) > 0:
        # Spam code
        conLog.tips('*' * 30 + 'Fun:Add spam code' + '*' * 30)
        amount = int(funMap['rubbishLine']) # - Adding rows
        amount = 5 if amount <= 0 else amount
        addCode.startAddRubbishCode(file_dir, amount, personinfo.prefixMap['rubPreFix'])

    if int(funMap['deleteNotes']) > 0:
        # Confusing or deleting comments
        conLog.tips('*' * 30 + 'Fun:Start deleting comments' + '*' * 30)
        delNot.startDeleteNotes(file_dir)

    if int(funMap['missFolder']) > 0:
        # Confusing Folder Names
        conLog.tips('*' * 30 + 'Fun:Begin to confuse folder names' + '*' * 30)
        missFolder.startMissFolder(file_dir, personinfo.prefixMap['folderPreFix'])

    if int(funMap['misProjectName']) > 0:
        # Modify project name
        conLog.tips('*' * 30 + 'Fun:Start modifying the project name' + '*' * 30)
        modProName.startModifyProjectName(file_dir)

    conLog.tips('*' * 30 + 'End:End of confusion' + '*' * 30)
    personinfo.isMissing = False

Confused Log

Confused partial logs are automatically generated by import logging when confusion occurs. ZFJ Confused Log. log is convenient for developers to modify some of the errors:

Ignore Path

When we confuse, there is no need to confuse all of them, especially third-party libraries, or third-party libraries managed by Pods. After all, the more confusing the problem is, the more confusing the problem is, so I added confusion ignore file (iv), as follows:

import confusionLog as conLog

ignore_Files = ['/Pods/', '/Vendor/', '/LIB/', '/Util/']
conLog.tips('Neglected Path === ' + str(ignore_Files))

# Determine whether it is an overlooked folder
def isIgnoreFiles(tmp_path):
    # if '+' in tmp_path:
    #     return True
    for item in ignore_Files:
        if item in tmp_path:
            return True
    return False

Special note

There will be more or less errors after confusion, so users must be able to develop iOS skills. Generally, errors are due to the following two points:

1. The method name is the same and is covered by many confusions.

2. Ignored folders contain confused classes or methods;

3. If the picture is not displayed, the possible reason is that the image name in the code is mosaic, and it can be replaced manually.

4. If you use the obfuscation project directory because of PCH and Infor.plist errors, you need to modify the path manually to project.pbxproj (see the path obfuscation section for details).

5. If the project path is changed, but the local entity path is not changed, modify the local path manually.

6. The UTF-8 encoding error and [Errno 13] Permission denied permission error should be ignored.

The above errors can be found in the log file corresponding to the obfuscation field, and then manually replace it on the line!

What's more, this obfuscation tool is only applicable to OC project at present, and does not support swift project, but I intend to add swift obfuscation after all OK of OC obfuscation tool (including graphical interface)!

Confusing results

1. Method confusion

2. Attribute confusion

3. Class name confusion

4. Adding Spam Code

Exposing spam code in. h file

Calling and Implementing Spam Code

5. Remove annotations

6. Modify Hash Value

For resource files in a project, we can confuse them by modifying Hash, which runs as follows:

🔆Tips:Neglected Path === ['/Pods/', '/Vendor/', '/LIB/', '/Util/']
🎉Infor:[UPdHash OK] /Users/zhangfujie/Desktop/Obfuscated/GUEG_MJ/GUEG/GUEG/Assets.xcassets/MainWeb_Back_Icon.imageset/fanhui-4.png
🎉Infor:[UPdHash Meg] Old:dd03889c2e8647b9377d08775333557ff11425dd<->New:4a72c7b640882ae436b18868aa021331169db3fa
🎉Infor:[UPdHash OK] /Users/zhangfujie/Desktop/Obfuscated/GUEG_MJ/GUEG/GUEG/Assets.xcassets/AppIcon.appiconset/60.png
🎉Infor:[UPdHash Meg] Old:2d73347848d7168c09c48efe28a7ac5a9ec7411b<->New:551483123b5cc2c4c5ff2f5bf876db0d075261a1
🎉Infor:[UPdHash OK] /Users/zhangfujie/Desktop/Obfuscated/GUEG_MJ/GUEG/GUEG/Assets.xcassets/AppIcon.appiconset/58.png
🎉Infor:[UPdHash Meg] Old:c0c671fe3707bca8c5accdcadd8aa9f4f1f2726c<->New:d022db1c1f99c263b69bc09c09bc52dd1fa97fb5
🎉Infor:[UPdHash OK] /Users/zhangfujie/Desktop/Obfuscated/GUEG_MJ/GUEG/GUEG/Assets.xcassets/AppIcon.appiconset/120-1.png
🎉Infor:[UPdHash Meg] Old:5a6a7ec42d7489be18888828c1a9caba0da688ca<->New:8bbddfbbbed9023e4537e9e6caeed79c88ef8955
🎉Infor:[UPdHash OK] /Users/zhangfujie/Desktop/Obfuscated/GUEG_MJ/GUEG/GUEG/Assets.xcassets/AppIcon.appiconset/120.png
🎉Infor:[UPdHash Meg] Old:5a6a7ec42d7489be18888828c1a9caba0da688ca<->New:dcc4b47092bca1d6a6bb6d7bd671a0ef7ce2f4da
🎉Infor:[UPdHash OK] /Users/zhangfujie/Desktop/Obfuscated/GUEG_MJ/GUEG/GUEG/Assets.xcassets/AppIcon.appiconset/180.png
🎉Infor:[UPdHash Meg] Old:fee9220dbba52040517a0f77ffe8335e9300a64b<->New:d28a9118e1cf4a2ce9fc2805184ad42e20500c95
🎉Infor:[UPdHash OK] /Users/zhangfujie/Desktop/Obfuscated/GUEG_MJ/GUEG/GUEG/Assets.xcassets/AppIcon.appiconset/GUEG_ICON.png
🎉Infor:[UPdHash Meg] Old:07ed6c66ec7d5550bfa1e32b4848687417027c90<->New:fb780d87591cc86dd0fd24cdfa41e76a091ad657
🎉Infor:[UPdHash OK] /Users/zhangfujie/Desktop/Obfuscated/GUEG_MJ/GUEG/GUEG/Assets.xcassets/AppIcon.appiconset/80.png
🎉Infor:[UPdHash Meg] Old:ca3b3f61fc4c391515fe895d81360d15ec598049<->New:769ebf182fbb3a3fd69c46c3a595c1669c505f63
🎉Infor:[UPdHash OK] /Users/zhangfujie/Desktop/Obfuscated/GUEG_MJ/GUEG/GUEG/Assets.xcassets/AppIcon.appiconset/40.png
🎉Infor:[UPdHash Meg] Old:1bb7908a2ba1295fa69ad476a81003f2f413a3a8<->New:10793e67b27cdf5ad1ee4b9d37aecc62074b8ffc
🎉Infor:[UPdHash OK] /Users/zhangfujie/Desktop/Obfuscated/GUEG_MJ/GUEG/GUEG/Assets.xcassets/AppIcon.appiconset/87.png

......Wait......

7. Encrypted String

The code before compilation is as follows:

- (void)uiConfig{
    ZFJView *zfjView = [[ZFJView alloc] initWithZFJ:@"ZFJ1128"];
    zfjView.backgroundColor = [UIColor yellowColor];
    zfjView.frame = CGRectMake(100, 100, 150, 150);
    [zfjView setZFJViewTitleLab];
    [zfjView setZFJViewTitleLab:@"aaaaaa"];
    [zfjView setZFJViewTitleLab:@"aaa" efg:@"dscvdscsd"];
    [zfjView setZFJViewTitleLab:@"ddscvsdv" efg:@"cdsvdfbdf" hijk:@"cdvsvbdsbdfgnfdhnhdg"];
    [self.view addSubview:zfjView];
    
    [ZFJView svdsvfdsvfdvbzdfb];
}

The compiled code is as follows:

- (void)uiConfig{
    ZFJView *zfjView = [[ZFJView alloc] initWithZFJ:ZFJ_NSSTRING(((char []) {240, 236, 224, 155, 155, 152, 146, 0}))];
    zfjView.backgroundColor = [UIColor yellowColor];
    zfjView.frame = CGRectMake(100, 100, 150, 150);
    [zfjView setZFJViewTitleLab];
    [zfjView setZFJViewTitleLab:ZFJ_NSSTRING(((char []) {203, 203, 203, 203, 203, 203, 0}))];
    [zfjView setZFJViewTitleLab:ZFJ_NSSTRING(((char []) {203, 203, 203, 0})) efg:ZFJ_NSSTRING(((char []) {206, 217, 201, 220, 206, 217, 201, 217, 206, 0}))];
    [zfjView setZFJViewTitleLab:ZFJ_NSSTRING(((char []) {206, 206, 217, 201, 220, 217, 206, 220, 0})) efg:ZFJ_NSSTRING(((char []) {201, 206, 217, 220, 206, 204, 200, 206, 204, 0})) hijk:ZFJ_NSSTRING(((char []) {201, 206, 220, 217, 220, 200, 206, 217, 200, 206, 204, 205, 196, 204, 206, 194, 196, 194, 206, 205, 0}))];
    [self.view addSubview:zfjView];
    
    [ZFJView svdsvfdsvfdvbzdfb];
}

The Hopper comparison before and after decompilation of encryption obfuscation is as follows:

We can see that hard coding can't be seen again through Hopper! (vii) VII (vii) VII

8. Renovation of resource names

Find the image resources in the project and refurbish them, then automatically replace the references in the code.

9. Confused Engineering Catalogue

Note: If your project contains PCH and your own Info.plist, you need to modify the path manually to project.pbxproj.

10. Image Compression Tool

ZFJObsLib integrated image compression tool, supports one-click generation of iOS development of three sets of icons, also supports custom compression size, can also remove Alpha channel, into RGB image mode; the implementation logic can be referred to: https://zfj1128.blog.csdn.net...

Specifically as follows:

11. Reptilian Tools

Teaching Video

Resource Crawling: Links: https://pan.baidu.com/s/1xa9r... Password: 1zpg

Node crawling: links: https://pan.baidu.com/s/1ebWW... Password: cosa

Use screenshots

12. Setting confusing prefixes

Posted by skorp on Fri, 09 Aug 2019 01:02:57 -0700

Programmer Group