SlideShare ist ein Scribd-Unternehmen logo

Resisting App Pirates

R
ripeapps

"Resisting App Pirates" - by Peter D. Gray, co-founder of Ripe Apps Inc. Presented at iOSTO #3 in Toronto, at the Pilot on Jan. 11. www.iosto.ca www.ripeapps.com

Technologie
1 von 10
Downloaden Sie, um offline zu lesen
Resisting App Pirates
Resisting App Piracy Background Your apps may be pirated! • Google "appname.ipa", but also search Cydia and other darker areas • Flurry and Game Center still work on pirated apps. • Many bloggers have reported analytics pointing to high piracy rates; especially games. This talk is about what to do about it...
Resisting App Piracy Philosophy My Attitude • It's an arms race which ultimately can't be won. • I have better and more interesting things to do... But we can make it harder. • Fully automated "crackers" must be stopped, as a duty to society. • Jailbroken phones are okay, as long as they pay for my app. Concerns • No help from Apple; prohibited in Mac AppStore, but open issue on iOS. • False positives are huge PR disaster (paying customers affected). • Detection is focus, then behave differently: - do not: rm -rf / - keep plausible deniability (oops, silly bug) - be cute, it helps if you get it wrong
Resisting App Piracy Methods Weak Methods • check running as root: ASSERT(getuid() != 0); - false positive on jailbroken devices - already worked-around, may be obsolete technique • looking at the bundle contents: - bundle is modified by apple after review, can't checksum before we submit - simple presence checks easily worked-around My Approach • all crack methods involve decrypting the binary • GDB is used in the 'cracking' process, deny them that tool. • I like checksums on binary code. It’s old-school but it works.
Resisting App Piracy isPirate() Steps 1) Deny them use of GDB. 2) Verify checksum of binary running in memory. 3) Verify binary running was encrypted when loaded. But... • repeat above at random times • make "isPirated" global flag non-trivial to force (ie. not just a flag) • check flag very often, but do checksum less often
Resisting App Piracy Deny GDB • call: ptrace(PT_DENY_ATTACH... • but hide ptrace() call, since its purpose is obvious • does not stop them from decrypting binary because they will put a breakpoint on the first instruction of your program; text has been decrypted into RAM already at that point. • point at which GDB is disabled very clear, not hard to find and patch Checksum • find the location and length of text segment at run time • important gotcha: - load address is random in signed app, but fixed for development builds - extern byte_t start __asm__("start"); • length easy to fetch from getsectbyname(), could also be approximated • MD5, CRC32, SHA256, whatever
Resisting App Piracy Checksum Pre-Knowledge • We need to know what the checksum should be. • Python script in XCode "Build Phase script" to calculate it - dump the binary's text segment using: otool -tX - write out a plist or other file which can be read at runtime • Don't just write the correct value to a file! - should be function of a shared secret between binary and build script • Consider hiding checksum value in a resource like image file. Check Encryption • Read mach-O headers, looking for structure that says file's text segment is encrypted. • Difficult to test, since only the appstore seems to encrypt the file - perhaps uniquely for each buyer? • Published code keyword: LC_ENCRYPTION_INFO
Resisting App Piracy More Specifics • All code must be inlined: __attribute__((always_inline)) • Sprinkle checks into lots of different spots, not just startup • Carefully choose when to re-verify checksum - it is relatively slow - harder to find a check if on code path that only runs once/rarely Expected Results • Automated piracy tools will still work, but the binary they make should fail: - code checksum is right, but - we'll see that we're not running from an encrypted file. (realistically, they will stop here for my apps, but if you're selling something they really want...) • They need to use GDB to find each spot where we disable GDB; NOP that out. • The checksum will fail at that point, because binary has changed. • Disable the checksum code and/or the piracy flag check. • ... but they will have to find each instance of that code.
Resisting App Piracy Other thoughts • When handling support issues, it often helps to ask a user to send a screen shot of the problem. If we see anything non-standard in the status bar, we say "we don't support jailbroken devices–end of discussion". It's very hard for jailbreakers to resist personaliza- tion. • One problem: need two checksums if your apps support 3G and earlier devices. Your binary will be "fat", both armv6 and armv7. • Next level would be 'modulate' the checking code so that it's instruction sequence is different each time it is included in the binary.
Resisting App Piracy Thank you! http://www.ripeapps.com

Empfohlen

Make Happiness a Habit: Refactoring Web Applications
Make Happiness a Habit: Refactoring Web ApplicationsMake Happiness a Habit: Refactoring Web Applications
Make Happiness a Habit: Refactoring Web Applications
Ann Robson
 
Advanced Arm Exploitation
Advanced Arm ExploitationAdvanced Arm Exploitation
Advanced Arm Exploitation
Himanshu Khokhar Jaat
 
Static code analysis
Static code analysisStatic code analysis
Static code analysis
Rune Sundling
 
PHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in phpPHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in php
Ahmed Abdou
 
2019 PHP Serbia - Boosting your performance with Blackfire
2019 PHP Serbia - Boosting your performance with Blackfire2019 PHP Serbia - Boosting your performance with Blackfire
2019 PHP Serbia - Boosting your performance with Blackfire
Marko Mitranić
 
Groovy - Why and Where?
Groovy - Why and Where?Groovy - Why and Where?
Groovy - Why and Where?
Naresha K
 
урок 16 оптические явления в природе и источники света
урок 16 оптические явления в природе и источники светаурок 16 оптические явления в природе и источники света
урок 16 оптические явления в природе и источники света
skacka1
 
6bereiterrobertexamreview
6bereiterrobertexamreview6bereiterrobertexamreview
6bereiterrobertexamreview
14bereiterrobert
 

Empfohlen

Make Happiness a Habit: Refactoring Web Applications
Make Happiness a Habit: Refactoring Web ApplicationsMake Happiness a Habit: Refactoring Web Applications
Make Happiness a Habit: Refactoring Web Applications
Ann Robson
 
Advanced Arm Exploitation
Advanced Arm ExploitationAdvanced Arm Exploitation
Advanced Arm Exploitation
Himanshu Khokhar Jaat
 
Static code analysis
Static code analysisStatic code analysis
Static code analysis
Rune Sundling
 
PHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in phpPHP Mega Meetup, Sep, 2020, Anti patterns in php
PHP Mega Meetup, Sep, 2020, Anti patterns in php
Ahmed Abdou
 
2019 PHP Serbia - Boosting your performance with Blackfire
2019 PHP Serbia - Boosting your performance with Blackfire2019 PHP Serbia - Boosting your performance with Blackfire
2019 PHP Serbia - Boosting your performance with Blackfire
Marko Mitranić
 
Groovy - Why and Where?
Groovy - Why and Where?Groovy - Why and Where?
Groovy - Why and Where?
Naresha K
 
урок 16 оптические явления в природе и источники света
урок 16 оптические явления в природе и источники светаурок 16 оптические явления в природе и источники света
урок 16 оптические явления в природе и источники света
skacka1
 
6bereiterrobertexamreview
6bereiterrobertexamreview6bereiterrobertexamreview
6bereiterrobertexamreview
14bereiterrobert
 
Per aspera ad astra
Per aspera ad astraPer aspera ad astra
Per aspera ad astra
skacka1
 
Thematic presentation
Thematic presentationThematic presentation
Thematic presentation
ericriedesel
 
AVALIAÇÃO DA CONFORMIDADE DE PRODUTOS (ACP)
AVALIAÇÃO DA CONFORMIDADE DE PRODUTOS (ACP)AVALIAÇÃO DA CONFORMIDADE DE PRODUTOS (ACP)
AVALIAÇÃO DA CONFORMIDADE DE PRODUTOS (ACP)
Fabiana Jambo do Nascimento
 
3. mo sun ha
3. mo sun ha3. mo sun ha
3. mo sun ha
Nguyen Thanh Minh
 
Introduction
IntroductionIntroduction
Introduction
Metatagg Solutions
 
використання ікт на
використання ікт навикористання ікт на
використання ікт на
skacka1
 
Static-Analysis-in-Industry.pptx
Static-Analysis-in-Industry.pptxStatic-Analysis-in-Industry.pptx
Static-Analysis-in-Industry.pptx
ShivashankarHR1
 
Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
Daniel Garcia (a.k.a cr0hn)
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
Priyanka Aash
 
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
hackersuli
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfest
Csaba Fitzl
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10
Pawel Rzepa
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
Mohammed Adam
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
Tiago Henriques
 
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Dakiry
 
iOS Application Security.pdf
iOS Application Security.pdfiOS Application Security.pdf
iOS Application Security.pdf
Ravi Aggarwal
 
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at Scale
John Bambenek
 
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD
Daniel Garcia (a.k.a cr0hn)
 
Pitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisPitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysis
Tamas K Lengyel
 
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
Area41
 
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
Hafez Kamal
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
mgianarakis
 

Weitere ähnliche Inhalte

Andere mochten auch

Per aspera ad astra
Per aspera ad astraPer aspera ad astra
Per aspera ad astra
skacka1
 
AVALIAÇÃO DA CONFORMIDADE DE PRODUTOS (ACP)
AVALIAÇÃO DA CONFORMIDADE DE PRODUTOS (ACP)AVALIAÇÃO DA CONFORMIDADE DE PRODUTOS (ACP)
AVALIAÇÃO DA CONFORMIDADE DE PRODUTOS (ACP)
Fabiana Jambo do Nascimento
 
використання ікт на
використання ікт навикористання ікт на
використання ікт на
skacka1
 

Andere mochten auch (6)

Per aspera ad astra
Per aspera ad astraPer aspera ad astra
Per aspera ad astra
 
Thematic presentation
Thematic presentationThematic presentation
Thematic presentation
 
AVALIAÇÃO DA CONFORMIDADE DE PRODUTOS (ACP)
AVALIAÇÃO DA CONFORMIDADE DE PRODUTOS (ACP)AVALIAÇÃO DA CONFORMIDADE DE PRODUTOS (ACP)
AVALIAÇÃO DA CONFORMIDADE DE PRODUTOS (ACP)
 
3. mo sun ha
3. mo sun ha3. mo sun ha
3. mo sun ha
 
Introduction
IntroductionIntroduction
Introduction
 
використання ікт на
використання ікт навикористання ікт на
використання ікт на
 

Ähnlich wie Resisting App Pirates

Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
Priyanka Aash
 
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
Area41
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
Saswat Padhi
 

Ähnlich wie Resisting App Pirates (20)

Static-Analysis-in-Industry.pptx
Static-Analysis-in-Industry.pptxStatic-Analysis-in-Industry.pptx
Static-Analysis-in-Industry.pptx
 
Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020Sonatype DevSecOps Leadership forum 2020
Sonatype DevSecOps Leadership forum 2020
 
Abusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec gloryAbusing bleeding edge web standards for appsec glory
Abusing bleeding edge web standards for appsec glory
 
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
[Hackersuli][HUN]MacOS - Going Down the Rabbit Hole
 
Getting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfestGetting root with benign app store apps vsecurityfest
Getting root with benign app store apps vsecurityfest
 
Owasp mobile top 10
Owasp mobile top 10Owasp mobile top 10
Owasp mobile top 10
 
BugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed AdamBugBounty Roadmap with Mohammed Adam
BugBounty Roadmap with Mohammed Adam
 
Vulnerability, exploit to metasploit
Vulnerability, exploit to metasploitVulnerability, exploit to metasploit
Vulnerability, exploit to metasploit
 
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
Єгор Попович, CTO @Tesseract, (Lviv, Ukraine) "Blockchain user: myth or reali...
 
iOS Application Security.pdf
iOS Application Security.pdfiOS Application Security.pdf
iOS Application Security.pdf
 
ANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at ScaleANALYZE'15 - Bulk Malware Analysis at Scale
ANALYZE'15 - Bulk Malware Analysis at Scale
 
12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD12 tricks to avoid hackers breaks your CI / CD
12 tricks to avoid hackers breaks your CI / CD
 
Pitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysisPitfalls and limits of dynamic malware analysis
Pitfalls and limits of dynamic malware analysis
 
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
hashdays 2011: Tobias Ospelt - Reversing Android Apps - Hacking and cracking ...
 
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
NanoSec Conference 2019: Code Execution Analysis in Mobile Apps - Abdullah Jo...
 
Yow connected developing secure i os applications
Yow connected developing secure i os applicationsYow connected developing secure i os applications
Yow connected developing secure i os applications
 
YOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS ApplicationsYOW! Connected 2014 - Developing Secure iOS Applications
YOW! Connected 2014 - Developing Secure iOS Applications
 
Reverse engineering
Reverse engineeringReverse engineering
Reverse engineering
 
Introduction to the intermediate Python - v1.1
Introduction to the intermediate Python - v1.1Introduction to the intermediate Python - v1.1
Introduction to the intermediate Python - v1.1
 
Rooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CDRooted con 2020 - from the heaven to hell in the CI - CD
Rooted con 2020 - from the heaven to hell in the CI - CD
 

Kürzlich hochgeladen

Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
sammart93
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Victor Rentea
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
 

Kürzlich hochgeladen (20)

Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
Navigating the Deluge_ Dubai Floods and the Resilience of Dubai International...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
Modular Monolith - a Practical Alternative to Microservices @ Devoxx UK 2024
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
 

Resisting App Pirates

  • 2. Resisting App Piracy Background Your apps may be pirated! • Google "appname.ipa", but also search Cydia and other darker areas • Flurry and Game Center still work on pirated apps. • Many bloggers have reported analytics pointing to high piracy rates; especially games. This talk is about what to do about it...
  • 3. Resisting App Piracy Philosophy My Attitude • It's an arms race which ultimately can't be won. • I have better and more interesting things to do... But we can make it harder. • Fully automated "crackers" must be stopped, as a duty to society. • Jailbroken phones are okay, as long as they pay for my app. Concerns • No help from Apple; prohibited in Mac AppStore, but open issue on iOS. • False positives are huge PR disaster (paying customers affected). • Detection is focus, then behave differently: - do not: rm -rf / - keep plausible deniability (oops, silly bug) - be cute, it helps if you get it wrong
  • 4. Resisting App Piracy Methods Weak Methods • check running as root: ASSERT(getuid() != 0); - false positive on jailbroken devices - already worked-around, may be obsolete technique • looking at the bundle contents: - bundle is modified by apple after review, can't checksum before we submit - simple presence checks easily worked-around My Approach • all crack methods involve decrypting the binary • GDB is used in the 'cracking' process, deny them that tool. • I like checksums on binary code. It’s old-school but it works.
  • 5. Resisting App Piracy isPirate() Steps 1) Deny them use of GDB. 2) Verify checksum of binary running in memory. 3) Verify binary running was encrypted when loaded. But... • repeat above at random times • make "isPirated" global flag non-trivial to force (ie. not just a flag) • check flag very often, but do checksum less often
  • 6. Resisting App Piracy Deny GDB • call: ptrace(PT_DENY_ATTACH... • but hide ptrace() call, since its purpose is obvious • does not stop them from decrypting binary because they will put a breakpoint on the first instruction of your program; text has been decrypted into RAM already at that point. • point at which GDB is disabled very clear, not hard to find and patch Checksum • find the location and length of text segment at run time • important gotcha: - load address is random in signed app, but fixed for development builds - extern byte_t start __asm__("start"); • length easy to fetch from getsectbyname(), could also be approximated • MD5, CRC32, SHA256, whatever
  • 7. Resisting App Piracy Checksum Pre-Knowledge • We need to know what the checksum should be. • Python script in XCode "Build Phase script" to calculate it - dump the binary's text segment using: otool -tX - write out a plist or other file which can be read at runtime • Don't just write the correct value to a file! - should be function of a shared secret between binary and build script • Consider hiding checksum value in a resource like image file. Check Encryption • Read mach-O headers, looking for structure that says file's text segment is encrypted. • Difficult to test, since only the appstore seems to encrypt the file - perhaps uniquely for each buyer? • Published code keyword: LC_ENCRYPTION_INFO
  • 8. Resisting App Piracy More Specifics • All code must be inlined: __attribute__((always_inline)) • Sprinkle checks into lots of different spots, not just startup • Carefully choose when to re-verify checksum - it is relatively slow - harder to find a check if on code path that only runs once/rarely Expected Results • Automated piracy tools will still work, but the binary they make should fail: - code checksum is right, but - we'll see that we're not running from an encrypted file. (realistically, they will stop here for my apps, but if you're selling something they really want...) • They need to use GDB to find each spot where we disable GDB; NOP that out. • The checksum will fail at that point, because binary has changed. • Disable the checksum code and/or the piracy flag check. • ... but they will have to find each instance of that code.
  • 9. Resisting App Piracy Other thoughts • When handling support issues, it often helps to ask a user to send a screen shot of the problem. If we see anything non-standard in the status bar, we say "we don't support jailbroken devices–end of discussion". It's very hard for jailbreakers to resist personaliza- tion. • One problem: need two checksums if your apps support 3G and earlier devices. Your binary will be "fat", both armv6 and armv7. • Next level would be 'modulate' the checking code so that it's instruction sequence is different each time it is included in the binary.
  • 10. Resisting App Piracy Thank you! http://www.ripeapps.com