Light

housenkui / hskconfuse Goto Github PK

View Code? Open in Web Editor NEW

436.0 13.0 111.0 19 KB

iOS代码混淆

Objective-C 65.90% C 3.61% Shell 30.49%

hskconfuse's Introduction

HSKConfuse

阅读本篇文章，需要先会class-dump. O(∩_∩)O谢谢。

iOS代码混淆
最近三年一直待在银行做App,由于银行对安全要求较高，所以iOS的代码必须要有混淆的措施，初期实施了念茜姐的混淆方案，但是领导说，我们要自动混淆，方法名字不能一个一个的添加到func.list中，所以方法名只能从.m和.h文件中抽取了，但是如何屏蔽系统的方法名，暂行的策略是:将自己定义的方法名全部添加一个前缀。

例如 “hsk_funtion1”； “hsk_funtion2”；“hsk_funtion3”；

通过class-dump 反编译之后：Appdelegate 效果

通过class-dump 反编译之后：ViewController 效果

简书地址：http://www.jianshu.com/p/0d42e5c6361c

  如果在使用过程中遇到BUG，希望你能Issues我，谢谢

另送一份ios自动打包脚本，放在项目根目录下，傻瓜版 https://github.com/housenkui/autoComplie

hskconfuse's People

Contributors

Stargazers

Watchers

Forkers

jianghongyu00 obaby qimuya3 sunlight2728 gj641102478 yzycodehard h0medev gin-melodic zhangkn dogsled xinggg coderyuri bitmess 382517366 hwreal liric28 isoundy000 baihaotian yzhouhome shawnnian nameisyong goodcyg lqwang521 levi87 goodleon wu736139669 vitanie simon247 liuteng000 fengyun123456 gank0326 babywolf1992 pp1pp1pp2 ghostclock yangka zhang9003 iosobfuscation fuchengking qingni mrdangerous sabersensen sghick longgeshashen llfkhl yu123cheng456 tonyhe666 zengxianshu mail2chensh huzhenchao urmyfaith gl-wen ffmpegd dev4shane acosin shenhzou654321 avadasma evilino boljonggo yk81708090 tianguanghui wyt666 kensla vcan luotongyi dengyingtuo hurdery 274814111 chenxun123 daibou007 frankchung1121 zhubihua kuustudio wuyang1314 sunystop lx1992916 timatym unclejoke jayzhang123 priorder yangshiliang 431910864 ammmi1973 arryboom no-karma 709530753 bulice ajiu033 fpjack venkefan yongtaovip ylgf action121 rmkitty lgq2015 mrcaohh liuxingyx nadeal jacksonon happy486 brokentooth1989

hskconfuse's Issues

Run Script位置问题

建议把Run Script位置放在compile之前。放在compile后面的话，要等一下次编译才会用到上一次的随机字符串替换。

不知道Swfit有没有类似的方法？

最近在研究Swift的混淆，但是发现还是OC的方案比较多，Swift只找到一个混淆字符串的，不知道对于Swift实例方法楼主有没有什么方法？

吐槽！

老哥不是我说你自作聪明啊，人家念茜是把文件放到项目根目录，你偏要创建个Resource文件夹放在里面，然而你编译app的时候殊不知这个文件也跟着一起打包到app里面了。人家直接解压你打包好的ipa文件，在app文件夹里面直接就看到你要混淆的类名！

虽然看不到混淆后的类名，但是已经知道你那些类名要做混淆了，别人可以慢慢猜

在confuse.sh中添加grep -h -r -I "^[-+]" $CONFUSE_FILE --include '/.[mh]' |sed "s/[+-]//g"|sed "s/[();,: ^/{]/ /g"|sed "s/[ ]</</"| sed "/^[ ]*IBAction/d"|awk '{split($0,b," "); print b[2]; }'| sort|uniq |sed "/^$/d"|sed -n "/^hsk_/p" >$STRING_SYMBOL_FILE 这行代码,可以对更深的文件进行混淆

Recommend Projects

React

A declarative, efficient, and flexible JavaScript library for building user interfaces.
Vue.js

🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
Typescript

TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
TensorFlow

An Open Source Machine Learning Framework for Everyone
Django

The Web framework for perfectionists with deadlines.
Laravel

A PHP framework for web artisans
D3

Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

javascript

JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
web

Some thing interesting about web. New door for the world.
server

A server is a program made to process requests and deliver data to clients.
Machine learning

Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Visualization

Some thing interesting about visualization, use data art
Game

Some thing interesting about game, make everyone happy.

Recommend Org

Facebook

We are working to build community through open source technology. NB: members must have two-factor auth.
Microsoft

Open source projects and samples from Microsoft.
Google

Google ❤️ Open Source for everyone.
Alibaba

Alibaba Open Source for everyone
D3

Data-Driven Documents codes.
Tencent

China tencent open source team.