HTDark | Underground Hacking Forum and Cybersecurity Community
  • Earn real money by being active: Hello Guest, earn real money by simply being active on the forum — post quality content, get reactions, and help the community. Once you reach the minimum credit amount, you’ll be able to withdraw your balance directly. Learn how it works.

iOS SwiftShield: Swift Obfuscator

Status
Not open for further replies.
itsMe

itsMe

*KillmeMories*
Staff member
Administrator
Super Moderator
Hacker
Specter
Crawler
Shadow
Joined
Jan 8, 2019
Messages
56,623
Solutions
2
Reputation
32
Reaction score
100,455
Points
2,313
Credits
32,750
‎6 Years of Service‎
 
76%
687474703a2f2f692e696d6775722e636f6d2f306b736a3747682e706e67


SwiftShield is a tool that generates random and irreversible encrypted names for your iOS project's types and methods (including third-party libraries). It uses Apple's SourceKit to mimick Xcode's indexing behavior, revealing a complete map of your project that is used to safely rename parts of your project.

Reverse engineering iOS apps is relatively simple due to the fact that almost every single type and method name is exposed in the app's binary. This allows jailbreak tools like class-dump and Cycript to extract this information and use it to change the behavior of your app in runtime.

Obfuscating code in iOS difficults the usage of these tools, while also makes it tougher for jailbreak developers to create tweaks for your app as SwiftShield's obfuscation changes every time you run it.

Limitations

The capabilities of SwiftShield are directly related to the capabilities of SourceKit, which unfortunately has its share of bugs. However, although SwiftShield can't obfuscate everything, it can obfuscate just enough to make reverse engineering very hard. Check this document to see its capabilities in detail.

Requirements

    You should not have logic based on hardcoded names (like loading MyClass.json because String(describing: type(of:self)) is 'MyClass'). SwiftShield does not obfuscate things like file names and hardcoded strings -- only the types themselves.
    No Objective-C classes that call Swift methods (but Swift classes calling Objective-C code is fine).
    Your project should be 100% written in View Code. Older versions of SwiftShield did support obfuscating Storyboards/XIBs, but it was extremely hard to maintain. This parts from the principle that if you have a project big or important enough to be obfuscated, you probably shouldn't be using Storyboards in first place.
    Your project should not be using Xcode's Legacy Build System setting.
    Make sure your project doesn't suffer from one of SourceKit's bugs. Although the bugs won't prevent the project from being obfuscated, some of them might require you to manually fix the resulting code as it will not be able to compile.

68747470733a2f2f692e696d6775722e636f6d2f714d4b793834502e706e67


To see this hidden content, you must like this content.
 
Status
Not open for further replies.
Back
Top