Re: Thwarting classdump, etc.
Re: Thwarting classdump, etc.
- Subject: Re: Thwarting classdump, etc.
- From: email@hidden
- Date: Sun, 3 Jul 2005 13:41:59 +1000
I'm concerned that someone who's looked into this more than I have
could get
into my code chain somehow by changing classes that my code relies
on, maybe
by modifying frameworks or something. In that case, even checking
my code
for modification won't help, since the modifications could be made
outside
of my app.
Quite true. This is why Apple don't recommend using Foundation-based
(iirc) ObjC (notably AppKit, irc) in security-conscious programs;
it's very easy, through multiple paths, for someone to load other
executable code into your app at runtime. But, even without bundle
and plugin conveniences, it's still pretty trivial to use mach_inject
or similar.
Basically, as much as possible, I need to keep someone from
circumventing my
code or learning too much about how it's doing what it's doing
(which leads
back to circumventing the code). Being able to see the class
descriptions is
like leaving debug symbols in your code, only worse since you're
exposing
dependencies.
Obfuscation is only a useful defence against casual hacking - it's
generally hard to do it in a way which really effects a professional,
and in any case they'll be tenacious enough (by definition) to take
as long as necessary. And cynically, you may annoy them enough - or
as someone else said make it challenging enough - that they'll feel
they have to share it with the world.
This isn't just paranoia--I have a project in mind that needs a
very high
level of protection against anyone "rewiring" some user code that
interacts
with a kext. And, there *are* illicit reasons why they'd want to.
As much as
I'd like to write it in Cocoa, I'm really wondering if that makes
the most
sense because of security issues.
As people have said, while you probably are a little safer with C/C+
+, don't over-estimate it. ObjC doesn't have much mindshare,
relatively speaking, and is a lot trickier to reverse engineer than
strictly typed languages like C/C++/Java.
You're in a tricky spot. There's no 100% solution - you're running
on the users computer, so they can do what they want, ultimately. I
don't think you'll be able to hide your overall design - that's one
of the easiest things to decipher. The best you can do is come up
with a design which is still strong even when it's known (again, the
obfuscation problem). That's hard to do in a scenario like this.
Wade Tregaskis (AIM/iChat, Yahoo & Skype: wadetregaskis, ICQ:
40056898, MSN: email@hidden, AV iChat & email:
email@hidden, Jabber: email@hidden)
-- Sed quis custodiet ipsos custodes?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden