Re: Thwarting classdump, etc.
Re: Thwarting classdump, etc.
- Subject: Re: Thwarting classdump, etc.
- From: Bill Bumgarner <email@hidden>
- Date: Tue, 28 Jun 2005 10:22:20 -0700
On Jun 28, 2005, at 10:14 AM, Dave Hersey wrote:
Thanks. I thought there were also ways with Objective C to register
classes
at runtime, so that there was basically nothing useful to dump
otherwise.
That's what I was originally looking for. Is anyone doing that?
The runtime is dynamic and provides introspection features. These
features are used quite actively to implement the AppKit, Core Data,
and Foundation. They are also one of the biggest reasons why such a
relatively small amount of code can provide so much power and
flexibility to the developer.
It also means that anything running within your application can
easily introspect the runtime and dump the same information as class-
dump, including dumping all dynamically generated classes. F-Script
anywhere and PyObjC both include solutions for injecting an
interpreter into a remote process. Even without injection, there
are any of a bazillion other ways to interact with a runtime in a
running app -- gdb, input manager, DYLD hacks, etc...
Bottom line: You can't obfuscate Objective-C classes and methods.
It will break the app.
However, *** this is not any more or less of a security risk than C, C
++ or [supposedly obfuscated] Java apps ***. Any reasonably
knowledgeable developer type can dis-assemble your app, if necessary,
to glean how it works. Or they can look up symbols. Or any of a
number of other means of figuring it out.
b.bum
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Cocoa-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden