• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Hiding String Constant in Compiled Code
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Hiding String Constant in Compiled Code

  • Subject: Re: Hiding String Constant in Compiled Code
  • From: Jens Alfke <email@hidden>
  • Date: Mon, 30 Nov 2009 09:59:13 -0800
On Nov 30, 2009, at 9:23 AM, Matt Neuburg wrote:

> If the app is code-signed, it will not run when the executable is altered.

In which case, the hacker just needs to strip the signature.
If your code checks for a signature, the hacker can re-sign it with his own.
If your code checks for your key in the signature, the hacker can replace the public key you're checking against with his own.
etc...

We had this thread a few months ago … the take-away is that checking the signature of already-running code is not a viable security technique. Checking has to be done before you load the code.

"Locks are just to keep honest people out."

—Jens_______________________________________________

Cocoa-dev mailing list (email@hidden)

Please do not post admin requests or moderator comments to the list.
Contact the moderators at cocoa-dev-admins(at)lists.apple.com

Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: Hiding String Constant in Compiled Code (From: Matt Neuburg <email@hidden>)

  • Prev by Date: Re: AudioToolbox Pitch Bend?
  • Next by Date: Re: Hiding String Constant in Compiled Code
  • Previous by thread: Re: Hiding String Constant in Compiled Code
  • Next by thread: Re: Hiding String Constant in Compiled Code
  • Index(es):
    • Date
    • Thread