Re: Strip doesn't strip
Re: Strip doesn't strip
- Subject: Re: Strip doesn't strip
- From: Alex Zavatone <email@hidden>
- Date: Fri, 23 Dec 2016 09:22:24 -0600
On Dec 23, 2016, at 9:02 AM, Andreas Falkenhahn wrote:
> In my iOS project, I have set "Strip debug symbols during copy" to YES for release,
> I have set "Strip linked product" to YES and I have also set "Strip style"
> to "All symbols". The scheme is set to "Release". Xcode version is 8.2.
>
When you archive, press command 8 and go to the Reports Navigator. Select Recent and All Messages.
In that report, search for "strip" to see that it's really stripping symbols and verify if it is or isn't.
Now, go to the Build Settings for your app and also search for "strip" and go over all the areas where Strip Symbols are mentioned.
Make sure to expand the (stupidly hidden) disclosure triangles to make sure that your Release phase is stripping the symbols.
Finally, doubly check your app's Scheme for Archive and make sure it is using the Release configuration.
Now, one question. Are you including debug symbols in your build at the end of the archive phase? I'n not sure if this would cause this problem at all, but I'm interested to see what you find.
Cheers,
Alex Zavatone
> Yet, when opening the main executable with a hex editor, I can still see
> the names of all global functions and variables. Why aren't those stripped
> properly? I don't want to give any potential reverse engineers any hints about
> symbol names but Xcode currently doesn't strip them at all even though it's
> clearly configured to "Strip". Am I missing something here?
>
> I wouldn't be surprised if Objective C couldn't strip all symbols because it has
> some dynamically typed features like performSelector() being able to run methods
> from an NSString source instead of a hard-coded name. So I wouldn't mind if
> Objective C stuff couldn't be stripped. However, most of those globals I'm talking
> of originate from plain C sources and these can definitely be stripped. My app has
> a large platform-independent core and only a tiny layer of Objective C on top of
> it. Still, Xcode's strip doesn't kill the global symbols from my C sources at all.
>
> Even worse, examining the executable using a hex editor also reveals other
> confidential information like path and user names and other stuff directly from
> my build machine. Why is all that included in a *Release* build? I don't really
> get it.... but the fact that enabling all strip options doesn't seem to do
> anything makes me feel quite at unease because the consequence might be that there
> are lots of apps around with the whole symbol name shebang and developers
> who didn't examine the executables in a hex editor before releasing them might
> be completely unaware of what is actually exposed to everybody in their software.
>
> --
> Best regards,
> Andreas Falkenhahn mailto:email@hidden
>
> _______________________________________________
> Do not post admin requests to the list. They will be ignored.
> Xcode-users mailing list (email@hidden)
> Help/Unsubscribe/Update your Subscription:
>
> This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Xcode-users mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden