Have Geek Brain

Protecting files on the IPhone

Is there a way to decompile a binary from an IPhone application. I jailbroken my IPhone and was surprised to find that other apps are wide open to copy. So I exported my most important table and hard-coded it into code. Instead of loading the table into an array from the db, I just generated the code to populate the array and only kept the most basic DB information so the relationship still works. Took some time but now works great.

I'm just wondering how safe I am, can someone decompile the binary for the application easily and extract the data. It is easy to decompile * .class files in Java, although this is bytecode where I am assuming iphone applications are inferior.

I know the IPhone sdk 4 can mark files as safe. Does anyone know if this can be overridden by jailbreaks or is it unix blocking?

+2


a source to share


3 answers


To be honest, Apple was unable to secure the brick. In the early days of the iPhone, the iPhone was almost hassle-free. Users (read by hackers :) have more control over the device than developers. There is no way to truly protect the content on the device. When encryption is used, nothing prevents an attacker from obtaining the key. (He controls all the libraries and can plug in any function call he wants.)



Usually, developers backtrack from Security While Obscurity , and I'm not going to entertain these ideas. If there is data on the device, the hacker can and will make a copy of it.

0


a source


By encrypting this data, you are truly protected only by people without motivation. If someone with sufficient motivation wants to look at the data, they can. Even if you encrypt data, if it is in code or generated by your code, they can find it too.



+1


a source


I jailbroken my IPhone and was surprised to find that other apps were open to copy.

No. There is nothing wrong. It needs to be stored somewhere.

So, I exported my most important table and hard-coded it into code.

Bad move.

Escape from priviledge domain is a vulnerability in your phone and is not your problem. There is nothing you can do about it, and even encrypting your data won't save you, because all the privileged codes on the phone will be able to access the encryption keys.

In other words:

The code will usually not be hostile and will steal your goods. The only reason it happened is because the user has downloaded bad code to the phone or a remote exploit.

0


a source






More articles:


All Articles