tags:

views:

453

answers:

2

I am including a plist file in my iPhone app. It is in binary format (using plutil to convert from xml to binary). I want to run an MD5 checksum (or SHA-1) on it at runtime to confirm its contents are what is expected. Unfortunately, I always get a checksum that's different than what I originally included. After over an hour of assuming I was calculating the MD5 sum wrong, I decided to run a test and confirm that the bytes are indeed, the same. They aren't. The file size remains the same, but starting at byte 30, and on throughout the file (except for the last 32 bytes), the file contents are completely different. Does anyone know if property list files are signed or otherwise "compiled" to a different binary format before inclusion in an iPhone app? If so, can you provide any more details on the process?

Thanks in advance!

A: 

I'll pop the why stack on this question. I don't know the answer to your question, but I'm curious why you're spending time on it.

Since apps are digitally signed, why are you concerned about the integrity of the PList? If someone modified it, then the app wouldn't install because the digital signature would no longer be valid.

The other reason might be that you are concerned about the app being hacked. Perfectly reasonable, but if someone can hack the app, then they can also modify the PList, and change the checksum in your code so that it will still run. There's really no way to guarantee integrity of your content without actually getting it from a third party (e.g. your own server)

Chris Garrett
That's a very legitimate question. The reason for the MD5 sum is that I use it to send to my server to see if any updates for the property list file are available. If the sum matches what's on the server, it keeps what it has. If it doesn't, the server sends the new copy, and the sum is used to confirm that the entire file was received correctly. So, I'm not too concerned about if someone modifies it, rather just as a basis for pulling updates.Since the version I was bundling wasn't the version ending up in the app, it led to the initial confusion on my part.
Aaron
This is precisely the function I am trying to figure out. Wish you had left some code on how to get that md5 on a file.
Michael
+1  A: 

By default, rather than just doing a straight copy, Xcode uses a small script to process and copy plist files when building a target. If you bring up the info window for your target in Xcode and select the "Rules" tab, you'll see that for processing text.plist source files, it uses its own tool called CopyPlistFile. It does some basic checking to make sure the plist is valid, and can optionally convert it to a different format, although it appears that no conversion is performed by default.

I don't know if this is what's causing a change in your plist file, but if you want you can get info on the plist file itself in your project and change its file type from "text.plist" to just "text". That should cause Xcode to treat it as a plain text file rather than a property list file and just make a straight copy instead of running it through the CopyPlistFile tool.

Brian Webster
This was really helpful. Thanks for the tip. I had switched to a binary property list (via plutil) but it still had a type of text.plist.xml in Xcode. Looking around, it looked like the next logical choice was file.bplist. I switched to that and my file no longer gets modified. Strangely (or not), before when it was getting modified, it remained in binary format and still had the correct contents, just with a different md5 checksum.
Aaron