views:

276

answers:

4

How can I determine if DRM was removed from iPhone application bundle (to protect it from piracy)?

A: 

To my knowledge, there's only one way to remove DRM: Crackulous.

So to find out what to look for in a cracked application, I would run Crackulous on your app and compare the app bundles. It should be fairly easy to determine what's been changed by looking at filesizes and running a diff on the files in the bundle.

Once you know what the changes are and to what file(s), just look for those changes in your application to determine if the application has been cracked.

If you find out exactly which files should be checked, please post your findings here so others can benefit from your research.

Ben S
Also, so that the Crackulous guys can fix those vulnerabilities...
Martinho Fernandes
The Crackulous guys can't change the fact that they need to modify the app bundle. Without modifications, the DRM is still present. They literally **can't** avoid their modifications being detected.
Ben S
@Ben: True, if you look for *any* changes. In your answer you suggested looking for particular changes. You don't need to know the changes, only that it was changed.
Martinho Fernandes
A: 

My previous Stack Overflow question may help you out: Reducing piracy of iPhone applications

Alex Reynolds
A: 

Its probably worth pointing out that there are no casual "pirates". Casual users cannot download your app from the app store without buying it. All the DRM-removal schemes require to be run on a legitimately purchased copy.

As to looking at the bundle for changes, as I recall all you need to do is step through the link-loader commands and ensure that the code bundle is still tagged as encrypted. No need to compare it with anything. You'll need to read about Mach-O file format to do this, but thats not difficult, its all documented on developer.apple.com

Jeff Laing
+1  A: 

I have an iPhone app which integrates with a third party web service. I use the technique described in this question to find pirates and then have the app "phone home" with the user's device ID and user ID for the web service (I haven't done anything with this information yet, but I was thinking about contacting them and asking them nicely to purchase my app).

In addition, once a user has used my app for a certain amount of usage, I limit functionality and direct the pirates to the App Store for full functionality.

Martin Gordon