views:

1736

answers:

4

The title says it all.

I'm trying to put anti-piracy code in my app. The previous answer to this (which I can't link to because of my member status - sucks) can be easily countered, since the "SignerIdentity" string can be looked for and replaced in the binary using a hex editor.

Instead, checking the fileSize of the info.plist file and comparing it to a reference value sounds more solid (since the info.plist is getting modified here and there when cracking the app). How would I do that? I tried the following but it logs 0.

NSBundle *bundle = [NSBundle mainBundle];
NSDictionary *mainDictionary = [bundle infoDictionary];
NSLog(@"%d", [mainDictionary fileSize]);
+3  A: 

You might prevent the noobish crackers from finding references to "SignerIdentity" in your code by applying ROT13 or a similar simple obscuring algorithm http://en.wikipedia.org/wiki/ROT13

After applying ROT13, "SignerIdentity" would become "FvtareVqragvgl".

Anyway, the answer to your question (how you get the size of the Info.plist file):

NSBundle *bundle = [NSBundle mainBundle];
  NSString* bundlePath = [bundle bundlePath];

  NSFileManager *fileManager = [NSFileManager defaultManager];

  NSString* path = [NSString stringWithFormat:@"%@/Info.plist", bundlePath ];

  NSDictionary *fileAttributes = [fileManager fileAttributesAtPath:path traverseLink:YES];

  if (fileAttributes != nil) {
   NSNumber *fileSize;

   if (fileSize = [fileAttributes objectForKey:NSFileSize]) {
    NSLog(@"File size: %qi\n", [fileSize unsignedLongLongValue]);
   }   
  }

Also keep in mind that the size (in bytes) of the Info.plist in your Xcode project directory and the Info.plist inside the bundle may differ. You probably want to build the game once, then look at the size of /Info.plist and then update your antipiracy code.

Julio Gorgé
Thing is the pirate could change that "FvtareVqragvgl" string to something else and that would check another key in the info.plist.. that will probably be null. The filesize attribute is compared to an int so there's really no easy way to look for it in the binary.
Sam V
Thanks for the answer!
Sam V
+3  A: 

I've never programmed for the iPhone, but couldn't you just take a hash of that file and compare it to a reference, possibly salting the hash value to prevent someone just changing the reference hash to the new one?

Shadow
+2  A: 

that code has still many giveaways:

the string Info.plist is easy to find. NSFileSize is also very suspicious....

Yllier
+1  A: 

As said here http://stackoverflow.com/questions/1140856/determining-if-an-iphone-is-jail-broken-programatically/2040767#2040767 it looks like some of the most recent cracked apps installed via install0us don't have their info.plist modified. (at least the info.plist does not contain any signeridentity key). How could we detect the crack in such a case ?

yonel
did you try to compare the 2 info.plist file sizes?
Sam V
No, but can I make any assumption on the size of the info.plist once downloaded from the appstore by a iPhone user ? Would it be the same as the one when I upload it to the appStore (through iTunes Connect) ? The fact that this file is sometimes in xml, sometimes as a binary does not give me a clear picture of the whole flow for this file :/
yonel
The filesize would be the one in your .app package of your distribution build. I'm not sure wether Apple changes something in the info.plist file after you submit your app...
Sam V