7

I am trying to strip our iOS application binary of debug symbols to make it more difficult for hackers to modify the binary. I have tried both xcode's symbol stripping (enabling strip linked product and deployment postprocessing) and using "strip -S -x". Both do reduce the number of symbols, but running the binary through "strings" still returns loads of hits.

How do I remove them?

Cœur
  • 37,241
  • 25
  • 195
  • 267
moinudin
  • 134,091
  • 45
  • 190
  • 216

2 Answers2

15

Objective-C is a dynamic language. Method calls are resolved at runtime based on selectors (effectively the method name as a string). This is different from a language like C++ that binds method calls at compilation/link time.

Removing the method names (selectors) from the binary would make the application unusable.

Applications written in Objective-C are pretty much open books when it comes to their internals. Just look at tools like otool, class-dump, F-Script or DTrace to see how much is accessible and modifiable in a running Objective-C application.

However, there are linker flags (P_LNOATTACH) which stop DTrace connecting to the running application. You can also call ptrace with the PT_DENY_ATTACH flag. iTunes is an example of an app that does this as Apple doesn't want you poking around inside their DRM.

There appears to be a previous post on Objective-C code obfuscation. See iPhone/iPad App Code Obfuscation - Is it Possible? Worth it? for more details

Community
  • 1
  • 1
mttrb
  • 8,297
  • 3
  • 35
  • 57
  • iTunes, and other apps like the DVD player, have the `P_LNOATTACH` flag set which disables DTrace from within the kernel. – JustSid Nov 01 '12 at 05:02
  • We set the PT_DENY_ATTACH flag to prevent debugging. Is there a tool for obfuscating method names? It sounds like that would solve the problem of making it harder to hack. – moinudin Nov 01 '12 at 05:16
  • I just added PT_DENY_ATTACH to my answer and then saw your comment. I suspect the only way you could obfuscate the method names would be to run a preprocessor over your code to mangle the method names before compilation. – mttrb Nov 01 '12 at 05:18
  • I've updated my post with a link to a previous SO post about ObjC code obfuscation. There are a few other hits searching for Objective-C code obfuscation – mttrb Nov 01 '12 at 05:21
  • PT_DENY_ATTACH has been bypassed with a [generic method](https://github.com/gdbinit/onyx-the-black-cat) – toasted_flakes Jan 26 '14 at 11:44
1

The objective-c runtime relies on those, it won't be possible to remove them. (The type 'SEL' is a uniqued char *)

Catfish_Man
  • 41,261
  • 11
  • 67
  • 84