12

Is there any way to obfuscate Objective-C Code ?

Thanks

smorgan
  • 20,228
  • 3
  • 47
  • 55
Biranchi
  • 16,120
  • 23
  • 124
  • 161
  • 6
    This question no verb. – Greg Hewgill Nov 13 '09 at 05:40
  • 5
    I think Biranchi accidentally a question. – Dave DeLong Nov 13 '09 at 05:48
  • True, it's much more clear to use the C API and write `NSRect outputRect1, outputRect2; objc_msgSend_stret(&outputRect1, window, NSSelectorFromString(CFSTR("frame"))); objc_msgSend_stret(&outputRect2, window, NSSelectorFromString(CFSTR("contentRectForFrameRect:")), outputRect1);` versus just `[window contentRectForFrameRect:[window frame]];`. – Chuck Nov 13 '09 at 06:19
  • Prevent someone from understanding your code. security through obscurity – Biranchi Nov 13 '09 at 06:41
  • Please tell me you're joking with this talk of security by obfuscating your ObjC source code. I'm a bit tired, but that's madness. – Chuck Nov 13 '09 at 08:52
  • Madness +1. I hope you're not selling your clients a "secure enough" solution here ;) – avocade Nov 13 '09 at 09:36
  • 1
    obfuscation is only rarely about security. it's more about IP theft and making it non-trivial to reverse engineer the code (dramatically slows down attempts to hack and cheat at games and/or pirate them). – Dave Dopson Dec 31 '11 at 23:27
  • Also note that for high profile apps, it is not uncommon for enthusiasts to scan all the visible symbols looking for clues about future features that are in progress but not yet released. – Baxissimo Dec 12 '14 at 18:37

2 Answers2

6

The selectors are still plaintext - otool -o will dump out all your objects and the methods they define. You can also dump out all internal and external selectors accessed in the code with a one-liner that follows. Obfuscating method and parameter names at the source level would probably be easiest, though doing it at the object level will also obfuscate in a language-independent way at the expense of some linker table manipulation. 

otool -s __TEXT __objc_methname yourapp.app/executable_file |expand -8 | cut -c17- | sed -n '3,$p' | perl -n -e 'print join("\n",split(/\x00/,scalar reverse (reverse unpack("(a4)*",pack("(H8)*",split(/\s/,$_))))))'|less
Robert Diamond
  • 1,155
  • 1
  • 14
  • 12
3

Objective c is a straight superset of C, therefore all normal C obfuscation techniques work. If you want to work with cocoa, however, you're going to have a bit of an obstacle because the method names are fairly self-documenting.

For your own methods, you just have to self-document the methods incorrectly. e.g.

-(void) doSomethingInnocent:(BOOL)animated withObject:passwords;

when you would normally have written:

-(void) sendObjectToMyServer:(BOOL)coverupAnimation;
Chilloutman
  • 457
  • 2
  • 13
Kenny Winker
  • 11,919
  • 7
  • 56
  • 78