O'Reilly logo

Hacking and Securing iOS Applications by Jonathan Zdziarski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Chapter 12. Securing the Runtime

From Chapter 7 on, you’ve learned about various techniques to manipulate the Objective-C runtime, and how to dynamically inject code into a program to replace existing functionality. This chapter provides a number of techniques that can be used to help secure the runtime better, thus increasing the overall time and complexity required in order to attack your code.

The runtime comes down to who controls the zeroes and the ones. With a debugger and a copy of the victim’s application data, an attacker is in control. No application is truly secure, but by taking a number of precautions, you can help to greatly complicate the style of attack needed to breach your application, and the skill level required as well. By implementing many of the approaches from this chapter, your application can function properly, but greatly extend the amount of time and skill required to attack it.

Some of the techniques in this chapter are designed not only to protect data, but to confuse an attacker, or to proactively assist in the event of tampering. Approaches like this can also have the added benefit of causing malicious individuals to skip your application and move onto less secure ones. By incorporating anti-debugging techniques, kill switches, class validation, and other techniques from other chapters, such as user jailbreak detection, your application may be able to stave off a majority of the unskilled attackers who amount to nothing more than low budget pickpockets. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required