O'Reilly logo

Hacking and Securing iOS Applications by Jonathan Zdziarski

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Inline Functions

One of the easiest ways to hijack the behavior inside an application is to hijack a particular function. This is made particularly easy with the use of breakpoints in a debugger, or with code injection attacks. In Objective-C, you’ve learned how easy it is to hijack a given method for a class, and how to perform a dynamic linker style attack to even replace C functions. Most compilers provide a mechanism for making functions inline. Inline functions are functions in which the compiler expands a function body to be inserted within the code every time it is called. In other words, there is no longer a function: the code gets pasted into the machine code whenever it’s called. In practice, inline functions are not an identical copy of the function body, but rather the original function’s code is integrated with the code of its caller.

Traditionally, inline functions were used to increase performance at the cost of file size. Because inline functions don’t have the overhead of a function call, they can improve performance for functions that are excessively called. The role they can play in secure application development is in their nature of repeating code. If your application performs any type of crucial security check such as session validation, feature enablement, or authentication, turning the check into an inline function will cause it to be repeated throughout your application every time it is called. This complicates an attack by forcing an attacker to hunt down ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required