itsMe Posted October 18, 2020 Share Posted October 18, 2020 This is the hidden content, please Sign In or Sign Up SwiftShield is a tool that generates random and irreversible encrypted names for your iOS project's types and methods (including third-party libraries). It uses Apple's SourceKit to mimick Xcode's indexing behavior, revealing a complete map of your project that is used to safely rename parts of your project. Reverse engineering iOS apps is relatively simple due to the fact that almost every single type and method name is exposed in the app's binary. This allows jailbreak tools like class-dump and Cycript to extract this information and use it to change the behavior of your app in runtime. Obfuscating code in iOS difficults the usage of these tools, while also makes it tougher for jailbreak developers to create tweaks for your app as SwiftShield's obfuscation changes every time you run it. Limitations The capabilities of SwiftShield are directly related to the capabilities of SourceKit, which unfortunately has its share of bugs. However, although SwiftShield can't obfuscate everything, it can obfuscate just enough to make reverse engineering very hard. Check this document to see its capabilities in detail. Requirements You should not have logic based on hardcoded names (like loading MyClass.json because String(describing: type(of:self)) is 'MyClass'). SwiftShield does not obfuscate things like file names and hardcoded strings -- only the types themselves. No Objective-C classes that call Swift methods (but Swift classes calling Objective-C code is fine). Your project should be 100% written in View Code. Older versions of SwiftShield did support obfuscating Storyboards/XIBs, but it was extremely hard to maintain. This parts from the principle that if you have a project big or important enough to be obfuscated, you probably shouldn't be using Storyboards in first place. Your project should not be using Xcode's Legacy Build System setting. Make sure your project doesn't suffer from one of SourceKit's bugs. Although the bugs won't prevent the project from being obfuscated, some of them might require you to manually fix the resulting code as it will not be able to compile. This is the hidden content, please Sign In or Sign Up This is the hidden content, please Sign In or Sign Up Link to comment Share on other sites More sharing options...
Recommended Posts