iOS安全防护之防重签名1.组织单位判断

PS:在学习逻辑教育的防重签视频后,因项目需求把OC 代码替换成swift代码,如有侵权,请联系,删除

具体代码如下:

//  Created by AliG on 2021/2/17.
//  Copyright © 2021 sccu. All rights reserved.
//

import Foundation

/// 署名IDの比較
/// - Parameter id: 署名ID(传入预设好的正确的组织单位id)
func checkCodesign(id: String) {

    let embeddedPath = Bundle.main.path(forResource: "embedded", ofType: "mobileprovision")!
    let embeddedProvisioning = try? String.init(contentsOfFile: embeddedPath, encoding: String.Encoding.ascii)
    let embeddedProvisioningLines = embeddedProvisioning?.components(separatedBy: .newlines)

    for i in 0 ..< embeddedProvisioningLines!.count {
        let emStr = embeddedProvisioningLines![i] as NSString

        if emStr.range(of: "application-identifier").location != NSNotFound {

            let positionStr = embeddedProvisioningLines![i + 1] as NSString

            let fromPosition = positionStr.range(of: "<string>").location + 8
            let toPosition = positionStr.range(of: "</string>").location

            let range: NSRange = NSRange.init(location: fromPosition, length: toPosition - fromPosition)

            let fullIdentifier = positionStr.substring(with: range)
            let identifierComponents = fullIdentifier.components(separatedBy: ".") as Array
            let appIdentifier = identifierComponents.first

            if appIdentifier != id {
                exit(0) // (1)
            }
        }
    }
}

推荐在oc里面用汇编退出, swift调用就桥接一下,我这边应为需求,用的swift自带的

//以下方法,写一个oc 的方法 替换 上面代码(1)ps: 不知道这样子能不能被符号断点断住
                //exit
                asm(
                    "mov X0,#0\n"
                    "mov w16,#1\n"
                    "svc #0x80"
                    );

然后 直接在 AppDelegate 里面调用

checkCodesign(id: "xxxxx")

这里只是简单地明文校验组织id,防护等级不高.蛮容易被Hook.

• 可以用密文判断,提高密文复杂程度,但用组织id来判断是否重签,还是相对简单

以上只是初步了解记录的笔记,还在学习中,欢迎各位前辈,各位大佬,给予指导与批评.
有学到会陆续更新.