方法原理可以百度, 说一些我知道的方法
1
//我们对embeded.mobileprovision文件进行验证,保证没有被修改, 过程比较繁琐, 描述文件路径md5值(这个值要打包完成之后去获取, 每次打包都可能会变化, 需要修改, 获取后可以定义成一个宏) 获取方式把包名改成后缀.zip 解压后获取embeded.mobileprovision 然后终端输入 md5 文件路径来获取md5值, 对比文件是否被修改
NSString *embeddedPath = [[NSBundle mainBundle] pathForResource:@"embedded" ofType:@"mobileprovision"];
NSString *embeddedPathMd = [self getFileMD5StrFromPath: embeddedPath];
if(![embeddedPathMd isEqual: embededM]){
exit(0);
}
- (NSString *)getFileMD5StrFromPath:(NSString *)path
{
NSFileManager *fileManager = [NSFileManager defaultManager];
if([fileManager fileExistsAtPath:path isDirectory:nil])
{
NSData *data = [NSData dataWithContentsOfFile:path];
unsigned char digest[CC_MD5_DIGEST_LENGTH];
CC_MD5( data.bytes, (CC_LONG)data.length, digest );
NSMutableString *output = [NSMutableString stringWithCapacity:CC_MD5_DIGEST_LENGTH * 2];
for( int i = 0; i < CC_MD5_DIGEST_LENGTH; i++ )
{
[output appendFormat:@"%02x", digest[i]];
}
return output;
}
else
{
return @"";
}
}
2
//我们对组织id进行验证,这个简单
if(![self.bundleIDPrefix isEqual: 组织id, 可以在钥匙串证书简介里面查看]){
exit(0);
}
//获取组织ID
-(NSString *)bundleIDPrefix
{
static NSString*buPreStr=nil;
if (buPreStr.length==0) {
@try
{
NSDictionary *query = [NSDictionary dictionaryWithObjectsAndKeys: (id)kSecClassGenericPassword, kSecClass, @"bundleIDPrefix", kSecAttrAccount, @"", kSecAttrService, (id)kCFBooleanTrue, kSecReturnAttributes, nil];
CFDictionaryRef result = nil;
OSStatus status = SecItemCopyMatching((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
if (status == errSecItemNotFound)
//iOS Example-iOS 应用安全报告
//30 / 33
status = SecItemAdd((__bridge CFDictionaryRef)query, (CFTypeRef *)&result);
if (status != errSecSuccess)
return nil;
NSString *accessGroup = [(__bridge NSDictionary *)result objectForKey:(id)kSecAttrAccessGroup];
NSLog(@"accessGroup:%@",accessGroup);
NSArray *components = [accessGroup componentsSeparatedByString:@"."];
buPreStr = [[components objectEnumerator] nextObject];
CFRelease(result);
}
@catch(NSException *ex)
{
}
}
return buPreStr;
}
在记录下百度来的防治 代码注入的方法 ios10以后
if([self checkMach_O]){
exit(0);
}
if ([self checkDebugger]) {
//监测到调试
exit(0);
}
if([self isInjected0]){
NSLog(@"检测到被注入。。。isInjected0");
exit(0);
}
if([self isInjected1]){
NSLog(@"检测到被注入。。。isInjected1");
exit(0);
}
-(BOOL)checkDebugger{
//控制码
int name[4];//放字节码-查询信息
name[0] = CTL_KERN;//内核查看
name[1] = KERN_PROC;//查询进程
name[2] = KERN_PROC_PID; //通过进程id查进程
name[3] = getpid();//拿到自己进程的id
//查询结果
struct kinfo_proc info;//进程查询信息结果
size_t info_size = sizeof(info);//结构体大小
int error = sysctl(name, sizeof(name)/sizeof(*name), &info, &info_size, 0, 0);
assert(error == 0);//0就是没有错误
//结果解析 p_flag的第12位为1就是有调试
//p_flag 与 P_TRACED =0 就是有调试
return ((info.kp_proc.p_flag & P_TRACED) !=0);
}
-(BOOL)isInjected0{
int count = _dyld_image_count();//获取加载image的数量
if (count > 0) {
for (int i = 0; i < count; i++) {//遍历所有的image_name。判断是否有DynamicLibraries
const char * dyld = _dyld_get_image_name(i);
if (strstr(dyld, "DynamicLibraries")) {
return YES;
}
}
}
return NO;
}
-(BOOL)isInjected1{//检测环境变量是否有DYLD_INSERT_LIBRARIES
char* env = getenv("DYLD_INSERT_LIBRARIES");
if(env){
return YES;
}
return NO;
}
- (BOOL)checkMach_O
{
NSBundle *bundle = [NSBundle mainBundle];
NSDictionary *info = [bundle infoDictionary];
if ([info objectForKey: @"SignerIdentity"] != nil){
//存在这个key,则说明被二次打包了
return YES;
}
return NO;
}
网友评论