应用被篡改后二次打包不仅发者的利益,而且也使 APP 用户遭受到不法应用的恶意侵害。攻击者可以通过对客户端程序添加或修改代码,修改客户端资源图片、配置信息、图标,添加广告,二次打包成其他应用,导致大量盗版应用的出现;还能添加病毒代码、添加恶意代码,实现应用钓鱼,从而窃取登录账号密码、支付密码等。
以下是实现代码:
- (BOOL)checkCodesign:(NSString*)teamID {
//获取描述文件路径
NSString *embeddedPath = [[NSBundle mainBundle] pathForResource:@"embedded" ofType:@"mobileprovision"];
if ([[NSFileManager defaultManager] fileExistsAtPath:embeddedPath]) {
// 读取application-identifier
NSString *embeddedProvisioning = [NSString stringWithContentsOfFile:embeddedPath encoding:NSASCIIStringEncoding error:nil];
NSArray *embeddedProvisioningLines = [embeddedProvisioning componentsSeparatedByCharactersInSet:[NSCharacterSet newlineCharacterSet]];
for (int i = 0; i < [embeddedProvisioningLines count]; i++) {
if ([[embeddedProvisioningLines objectAtIndex:i] rangeOfString:@"application-identifier"].location != NSNotFound) {
NSInteger fromPosition = [[embeddedProvisioningLines objectAtIndex:i+1] rangeOfString:@"<string>"].location+8;
NSInteger toPosition = [[embeddedProvisioningLines objectAtIndex:i+1] rangeOfString:@"</string>"].location;
NSRange range;
range.location = fromPosition;
range.length = toPosition - fromPosition;
NSString *fullIdentifier = [[embeddedProvisioningLines objectAtIndex:i+1] substringWithRange:range];
NSArray *identifierComponents = [fullIdentifier componentsSeparatedByString:@"."];
NSString *appIdentifier = [identifierComponents firstObject];
// 对比签名ID
if ([appIdentifier isEqual:teamID]) {
NSLog(@"签名验证签名验证成功");
return YES;
} else{
NSLog(@"签名验证签名验证失败");
return NO;
}
break;
}
}
}
}
网友评论