Friday, October 31, 2008

How the Crack Works

Before I delve into any code, here's how the crack works in theory:

  1. A legitimate user purchases your digitally signed and encrypted application using a jailbroken iPhone.
  2. The legitimate user will ssh into their iPhone from their desktop.
  3. The legitimate user will navigate to your application's bundle and load it into a debugger like gdb.
  4. Your application is executed and decrypted by the iPhone because the user purchased it.
  5. The decrypted application that is in memory is then dumped to file by gdb.
  6. Your application bundle's Info.plist is modified so that the iPhone thinks it belongs to Apple!
  7. Your encrypted executable is replaced by the new decrypted copy.
  8. Your application bundle is re-packaged and distributed on BitTorrent
The process is a bit more detailed than that but that's how it works.

This should be enough to get any intrepid and enterprising App Store developer started on detecting a compromised application bundle.

Actual code coming up!

Primer

A Very Brief Overview of a Cracked IPA

Basically a cracked IPA has the following:
  1. A modified Info.plist, usually converted to text from binary
  2. A decrypted image of your application binary
With these facts in hand you'll have enough knowledge to perform some rudimentary operations to verify that your application has or has not been compromised.

Hogwash

If you search around the various iPhone discussion blogs and forums you'll find threads about people asking how to prevent IPA cracks. Invariably someone will chime in saying, "You can... but not without using undocumented SDK API!"

This is hogwash.

Using an undocumented API usually leads the poster, or immediate repliers to chime in with, "... and using undocumented SDK API means a form rejection letter from Apple!"

This too is hogwash.

There are plenty of applications on the App Store that use undocumented API. Ever notice UISegmentedControls that don't toggle on tap? What about silent UIPickerViews?

The thread usually peters out with people saying,
  • "You should be proud 15 year olds think your stuff is good enough to steal!"
  • "Why do you care.. your app is $0.99 anyway!"
  • "Piracy is a victimless crime!"
  • "They'll just crack your software again so why bother!"
  • "Piracy is a socio-political issue and is much larger than one developer's $0.99!"
  • "Those kids wouldn't have bought it anyway... they're broke!"
These are very good points and are not worth debating on this blog unless you feel like wasting your time.

However in my opinion the points above are all complete hogwash.

Re-Value Your Time

Okay, so you spent a bunch of your spare time coding your application. You neglected your wife, your kids, your friends and your pets.

You gave Apple your $99 yearly developer fee. You managed to get XCode to build a distribution release of your application AND it got signed properly.

You successfully uploaded it to the App Store for $0.99 per download and now you're collecting your monthly stipend.

You Google around for your app just to see what kind of juice you have with the bourgeois. Maybe your cyber ego needs some stroking -- who knows? After clicking through three pages of search results, you find someone has posted your cracked IPA on RapidShare.

Some 15 year old kid with really nasty zits has marginalized the time you've spent writing this application.

I bet you're pissed. But now what?

Stay tuned for my next installment.

Welcome!

Do you have a successful application on the Apple App Store?

Do you feel curious about how much potential revenue you are losing from the piracy of your software?

Tired of sleepless nights wondering if you'll be able to feed your kids tomorrow?

Welcome to How to Thwart iPhone IPA Crackers. In this series of blog postings, I will show you how to detect if your application has been cracked.