Friday, October 31, 2008

How the Crack Works

Before I delve into any code, here's how the crack works in theory:

  1. A legitimate user purchases your digitally signed and encrypted application using a jailbroken iPhone.
  2. The legitimate user will ssh into their iPhone from their desktop.
  3. The legitimate user will navigate to your application's bundle and load it into a debugger like gdb.
  4. Your application is executed and decrypted by the iPhone because the user purchased it.
  5. The decrypted application that is in memory is then dumped to file by gdb.
  6. Your application bundle's Info.plist is modified so that the iPhone thinks it belongs to Apple!
  7. Your encrypted executable is replaced by the new decrypted copy.
  8. Your application bundle is re-packaged and distributed on BitTorrent
The process is a bit more detailed than that but that's how it works.

This should be enough to get any intrepid and enterprising App Store developer started on detecting a compromised application bundle.

Actual code coming up!

2 comments:

Download 2018 said...

I was about to say something on this topic. But now i can see that everything on this topic is very amazing and mind blowing, so i have nothing to say here. I am just going through all the topics and being appreciated. Thanks for sharing.

Unknown said...

I really liked this part of the article, with a nice and interesting topics have helped a lot of people who do not challenge things people should know.. you need more publicize this so many people who know about it are rare for people to know this, Success for you. offline installer filehippo