Monday, November 3, 2008

Being Even More Subversive

In my previous installment I mentioned being subversive in the behaviour you take toward the kids that pirate your software. This goes double for your code too.

How so?

Well, it would be sufficient for an automated cracking script to search for strings in your application bundle that matched 'SignerIdentity' and alert the cracker. An apt cracker would use this to find any code references to this string and investigate its purpose. It would not be a challenge for him to alter your code so that it didn't function correctly but allowed your application to continue without pause.

What now?

Instead of using 'SignerIdentity' in its entirety, you have a few options:
  1. Iterate over all keys in infoDictionary and check them against the length of SignerIdentity
  2. You know the number of keys in Info.plist so act on that
  3. Iterate over all values in infoDictionary and check the values
Ad nauseam.

You can combine this with other strategies like performing your IPA crack check every 3 executions, only once, or at random. It's up to you and the scheme for detection is limited only by your imagination.

There are over 5000 paid applications ripe for the cracking on the App Store. Between homework and masturbating, there is no way for every single pirated application to be checked for IPA crack checks.

Now that we have the basic strategy in place, we've laid the foundation for some very impressive and interesting applications. This will make for some fun times on the App Store.

Please, if you're interested in what I write, please post a comment and tell your friends about me. I crave the attention.

4 comments:

Anonymous said...

How about we talk about some techniques other than SignedIdentity? :)

iPhoneCrackDetector said...

I will. In due time.

Anonymous said...

Is this method [still] viable? I have read that the SignedIdentity is only needed for installation, which seems to suggest that the original plist could be reinstated and the app would never know the difference.

Looking forward to future entries!

iPhoneCrackDetector said...

It all depends on the due diligence of the copier.