iOS: is it safe to hard-code AES key in my code?

Question

I have a project which require some data to be encrypted by AES. However, I hard code the AES key in my project like this:

NSString *passwd = @"someStringAsKey";
NSData *encryptedData = [Encrypter encrypteData:unencryptedData];

If someone want to hack my binary to find the AES key I hard-coded, could it be easy? If it is, what's the better way to store AES key?

EDIT: The key is used to encrypt and decrypt a chunk of data,app download the data from server,and then app encrypt it and save the encrypted data on disk. This key is used on a per-device basis, which means every device could have it own key as long as every time app runs, it knows how to generate the key.

EDIT2: The data downloading procedure is protected by this way: the client generate a random private/public key pair every time it login. It send the public key to server, and server use public key to encrypt an AES key, then send encrypted AES key to client. Client decrypt the AES key and put it in memory. Then client and server transport data encrypted by that AES key.

I'm aimed to protect the data on disk to not decrypted by hacker. I assume that what hacker can get is my binary image and data on disk. Also hacker can run my app on his own device and analyze memory.

I don't need to protect this kind of attack: the hacker is so smart that he wrote a virus runs on jailbroken devices and the virus can analyze my app's running memory to search for some key in memory. So we don't need to worry about the safety of network transporting.

Answer 1

Yes, it will most likely be pretty easy to find. In fact, it is impossible to store a key locally in a way that will be totally safe. The best you can hope to do is obfuscate and make it not worth the effort for the potential attacker. For example, store the password in a file with a bunch of junk letters, and pick out the correct ones in memory. Say the password is "password":

efgwhipbuobgweuaegiwhipsiphshipwgiewhponeifgwnpripndpad (I haven't done any extensive research, but I think that Blowfish uses a similar technique on a memory buffer)

You could store a big string like this as any encoding that you wanted (an obscure one would work better), and then just pick and choose the bits you want. The only problem I can see is that you would have to store it in memory at one point, and if it is in memory then as far as I know a determined individual can get it with GDB or LLDB. To help make this more annoying, avoid storing the password in memory as an NSString (try to stay with NSData). It would have to be really worth it though. In the end, your data will never be safe on an iOS device, unfortunately.

The best scenario is that this file is on a server. You download the file, do your magic on it, store the password in the keychain, and delete the file. From then on, just use the keychain value.

Just so you know, I am not a security expert, this is just the first thought that came to my mind.

EDIT I was working under the assumption that you had pre-encrypted data. If your app is encrypting the data from the server then what stops the attacker from simply downloading the data from the server? Well, assuming that you have some system in place for that, you could generate a key like some of the other answers say and then store it in obfuscated form in the keychain. That way even if the attacker gets a hold of it, they won't know what to do with it for a while.

Answer 2

Stuck in there as a string, and absent any other protection, it would be trivial to find the key in your binary. All someone needs is a symbolic debugger, and/or a decent idea of roughly what a key should look like (how big it should be, and the range of valid values).

iOS apparently has some security stuff built into it, where you can store sensitive data outside the reach of malicious apps. Problem is, a large part of it seems to assume the device is running as intended. Code running on a jailbroken device can probably still get to most if not all of that data.