Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Secure iOS apps with cycript

Tags:

security

ios

With the cycript technology, all iOS application are able to debug and able to access variables and methods inside application.

And also it is possible to overwrite the runtime variables and methods.

Is there any way to secure the application to accessing those instances to avoid hackers to access high secure values?

like image 543
Srini Avatar asked Sep 26 '13 07:09

Srini

1 Answers

With the cycript technology, all iOS application are able to debug and able to access variables and methods inside application. And also it is possible to overwrite the runtime variables and methods.

YES Cycript (easy) / MobileSubstrate (intermediate) / GDB for iOS (more advanced) allow you to modify the runtime environment (i.e. methods/objects/i.variables) and do much more.

Is there any way to secure the application to accessing those instances to avoid hackers to access high secure values?

There is no 100% safe way. As someone said once you can't stop every hacker, but you can slow down and discourage most of them. Then if you protect your app against some types of attacks your app will stand a tiny bit longer without being hacked.

For iOS development, there is one thing to remember : Objective-C (and Swift) make it really easy for hackers to manipulate the runtime and do static analysis. In brief detail : this is due to the way in which these languages are compiled and organized in the binary.

Since it is a due to the language, you can use other languages in order to avoid this ! That's why it is recommended to use other languages like C/C++ instead of Objective-C/Swift for security-related code which process sensitive informations. For instance, Cycript cannot access C/C++ code and thus cannot modify an environment coded in those languages.

Practically, if you use cross-platform tools to develop your apps (like Cocos2d, Unity, ...) you may be protected against such debugger-based attacks (like Cycript, GDB) because most of these cross-platform dev tools only use Objective-C / Swift for the very first steps when the application launches, and they compile your app logic in whatever language you develop in (e.g. C++ for Cocos2d and Unity).

like image 171
Jeffrey Mvutu Mabilama Avatar answered Nov 15 '22 11:11

Jeffrey Mvutu Mabilama
Sign in to Comment

Related questions

Persistent storage (WebSQL and local storage) in iOS 6 w/ PhoneGap
persistentStoreManagedObjectContext vs mainQueueManagedObjectContext
How to create a "Send to Mobile" button on web?
iOS - how to make subviews of a Navigation Bar transparent?
Facebook app-style photo zooming from UITableView / Feed
ios: playing video with arbitrary nsinputstream
Facebook Integration Backend
iOS Google Maps Api Tiled Overlays
How to block anonymous user in XMPP
Calling -(void) cancelAllOperations on NSoperationQueue is not setting the isCancelled property of NSOperation that is present inside the Queue
Textview with Suggestions List in iOS
Current playback queue for MPMusicPlayerController?
Paused audio starts playing automatically on applicationWillEnterForeground:
Is there any way to get the tamper-proof date and time on iPhone?
How can I be notified of a banner notification in iOS?
ExtAudioFileRead in iOS falling with error code -50
UITextView with large font size and magnifying glass
how prevent cell width from expanding when done editing in UITableView
upgrading to iOS 7 and Xcode 5 - having issues with UIAccelerator, UIStringDrawing and NSObject
Turn By Turn Navigation in iOS 7

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!