| State of the iPhone application cracking |
| Mon, 05 Jan 2009 09:32 AM |
|
Was doing a bit of research on the topic of how to detect whether a running iPhone app is a legitimate or a cracked copy. This, of course, requires "knowing your enemy", so to speak. If you decide to implement a detection mechanism in your own app, you might find this information/links useful. Everything that's mentioned below is taken from sources that are 2 or 3 google searches away. The good newsAs of right now, you can't run cracked apps on non-jailbroken devices. There is no way to fake Apple's digital signature and the jailbreaking procedure actually modifies the signature-verification code on the device itself. So, the market for illegal app copies is somewhat limited. At least your mom can't just download an IPA file containing a game from one of the warez sites and sync it to the iPod Touch you gave her for Xmas. The bad newsRemoving copy protection from an iPhone application is not that difficult and has been made as easy as running an app on a jailbroken phone that streamlines the whole process. There is a good writeup on how the actual DRM-stripping works, located on one of the iPhone hacking websites. The arms raceThere are a few apps out there that have resisted pirates' efforts by refusing to operate after being cracked, such as iPref and TextGuru. Other apps, such as Blue Skies Air Force Academy took a more subtle approach, by letting you use a pirated copy but popping up a "We know that you stole this" message every once in a while. For the crackers, it comes down to finding a way to remove the copy protection and convince the iPhone OS to run the illegal copy of the app without leaving too many traces that developers can find. For the developers, it's all about either finding a way to interfere with the DRM removal process or finding the traces that it leaves and doing something about it. As of right now, Apple doesn't provide developers with a meaningful way to detect compromised application bundles.
Technical detailsSend me an email or leave a comment if you are interested in links to tutorials/articles that describe how the copy protection removal process actually works. Most of them point to hacking websites and I'd rather not give those guys more PR by mentioning names here, if you know what I mean. But we also can't fight something we don't understand, so it is essential that such information be shared. This post was meant to save you about an hour or two of time googling around and reading forums, nothing more.-- Peter Bakhyryev |
