iPhone Piracy Protection Code - A Tutorial

[Shmoopi]

Welcome everybody! This tutorial is a collection of iPhone/iTouch Anti-Piracy code from all over the place. App Store Piracy today is running ramped, with over 5 Million pirates in counting, Developers are losing millions of dollars in revenue. I'm not going to go into the ethics of hacking or Anti-Piracy during this tutorial and would appreciate if comments about the ethics of Piracy and Anti-Piracy be omitted. With that out of the way, Let's get this party started!

The first step towards preventing the piracy of your apps is detecting the piracy, and then taking steps to either monetize your freeloading traffic or disabling your app altogether. The most basic of Anti-Piracy methods is as follows:

Code:

NSBundle *bundle = [NSBundle mainBundle];
NSDictionary *info = [bundle infoDictionary];
if ([info objectForKey: @"SignerIdentity"] != nil)
{
/* do something */
}

The code should be pretty self explanatory. We are checking the info.plist for SignerIdentity, which is implemented in all cracked apps in order to run on a jailbroken phone. This is designed to overcome automated processes at best, and will probably only prevent the most simple-minded of iPhone hackers. The problem with this type of detection is that it can easily be bypassed with a simple hex editor.

The next step towards Piracy prevention is this little piece of code:

Code:

#define INIT_STRING @"SignerIdentity"

NSString *aString = INIT_STRING; ///do this for all of your temp strings

This code should be implemented with the one above. Basically this hides the "SignerIdentity" from a hex editor by applying bit manipulation to each character in the string. This should make it a lot harder to find with a simple hex editor, but does not protect it completely.

This simple code below is designed to also work with the first code sample to hide the "SignerIdentity" string that is so easy to find. It does not work quite as well as the one above, but does provide some adequate coverage from search based hex hacking. Change the NSString of the first sample with this:

Code:

NSString *aString = [NSString stringWithFormat:@"%@%@%@",@"Sig",@"nerI",@"dentit y"];

The output code should look like this in a hex editor: "Sig.nerI.dentit y.. Still not the best, but it should prevent the noobs and automatons.

This is where it gets interesting:

Code:

NSBundle *bundle = [NSBundle mainBundle];
                NSString* bundlePath = [bundle bundlePath];

                NSFileManager *fileManager = [NSFileManager defaultManager];

                NSString* path = [NSString stringWithFormat:@"%@/Info.plist", bundlePath ];

                NSDictionary *fileAttributes = [fileManager fileAttributesAtPath:path traverseLink:YES];

                if (fileAttributes != nil) {
                        NSNumber *fileSize;

                        if (fileSize = [fileAttributes objectForKey:NSFileSize]) {
                                NSLog(@"File size: %qi\n", [fileSize unsignedLongLongValue]);
                        }                       
                }

As you can see, this code is much more complex. We are checking the file-size of the info.plist and displaying it in the NSLog. From there, you can change the Anti-Piracy code to match the plist size. Since Apple does not change the info.plist file when coded for distribution in the App Store, it will work in the App Store. With this code, please keep in mind that the size (in bytes) of the info.plist in the Xcode Project Directory and in the Application bundle may differ.

The code below is the biggest step on the road towards Anti-Piracy. We are going to go into ciphers! Enjoy:

Code:

NSLog(@"Substitution Cipher:");
char symCipher[] = { '(', 'H', 'Z', '[', '9', '{', '+', 'k', ',', 'o', 'g', 'U', ':', 'D', 'L', '#', 'S', ')', '!', 'F', '^', 'T', 'u', 'd', 'a', '-', 'A', 'f', 'z', ';', 'b', '\'', 'v', 'm', 'B', '0', 'J', 'c', 'W', 't', '*', '|', 'O', '\\', '7', 'E', '@', 'x', '"', 'X', 'V', 'r', 'n', 'Q', 'y', '>', ']', '$', '%', '_', '/', 'P', 'R', 'K', '}', '?', 'I', '8', 'Y', '=', 'N', '3', '.', 's', '<', 'l', '4', 'w', 'j', 'G', '`', '2', 'i', 'C', '6', 'q', 'M', 'p', '1', '5', '&', 'e', 'h' };
char cfile[256];
[[[NSString alloc] initWithString:@"SignerIdentity"] getCString:cfile maxLength:sizeof(cfile) encoding:NSUTF8StringEncoding];
NSLog(@"%s",cfile);
for(int i=0;i

The code above may seem complicated, but it's not. We are using a substitution cipher, a very basic form of cryptography, to rearrange the alphabet and "translate" (if you will), the "SignerIdentity" to (in this case) "V.NwY2*8YwC.C1". So as you can see, it encrypts the string SignerIdentity to the string V.NwY2*8YwC.C1 then decrypts it back to SignerIdentity.

Now to disguise our piracy check:

Code:

char symCipher[] = { '(', 'H', 'Z', '[', '9', '{', '+', 'k', ',', 'o', 'g', 'U', ':', 'D', 'L', '#', 'S', ')', '!', 'F', '^', 'T', 'u', 'd', 'a', '-', 'A', 'f', 'z', ';', 'b', '\'', 'v', 'm', 'B', '0', 'J', 'c', 'W', 't', '*', '|', 'O', '\\', '7', 'E', '@', 'x', '"', 'X', 'V', 'r', 'n', 'Q', 'y', '>', ']', '$', '%', '_', '/', 'P', 'R', 'K', '}', '?', 'I', '8', 'Y', '=', 'N', '3', '.', 's', '<', 'l', '4', 'w', 'j', 'G', '`', '2', 'i', 'C', '6', 'q', 'M', 'p', '1', '5', '&', 'e', 'h' };
char csignid[] = "V.NwY2*8YwC.C1";
for(int i=0;i

Now the NSString signIdentity contains the string "SignerIdentity", without us having to declare it in the binary and potentially have it hacked! It would probably be a good idea to generate your own symCipher array, and generate your own encrypted strings, so they are unique. Here is a small html PHP script that simply outputs your decrypted string and the substitution array needed to generate it here!

This next cipher is a Transitional cipher. The principal is really simple, just replacing a letter in the ASCII table with one a defined amount above or below it, so if I wanted -1, B would be A, A would be Z etc. An objective-C implementation would look like this:

Code:

NSLog(@"Transpositional Cipher:");
char csignid[] = "SignerIdentity";
NSLog(@"%s",csignid);
for(int i=0;i

This will give us the log: Transpositional cipher, SignerIdentity, pfdkboFabkqfqv. This is harder to crack but pretty easy to spot if you know what you're looking for. Nonetheless, it's one step, and a lot less code, closer to preventing hackers from cracking your app.

So now let's do a basic decryption of the SignerIdentity string that we need, we just use the decryption method with our encryted string:

Code:

char csignid[] = "PfdkboFabkqfqv";
for(int i=0;i

As you can see this contains a lot less code, but with the drawback of being a lot more crackable. This is the end of the cipher code samples.

So now that we have learned how to hide our string from simple hex edits, we can lay a honeytrap in our code. Let's go back to the code we used in the beginning of the tutorial. We used a simple "SignerIdentity" string in full site back then. Now what if we added a small boolean value in there to return true if it has been executed if the ObjectForKey is null? Let's find out:

Code:

bool checked = false;
if([[[NSBundle mainBundle] infoDictionary] objectForKey:@"SignerIdentity"] == nil || [[[NSBundle mainBundle] infoDictionary] objectForKey:@"SignerIdentity"] != nil)
{
	checked = true;
}
if(!checked)
{
// This app be hacked!
}

In this code, the variable checked will be false if someone hex edits out SignerIdentity, a nice little honeytrap. Now what you do after you have detected this piracy is up to you! Personally:

Quote:

My method of choice is to display an alert.. much like "illegal copy detected" then just gobble up all the memory and display a "reporting piracy to apple" with a progress view... so it freezes the phone while "reporting piracy".

of course there is no call to report piracy.. it's just a deterrent.

Guaranteed app uninstall within minutes after they reboot their phone (because it froze) -Root

Well, that's all I got for you! Enjoy it, and good luck to everyone with apps in the App store. Credits go to the respective authors of the different Anti-Piracy Code samples (located in the links below).
Links-
http://www.iwillapps.com/wordpress/?p=70
Get fileSize of info.plist to prevent piracy - Stack Overflow
Reilly's patching school for iPhone Part I: simple SignerIdentity checks - xSellize
APPLICATION CRACKED!!!
PHP SIM CIPHER SCRIPT! Objective-C Substitution Cipher
Victor Costan: iPhone Piracy: Hard Numbers For A Soft Problem
The Escapist : The Pocket Gamer Report: iPhone Pirates Ahoy!

[hellrider]

Good effort, but while some of that might make your average 12-year cracker scratch his head, anyone with some time and passable knowledge will crack the app. No one who seriously wishes to protect their app should rely solely on the things in the above post. Accept the fact that it will EVENTUALLY be cracked, and if you think its worth it, develop your own, PRIVATE, method of protection. Anything out in the open like this is even easier for crackers to surmount. (obviously)

[zben]

Thanks for posting the code, but when looking at this in Safari Version 4.0.3 (6531.9) your program is getting cut off at the first greater than sign -- seems like the browser is interpreting it as a beginning of a tag. This is usually some kind of comparison in an if command. Like this

NSLog(@"%s",cfile);
for(int i=0;i

and the rest of the code is not visible in the browser.

[Shmoopi]

Quote:

Originally Posted by zben

Thanks for posting the code, but when looking at this in Safari Version 4.0.3 (6531.9) your program is getting cut off at the first greater than sign -- seems like the browser is interpreting it as a beginning of a tag. This is usually some kind of comparison in an if command. Like this

NSLog(@"%s",cfile);
for(int i=0;i

and the rest of the code is not visible in the browser.

Sorry about that, I don't know why it's cutting it off like that. Anyway, here's the code:

Code:

char csignid[] = "PfdkboFabkqfqv";
for(int i=0;i

It still doesn't seem to show up for me either, here it is in Plain text:
char csignid[] = "PfdkboFabkqfqv";
for(int i=0;i csignid[i] = csignid[i]+3;
NSString* signIdentity = [[NSString alloc] initWithCString:csignid encoding:NSUTF8StringEncoding];

[zben]

Quote:

Originally Posted by Shmoopi

Sorry about that, I don't know why it's cutting it off like that. Anyway, here's the code:

Code:

char csignid[] = "PfdkboFabkqfqv";
for(int i=0;i

It still doesn't seem to show up for me either, here it is in Plain text:
char csignid[] = "PfdkboFabkqfqv";
for(int i=0;i csignid[i] = csignid[i]+3;
NSString* signIdentity = [[NSString alloc] initWithCString:csignid encoding:NSUTF8StringEncoding];

I can't see any better solution than to replace all your <s and >s and &s with &lt;, &gt;, and &amp; respectively. Strangely enough, putting the program code into <pre> and </pre> works well enough on my web site cootsoft.com where I have the full source code of my app posted. Strange that the CODE thing here doesn't throw that into the generated HTML??

[hellrider]

Quote:

Originally Posted by zben

I can't see any better solution than to replace all your <s and >s and &s with &lt;, &gt;, and &amp; respectively. Strangely enough, putting the program code into <pre> and </pre> works well enough on my web site cootsoft.com where I have the full source code of my app posted. Strange that the CODE thing here doesn't throw that into the generated HTML??

As you can see in the bottom left corner, HTML code is enabled.

[svveet]

thumbs up for posting this, im sure it will help out all the developers out there.

[odysseus31173]

I recognized the cipher string right off the bat; bravo for citing your sources

[rocotilos]

Hi, I would like to ask, where to put all this codes?

In Appdelegate.m and .h?
In which function?

Thanks.

ps. btw my 1st app have been pirated. Im going to update to ver 2.0 soon, and
want to put some piracy deterrents.. probably wont stop them, but something to annoy the pirates would be great.

[Shmoopi]

Quote:

Originally Posted by rocotilos

Hi, I would like to ask, where to put all this codes?

In Appdelegate.m and .h?
In which function?

Thanks.

ps. btw my 1st app have been pirated. Im going to update to ver 2.0 soon, and
want to put some piracy deterrents.. probably wont stop them, but something to annoy the pirates would be great.

You can put this code anywhere you want pretty much. Whether it's in the app delegate or the view controller doesn't really matter. But I would put it in the app delegate in the ViewDidLoad function just so it gets called every time the app is loaded. Thanks for asking, and congrats on your apps.

[rocotilos]

Quote:

Originally Posted by Shmoopi

You can put this code anywhere you want pretty much. Whether it's in the app delegate or the view controller doesn't really matter. But I would put it in the app delegate in the ViewDidLoad function just so it gets called every time the app is loaded. Thanks for asking, and congrats on your apps.

Shmoopi, thanks for the fast reply.

Anyway on a second note, do you think it is wise to disable the app on those who pirated our apps? Wont that get them more angry at you or something?
Im thinking of total disabling, but, the thought of just putting up a banner/ad comes to mind, esp, perhaps it would help in promoting our app.. ?

[Shmoopi]

Quote:

Originally Posted by rocotilos

Shmoopi, thanks for the fast reply.

Anyway on a second note, do you think it is wise to disable the app on those who pirated our apps? Wont that get them more angry at you or something?
Im thinking of total disabling, but, the thought of just putting up a banner/ad comes to mind, esp, perhaps it would help in promoting our app.. ?

I've thought long and hard about this question for a good year, and the best answer i've been able to come up with is that it's your choice. Personally I think it's better if I give them a minute demo of my app, then ask them to buy it. That way they can't seriously use it, but they get a good feel for it, and might potentially buy it. Either way it's up to you.

[rocotilos]

Quote:

Originally Posted by Shmoopi

I've thought long and hard about this question for a good year, and the best answer i've been able to come up with is that it's your choice. Personally I think it's better if I give them a minute demo of my app, then ask them to buy it. That way they can't seriously use it, but they get a good feel for it, and might potentially buy it. Either way it's up to you.

Thanks for your comment.

[rocotilos]

Hi Shmoopi, is there any way I can test this in simulator?

[Shmoopi]

Quote:

Originally Posted by rocotilos

Hi Shmoopi, is there any way I can test this in simulator?

Absolutely, simply add this key to your application's plist:

Code:

SignerIdentity

with a value of whatever you want.

[rocotilos]

Quote:

Originally Posted by Shmoopi

Absolutely, simply add this key to your application's plist:

Code:

SignerIdentity

with a value of whatever you want.

Hi, thanks.. erm.. but i added the key to my info.plist, but nothing happens. Maybe i did something wrong.. not sure..

[Shmoopi]

Quote:

Originally Posted by rocotilos

Hi, thanks.. erm.. but i added the key to my info.plist, but nothing happens. Maybe i did something wrong.. not sure..

Ok then, make sure you have everything set up right and then try again. If it still doesn't work try using the first example in the ViewDidLoad method with the "SignerIdentity" Key and the value Bob. If it still doesn't work feel free to post the code and we'll try to help you.

[rocotilos]

Ah.. it works now... thanks..

[Mr Jack]

Quote:

Originally Posted by rocotilos

Hi, I would like to ask, where to put all this codes?

I would argue that the best thing to do is to put different variations of the obfuscated code at varying points though your game, and pop up a "please don't pirate my game" alert and then exit whenever you detect piracy. Most pirates don't even play the games they crack, just crack 'em and slap them up for download; if you make it fail at numerous distinct points through the game, they actually have to take the time to play throught the game to find and remove them all.

It'll happen eventually, of course. But you can delay them through this approach and that can mean more sales (which, btw, was used pretty effectively by Spyro the Dragon on the PS2).

[Momeks]

thank you for your great information ....
i built an application for iphone and i want to avoid cracking my app ... like this :



i don't problem with running on jail broken iphone !
what is the best code ? for anti - cracking and running on jailbroken iphone ?

[Shmoopi]

Quote:

Originally Posted by Momeks

thank you for your great information ....
i built an application for iphone and i want to avoid cracking my app ... like this :



i don't problem with running on jail broken iphone !
what is the best code ? for anti - cracking and running on jailbroken iphone ?

This code will not effect jailbroken phones, it runs the exact same on both jailbroken and non-jailbroken phones. Thanks

[rocotilos]

I got that confused too. I thought jailbreaking phones is a way to pirate our app. But actually jailbreak phone only allows installation of pirated app, on top of the normal installation of legal app. Pirated app is the app binary that have been altered inside it to be able to be installed on a jailbreak phone. ... Right?

[Shmoopi]

Quote:

Originally Posted by rocotilos

I got that confused too. I thought jailbreaking phones is a way to pirate our app. But actually jailbreak phone only allows installation of pirated app, on top of the normal installation of legal app. Pirated app is the app binary that have been altered inside it to be able to be installed on a jailbreak phone. ... Right?

Yes, there is a little bit more to it than that, but that's about right.

[Momeks]

Quote:

Originally Posted by Shmoopi

This code will not effect jailbroken phones, it runs the exact same on both jailbroken and non-jailbroken phones. Thanks

so ... what's your suggestion ? what's the best way?
if somebody download cracked ipa ... when app runs an alert shows up and says "BUY MY APP" or something like this ....

[gonk]

So, what's the consensus on this? Does this really prevent piracy, or is it just wasted effort? If it only slows down the pirates by a few minutes, what's the point?

Is it really true that all pirated apps have to have a "signer identity"?

More generally, do the pirates HAVE to modify the info.plist in some way to pirate the app?