Welcome everybody! This tutorial is a collection of iPhone/iTouch Anti-Piracy code from all over the place. App Store Piracy today is running ramped, with over 5 Million pirates in counting, Developers are losing millions of dollars in revenue. I'm not going to go into the ethics of hacking or Anti-Piracy during this tutorial and would appreciate if comments about the ethics of Piracy and Anti-Piracy be omitted. With that out of the way, Let's get this party started!
The first step towards preventing the piracy of your apps is detecting the piracy, and then taking steps to either monetize your freeloading traffic or disabling your app altogether. The most basic of Anti-Piracy methods is as follows:
The code should be pretty self explanatory. We are checking the info.plist for SignerIdentity, which is implemented in all cracked apps in order to run on a jailbroken phone. This is designed to overcome automated processes at best, and will probably only prevent the most simple-minded of iPhone hackers. The problem with this type of detection is that it can easily be bypassed with a simple hex editor.
The next step towards Piracy prevention is this little piece of code:
Code:
#define INIT_STRING @"SignerIdentity"
NSString *aString = INIT_STRING; ///do this for all of your temp strings
This code should be implemented with the one above. Basically this hides the "SignerIdentity" from a hex editor by applying bit manipulation to each character in the string. This should make it a lot harder to find with a simple hex editor, but does not protect it completely.
This simple code below is designed to also work with the first code sample to hide the "SignerIdentity" string that is so easy to find. It does not work quite as well as the one above, but does provide some adequate coverage from search based hex hacking. Change the NSString of the first sample with this:
As you can see, this code is much more complex. We are checking the file-size of the info.plist and displaying it in the NSLog. From there, you can change the Anti-Piracy code to match the plist size. Since Apple does not change the info.plist file when coded for distribution in the App Store, it will work in the App Store. With this code, please keep in mind that the size (in bytes) of the info.plist in the Xcode Project Directory and in the Application bundle may differ.
The code below is the biggest step on the road towards Anti-Piracy. We are going to go into ciphers! Enjoy:
The code above may seem complicated, but it's not. We are using a substitution cipher, a very basic form of cryptography, to rearrange the alphabet and "translate" (if you will), the "SignerIdentity" to (in this case) "V.NwY2*8YwC.C1". So as you can see, it encrypts the string SignerIdentity to the string V.NwY2*8YwC.C1 then decrypts it back to SignerIdentity.
Now the NSString signIdentity contains the string "SignerIdentity", without us having to declare it in the binary and potentially have it hacked! It would probably be a good idea to generate your own symCipher array, and generate your own encrypted strings, so they are unique. Here is a small html PHP script that simply outputs your decrypted string and the substitution array needed to generate it here!
This next cipher is a Transitional cipher. The principal is really simple, just replacing a letter in the ASCII table with one a defined amount above or below it, so if I wanted -1, B would be A, A would be Z etc. An objective-C implementation would look like this:
This will give us the log: Transpositional cipher, SignerIdentity, pfdkboFabkqfqv. This is harder to crack but pretty easy to spot if you know what you're looking for. Nonetheless, it's one step, and a lot less code, closer to preventing hackers from cracking your app.
So now let's do a basic decryption of the SignerIdentity string that we need, we just use the decryption method with our encryted string:
Code:
char csignid[] = "PfdkboFabkqfqv";
for(int i=0;i
As you can see this contains a lot less code, but with the drawback of being a lot more crackable. This is the end of the cipher code samples.
So now that we have learned how to hide our string from simple hex edits, we can lay a honeytrap in our code. Let's go back to the code we used in the beginning of the tutorial. We used a simple "SignerIdentity" string in full site back then. Now what if we added a small boolean value in there to return true if it has been executed if the ObjectForKey is null? Let's find out:
In this code, the variable checked will be false if someone hex edits out SignerIdentity, a nice little honeytrap. Now what you do after you have detected this piracy is up to you! Personally:
Quote:
My method of choice is to display an alert.. much like "illegal copy detected" then just gobble up all the memory and display a "reporting piracy to apple" with a progress view... so it freezes the phone while "reporting piracy".
of course there is no call to report piracy.. it's just a deterrent.
Guaranteed app uninstall within minutes after they reboot their phone (because it froze) -Root
Good effort, but while some of that might make your average 12-year cracker scratch his head, anyone with some time and passable knowledge will crack the app. No one who seriously wishes to protect their app should rely solely on the things in the above post. Accept the fact that it will EVENTUALLY be cracked, and if you think its worth it, develop your own, PRIVATE, method of protection. Anything out in the open like this is even easier for crackers to surmount. (obviously)
Thanks for posting the code, but when looking at this in Safari Version 4.0.3 (6531.9) your program is getting cut off at the first greater than sign -- seems like the browser is interpreting it as a beginning of a tag. This is usually some kind of comparison in an if command. Like this
NSLog(@"%s",cfile);
for(int i=0;i
and the rest of the code is not visible in the browser.
Thanks for posting the code, but when looking at this in Safari Version 4.0.3 (6531.9) your program is getting cut off at the first greater than sign -- seems like the browser is interpreting it as a beginning of a tag. This is usually some kind of comparison in an if command. Like this
NSLog(@"%s",cfile);
for(int i=0;i
and the rest of the code is not visible in the browser.
Sorry about that, I don't know why it's cutting it off like that. Anyway, here's the code:
Code:
char csignid[] = "PfdkboFabkqfqv";
for(int i=0;i
It still doesn't seem to show up for me either, here it is in Plain text:
char csignid[] = "PfdkboFabkqfqv";
for(int i=0;i
csignid[i] = csignid[i]+3;
NSString* signIdentity = [[NSString alloc] initWithCString:csignid encoding:NSUTF8StringEncoding];
Sorry about that, I don't know why it's cutting it off like that. Anyway, here's the code:
Code:
char csignid[] = "PfdkboFabkqfqv";
for(int i=0;i
It still doesn't seem to show up for me either, here it is in Plain text:
char csignid[] = "PfdkboFabkqfqv";
for(int i=0;i
csignid[i] = csignid[i]+3;
NSString* signIdentity = [[NSString alloc] initWithCString:csignid encoding:NSUTF8StringEncoding];
I can't see any better solution than to replace all your <s and >s and &s with <, >, and & respectively. Strangely enough, putting the program code into <pre> and </pre> works well enough on my web site cootsoft.com where I have the full source code of my app posted. Strange that the CODE thing here doesn't throw that into the generated HTML??
I can't see any better solution than to replace all your <s and >s and &s with <, >, and & respectively. Strangely enough, putting the program code into <pre> and </pre> works well enough on my web site cootsoft.com where I have the full source code of my app posted. Strange that the CODE thing here doesn't throw that into the generated HTML??
As you can see in the bottom left corner, HTML code is enabled.
Hi, I would like to ask, where to put all this codes?
In Appdelegate.m and .h?
In which function?
Thanks.
ps. btw my 1st app have been pirated. Im going to update to ver 2.0 soon, and
want to put some piracy deterrents.. probably wont stop them, but something to annoy the pirates would be great.
Hi, I would like to ask, where to put all this codes?
In Appdelegate.m and .h?
In which function?
Thanks.
ps. btw my 1st app have been pirated. Im going to update to ver 2.0 soon, and
want to put some piracy deterrents.. probably wont stop them, but something to annoy the pirates would be great.
You can put this code anywhere you want pretty much. Whether it's in the app delegate or the view controller doesn't really matter. But I would put it in the app delegate in the ViewDidLoad function just so it gets called every time the app is loaded. Thanks for asking, and congrats on your apps.
You can put this code anywhere you want pretty much. Whether it's in the app delegate or the view controller doesn't really matter. But I would put it in the app delegate in the ViewDidLoad function just so it gets called every time the app is loaded. Thanks for asking, and congrats on your apps.
Shmoopi, thanks for the fast reply.
Anyway on a second note, do you think it is wise to disable the app on those who pirated our apps? Wont that get them more angry at you or something?
Im thinking of total disabling, but, the thought of just putting up a banner/ad comes to mind, esp, perhaps it would help in promoting our app.. ?
Anyway on a second note, do you think it is wise to disable the app on those who pirated our apps? Wont that get them more angry at you or something?
Im thinking of total disabling, but, the thought of just putting up a banner/ad comes to mind, esp, perhaps it would help in promoting our app.. ?
I've thought long and hard about this question for a good year, and the best answer i've been able to come up with is that it's your choice. Personally I think it's better if I give them a minute demo of my app, then ask them to buy it. That way they can't seriously use it, but they get a good feel for it, and might potentially buy it. Either way it's up to you.
I've thought long and hard about this question for a good year, and the best answer i've been able to come up with is that it's your choice. Personally I think it's better if I give them a minute demo of my app, then ask them to buy it. That way they can't seriously use it, but they get a good feel for it, and might potentially buy it. Either way it's up to you.
Hi, thanks.. erm.. but i added the key to my info.plist, but nothing happens. Maybe i did something wrong.. not sure..
Ok then, make sure you have everything set up right and then try again. If it still doesn't work try using the first example in the ViewDidLoad method with the "SignerIdentity" Key and the value Bob. If it still doesn't work feel free to post the code and we'll try to help you.
Hi, I would like to ask, where to put all this codes?
I would argue that the best thing to do is to put different variations of the obfuscated code at varying points though your game, and pop up a "please don't pirate my game" alert and then exit whenever you detect piracy. Most pirates don't even play the games they crack, just crack 'em and slap them up for download; if you make it fail at numerous distinct points through the game, they actually have to take the time to play throught the game to find and remove them all.
It'll happen eventually, of course. But you can delay them through this approach and that can mean more sales (which, btw, was used pretty effectively by Spyro the Dragon on the PS2).
__________________
Visit Mr Jack Games for my blog and more about my games
I got that confused too. I thought jailbreaking phones is a way to pirate our app. But actually jailbreak phone only allows installation of pirated app, on top of the normal installation of legal app. Pirated app is the app binary that have been altered inside it to be able to be installed on a jailbreak phone. ... Right?
I got that confused too. I thought jailbreaking phones is a way to pirate our app. But actually jailbreak phone only allows installation of pirated app, on top of the normal installation of legal app. Pirated app is the app binary that have been altered inside it to be able to be installed on a jailbreak phone. ... Right?
Yes, there is a little bit more to it than that, but that's about right.
This code will not effect jailbroken phones, it runs the exact same on both jailbroken and non-jailbroken phones. Thanks
so ... what's your suggestion ? what's the best way?
if somebody download cracked ipa ... when app runs an alert shows up and says "BUY MY APP" or something like this ....
So, what's the consensus on this? Does this really prevent piracy, or is it just wasted effort? If it only slows down the pirates by a few minutes, what's the point?
Is it really true that all pirated apps have to have a "signer identity"?
More generally, do the pirates HAVE to modify the info.plist in some way to pirate the app?
iPhone Piracy Protection Code - A Tutorial
Linear Mode
