堆栈内存溢出
  简体   繁体   English

如果我与客户共享一个未签名的XCARCHIVE文件,他们可以看到源代码吗?

[英]If i share an unsigned XCARCHIVE file with a client, can they see the source code?

 原文  2011-12-18 23:17:53       iphone/ objective-c/ ios

问题描述

If i share an unsigned XCARCHIVE file with a client, can they see the source code? 如果我与客户共享一个未签名的XCARCHIVE文件,他们可以看到源代码吗? Is it in any way less secure than sending them the IPA file? 它比发送IPA文件更安全吗?

Thanks 谢谢

2 个解决方案

解决方案1
 7 已采纳  2011-12-18 23:29:35

If you take a look inside an .xcarchive, you'll see that it consists of a "dSYM" directory (which holds the debug symbols for the application), an Info.plist, and a directory containing the application binary. 如果你看一下.xcarchive,你会看到它包含一个“dSYM”目录(它包含应用程序的调试符号),一个Info.plist和一个包含应用程序二进制文件的目录。 It should be no less secure than sending an IPA. 它应该比发送IPA更安全。

解决方案2
 2  2012-03-22 20:00:20

Distributing a .xcarchive directory is a bad idea if you are worried about reverse engineering. 如果您担心逆向工程,分发.xcarchive目录是个坏主意。

Specifically a .ipa file typically does not contain the C symbol table. 具体而言,.ipa文件通常不包含C符号表。

Any mach-o binary linked against any objc will include segments which describe all of the objc classes, selectors and imp addresses. 任何objc链接的任何mach-o二进制文件都将包含描述所有objc类,选择器和imp地址的段。 This is great to have when reversing, but the C symbol table is something that can and should be discarded from your distributed binary. 反转时很有用,但C符号表是可以而且应该从分布式二进制文件中丢弃的东西。

The .dSYM dir (containing the stripped symbol table) is kept specifically so that stack traces in crash reports can be symbolicated. .dSYM目录(包含剥离的符号表)是专门保留的,因此可以对崩溃报告中的堆栈跟踪进行符号化。 There is no techinal reason to distribute it. 分发它没有技术理由。

Indeed, to the reverse-engineer, having the symbol table can be priceless. 实际上,对于逆向工程师来说,拥有符号表可能是无价的。

If you are worried about someone reverse engineering some of your logic, implement everything with private C functions (all in the same file as far as the compiler is concerned) and distribute a stripped binary only (.ipa not .xcarchive). 如果您担心有人对某些逻辑进行逆向工程,请使用私有C函数实现所有内容(就编译器而言,所有内容都在同一文件中)并仅分发剥离的二进制文件(.ipa而不是.xcarchive)。

Don't use objc any more than you are forced to. 不要使用objc比你被迫使用。

Even then, someone who is good with a decompiler will still figure it all out eventually, but it will be a lot harder. 即使在那时,一个善于使用反编译器的人最终仍会把它全部弄清楚,但这将会困难得多。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我可以使用 xcarchive 将我的应用程序发送给客户,以便在他们的 Apple 开发者帐户上进行更新吗? - Can I use xcarchive to send my app to a client to be updated on their Apple developer account? 我可以在Xcode上重新打开.xcarchive吗? - Can I re-open .xcarchive on Xcode? 如何查看在iPhone上显示的网页来源? - How can I see the source of a webpage as it would be displayed on an iPhone? 我可以使用Facebook分享声音文件吗? - Can I share sound file using facebook? 我有一个库文件(.a)。 我如何从中倒退以获得一些伪源代码? - I've got a library file (.a). How can I go backwards from this to get some pseudo source code? 如何浏览iPhone上的源代码? - How can I browse source code on an iPhone? 如何查看nib / xib文件的代码? - How can I see code for nib/xib files? 如何在iPhone中将声音文件共享到Facebook或Twitter - How can i share a sound file, to facebook or Twitter in iphone 如何删除我不容易看到的iPhone SDK中的文件 - How to remove a file in iPhone SDK that I can't easily see 在哪里可以下载iLOCOi2移动应用程序源代码? - Where can i download the iLOCOi2 mobile app source code?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM