iOS Question Does an ipa have a readable signature

Erel

B4X founder

Staff member

Licensed User

Longtime User

• May 7, 2017

• #2

No.

 

Upvote 0

JackKirk

Well-Known Member

Licensed User

Longtime User

• May 7, 2017

• #3

What about the Team ID you have just helped me with here:

https://www.b4x.com/android/forum/threads/extract-team-id.79245/#post-501910

I'm looking for a way to deter some low life repackaging my iOS app - I can use such a signature to encrypt some bits of the app which would render it useless if the signature changed.

 

Upvote 0

Erel

B4X founder

Staff member

Licensed User

Longtime User

• May 7, 2017

• #4

This is just a string. Anyone can add such a string to the project.

You can get the CFBundleIdentifier (package name). It is unique to your app.

Change one of the subs here to return it: https://www.b4x.com/android/forum/threads/packagemanager.47028/#post-290779

 

Upvote 0

JackKirk

Well-Known Member

Licensed User

Longtime User

• May 9, 2017

• #5

CFBundleIdentifier seems to just give me whatever I have entered at [Project] > [Build Configurations] > [Package:] - can't see this as being unique to the version of the app.

Any other suggestions?

 

Upvote 0

Erel

B4X founder

Staff member

Licensed User

Longtime User

• May 9, 2017

• #6

What are you trying to protect from?

 

Upvote 0

JackKirk

Well-Known Member

Licensed User

Longtime User

• May 10, 2017

• #7

I'm trying to protect from someone modifying and/or repackaging and putting on a site like Cydia.

Also I have some components of the app that I consider proprietary - can you tell me just how exposed they are to someone lifting them and using them in their own apps.

 

Upvote 0

Erel

B4X founder

Staff member

Licensed User

Longtime User

• May 10, 2017

• #8

Generally speaking, iOS apps are more difficult to decompile than Android apps.
You can use this code to calculate the signature of the embedded provision profile:

B4X:

#if Relesae
   Dim b() As Byte = Bit.InputStreamToBytes(File.OpenInput(File.DirAssets, "embedded.mobileprovision"))
   Dim md As MessageDigest
   Dim bc As ByteConverter
   Dim hex As String = bc.HexFromBytes(md.GetMessageDigest(b, "SHA-256"))
   Log(hex)
   Page1.Title = hex
#end if

A determined hacker will be able to remove the check or modify it as needed.

 

Upvote 0

JackKirk

Well-Known Member

Licensed User

Longtime User

• May 10, 2017

• #9

Erel,

Many thanks for your forbearance - I take it this will change if the hacker inserts or removes anything from the app and / or resigns it?

 

Upvote 0

Erel

B4X founder

Staff member

Licensed User

Longtime User

• May 10, 2017

• #10

A hacker will not be able to use your provision profile while signing the app. So the signature will be different.

Note that it will also be different when you compile it with a store provision so make sure to test it with the correct value. You can open the IPA file and then calculate the hash yourself.

 

Upvote 0