I am building an iPhone game where I store the player's game data in the Documents folder of the application. The game data is serialized to disk using encodeWithCoder. Using this approach, am I at risk of malicious players altering the game data by hand?
I know jail broken phones give you ssh access to your phone. So in theory, a player can ssh into his phone, find the game data, and edit it using vi to tweak their data?
I have a jail broken phone for testing and I'm trying it now, but each attempt at editing it seems to corrupt the file and make it impossible to be read by the game.
I'm also trying to scp the data file to my dev machine, open it up using xcode, tweaking the values, and sending it back to the app. But I'm not having any success on seeing the new values appear in the game.
So am I safe from this type of exploit?
Thanks.
If you are really worried about it, encrypt it.
I say if since the # of people who are going to jailbreak their phone to hack your app is so miniscule it is not worth worrying about. If and when it is worth worrying about, you can change it.
This smells like a premature optimization to me.
No, on a jailbroken iPhone the user can do whatever he likes to do, even change your file. The only save place is the internet on a by you controlled server.
Agreed, this sounds like a minor problem. Why would a user want to go through the trouble of hex editing their score on a jailbroken device? The last time I even thought of doing something similar was with Neuromancer on the Apple II+.
If you do have a case where trusted local data is required as part of some online competition, you could try storing it on the device using the Keychain API, although even that might be accessible to the local user.
Related
I should hook UIResponder of every app, including SpringBoard and any others. In the hooking, I will write something to the specified file. If I set the path to /var/mobile/Library/MyApp, recommended by Cydia, I found that only the SpringBoard and MyApp could write successfully.
So is there a place every app can write and read?
I admit that I'm not 100% sure on this one, but my guess would be no, there is not a path that every app can writes files to on a jailbroken iPhone.
Certainly, jailbreak apps (installed in /Applications/) on a jailbroken phone can write to locations that can be shared between those jailbreak apps. But, as I understand your question, you would like to inject code into normal, App Store apps, so that those apps can also read and write to the shared location. That part I don't think is possible, because jailbreaking does not completely disable the sandbox for 3rd-party apps installed normally, under /var/mobile/Applications/.
Now, there might be a workaround. There are some shared folders that are accessible to all apps for certain purposes. For example, any app can write images to the saved photos album. What you could try is to take the content of the file you want to write, and encode it as fake image data, in a UIImage (e.g. with [UIImage imageWithData:]). You'd probably need to add a valid image header to the data. Then, you save the file to the photos album, using something like
writeImageToSavedPhotosAlbum:orientation:completionBlock:.
Another app could then find the fake photo by enumerating the saved photos album, and then converting the asset back to image representation to pull the real data back out.
However, this seems quite complicated, and possibly wouldn't work (I haven't tried it). Perhaps you could tell us why you want this shared file. Maybe there's a better way to share the data, without using a globally-accessible file?
Notifications can help you with this. Every app will send interprocess notifications about the events. You could start a daemon that will listen for this notifications and save them in a file. Or you could listen for them in SpringBoard as he can write, for example, to /var/mobile/Media. Depends on what you want to do with this file. Check out my answer here How to create a global environment variable that can be accessed by SpringBoard or other applications in the jailbroken iPhone?
I would like to know whether something like this can be easily achieved, any suggestions?
The only possibility would be reading in fingerprints via the camera. However if you focus on a finger, it's simply not sensitive enough to discern the separate lines that make up a fingerprint.
So, the only possibility would be dedicated hardware that could read fingerprints and talk to the phone.
I have a iPhone app which needs to have a self destruct option. This app is going to be use on sensitive locations and holds some algorithms which are not to be known by anybody except the iPod Holder.
What would be the most "complete" way of deleting the app?
I was thinking of some how writing zeros to the nib file. or the actual application.app but I believe this folders are write protected and sandboxed.
Anybody have any ideas of better ways to achieve this?
Elaboration (Taken from original poster's comments):
This is for a jailbroken iPhone.
These devices are going to be provided to military personnel this device falling into enemy hands would be the least of my concerns. It's going to have a button so wipe the app once the app is written to zero or better yet corrupted with garbage all over the "exe" the app has no way of working and it would require inspection of the iPod flash chip with equipment that i 100% know the wrong people wont have
If you are openly storing the code that contains this algorithm within your application, there's nothing stopping the "wrong people" from jailbreaking the device and copying the complete file structure of the device before you run your "wipe" process.
Additionally, if you are dealing with a U.S. Government customer, I doubt that they will approve of the purchase of a jailbroken device, given that the vendor of such a device has claimed that jailbreaking is illegal. Whether or not this will hold up in court, the government tends to be conservative in these matters and err on the side of caution. Because Apple is a large U.S. company and a vendor to the government, I wouldn't expect the government procurers to take the jailbreakers' side in this.
My recommendation would be to encrypt the particular algorithms within a file in your application's bundle, and require the user of this application to decrypt this file into memory with the correct (difficult) password. That way, even if the "bad guys" were to gain access to the application, they wouldn't have everything they need to access these algorithms and would have to brute-force the password on the encrypted portion. This could be done on a standard, non-jailbroken device.
The U.S. Army is rolling out iPods in the field, with custom applications on them, so I'm sure that you're not the first person facing this challenge. If this work is being funded through a Department of Defense SBIR grant (or similar), you may even be able to contact your contracting officer and see if they can put you in touch with people at the appropriate agency who may be able to help you out with this (or even determine if it an issue to begin with).
I'm going to go out on a limb here and say you may not want to use the iphone for this type of app. There are intentional limitations to this exact type of action on the iphone and in springboard. If you are doing something so sensitive that it can't fall into unauthorized hands my recommendation would be to use a different and more customizable/controllable platform.
Unless you're working from a jailbroken device, you're probably going to run into problems here.
Even if you can find a way to automatically delete the app, you're still running the risk of those algorithms getting into the wrong hands - you would essentially be running into the same problems that Apple has with jailbreaking - once the device is in someone else's hands, it only takes the proper amount of motivation for the data to be accessed.
The only way to secure your algorithms is to pass the data to a remote server and get the results. There's still a possibility of a security breach, but it's much, much lower.
I don't know how well this would work, but you could store the algorithm as a file inside the application bundle, run the algorithm from that file possibly using a scripting language or something, and delete that file if you need to.
The folders are sandboxed, but your application is in there. On my jailbroken iPhone I see that all the permissions are owned by mobile so I don't see any reason why you can't just overwrite all the files with zeroes and then delete them.
The application bundle is effectively read-only, perhaps you should store some of the information in an encrypted form somewhere on a network.
Even if you find a way to write over the app in the flash memory, you really aren't erasing the app. Flash memory chips use wear leveling algorithms to reduce writes to the same blocks and so when you write out zeroes they are typically written to a new block of memory and not to the same block used before, so you really aren't erasing anything. The data can still be recovered from the flash chip (by a pro).
Another option is to separate out the parameters of the algorithm so that the algorithm is no longer sensitive (or at least not usable) and provide the parameters encrypted in a file. Then provide the key to authorized users via the network and don't store that key into flash, only RAM. They would need to get the key every time they start the app. Only give the key to authorized users. Of course, you'll also need to encrypt that key for transmission over the network with another key... There are systems for doing this, don't invent your own, in any case you'll need a crypto expert to do this right.
I would use the built in encryption to store the data, with a key the user has to enter to decrypt it. Without the key it doesn't matter if the data blob is recovered from the device.
Is it possible to assign different identifiers to copies of an app downloaded from the app store that is hard coded into the application? Or is their anyway of permanently storing an identifier in the application bundle such that when it is copied, the key remains within the bundle?
EDIT: Ok, how about iTunes reciepts, can they be used to verify when it was downloaded as the user has to register their app with the server within say 5 hours of them downloading it.
thanks in advance
I'm assuming your goal here is to disable part of the functionality of your app by having a master list of bogus serial numbers somewhere. Unfortunately there is no per-copy serial number available, and if there were it would be the first thing the bad guys would change before posting your app for download.
Instead you'll need to detect whether your app bundle has been tampered with from within the app. See this question:
Reducing piracy of iPhone applications
You'll then need to decide how subtly or obviously you want to limit functionality. Probably the best solution would be to do something innocuous but slightly annoying that generates a specific kind of support request, at which point you can gently prod the deadbeat into considering buying a legit copy.
An approach with more false positives but potentially fewer false negatives would be to check if the app is running on a jailbroken device. The downside there is that jailbreakers may well have legitimately purchased your app, so you're alienating honest customers for little to no extra benefit.
For the app I'm working on, which has a big social/viral aspect (I hope), I've decided that potential deadbeats probably have enough honest friends to pay for the server cycles that they're stealing, and it's just not worth worrying about.
No, there's no way to do either of these. The closest you could come would be to store device IDs on a central server.
I want to write a perlscript on my iPhone that is able to give me a heads up at certain points so I'm wondering how I would go about doing that.
Is there a way to get a message through the gui from a script running in the background? I've been looking without much luck. I had a thought about inserting a fake sms into the sqlite db as a last resort but it seems somewhat unlikely that it would work.
It would be nice to be able to make a push notification style popup appear but that might too much to ask.
Any ideas?
For reasons of security and stability, Apple does not allow scripting languages on the iPhone. You can run them on a jailbroken phone but I'm given to understand it's a hassle.
From the Apple Push Notification Programming Guide:
Note: On a desktop system, a
background process is often the means
whereby users are informed of
downloadable data for an application
that currently isn’t running. But on a
device such as the iPhone, background
applications are, for performance and
security reasons, prohibited. Only one
application may be executing at a
time.
The iPhone is a secure and reliable phone first and a computer second. Computing is sacrificed to ensure a reliable phone.
I found a solution I liked so I decided to share it. I found an app for jailbroken iPhones called GriP - Growl for iPhone. Which changes the way push notifications and other messages are handled. It also makes it possible to send messages from the command line via something along the lines of:
/usr/bin/GriP -t "Title" -d "Description"
It has worked great so far.
Thank you for your help TechZen and molecules.
Do you want information from your phone itself or from an outside source? If you want information from an outside source, you could set up a Perl script on a computer to e-mail yourself notifications (see Sending Email with Perl Best Practice).