动态库可以在多大程度上被解码或解压缩？- ios

Question

我正在为iOS应用程序(而不是苹果商店)开发一个动态库。给定一个IPA，我的动态库在多大程度上可以被黑客/用户解压缩？我在动态库中的方法定义可以在解压缩时读取吗？提前谢谢。

Answer 1

来自man dyldinfo:

dyldinfo(1)               BSD General Commands Manual              dyldinfo(1)

NAME
    dyldinfo -- Displays information used by dyld in an executable

SYNOPSIS
    dyldinfo [-arch arch-name] [-dylibs] [-rebase] [-bind] [-weak_bind] [-lazy_bind] [-export] [-opcodes]
          [-function_starts] file(s)

DESCRIPTION
    Executables built for Mac OS X 10.6 and later have a new format for the information in the __LINKEDIT
    segment.  The dyldinfo tool will display that information.

 The options are as follows:

 -arch arch
         Only display the specified architecture.  Other architectures in a universal image are ignored.

 -dylibs
         Display the table of dylibs on which this image depends.

 -rebase
         Display the table of rebasing information.  Rebasing is what dyld does when an image is not
         loaded at its preferred address.  Typically, this involves updating pointers in the __DATA seg-
         ment which point within the image.

 -bind   Display the table of binding information.  These are the symbolic fix ups that dyld must do
         when an image is loaded.

 -weak_bind
         Display the table of weak binding information.  Typically, only C++ progams will have any weak
         binding.  These are symbols which dyld must unique accross all images.

 -lazy_bind
         Display the table of lazy binding information. These are symbols which dyld delays binding
         until they are first used.  Lazy binding is automatically used for all function calls to func-
         tions in some external dylib.

 -export
         Display the table symbols which this image exports.

 -opcodes
         Display the low level opcodes used to encode all rebase and binding information.

 -function_starts
         Decodes the list of function start addresses.

这只是可以用于分析dylibs的工具的一个例子。例如，在我的机器上，我在OpenSceneGraph的一个dylibs上运行它，下面是我得到的一个片段：

0x143942   __ZN3osg13gluDeleteTessEPNS_13GLUtesselatorE
0x143968   __ZL9GotoStatePN3osg13GLUtesselatorE9TessState
0x143AA9   __ZN3osg15gluTessPropertyEPNS_13GLUtesselatorEjd
0x143B75   __ZN3osg18gluGetTessPropertyEPNS_13GLUtesselatorEjPd
0x143C70   __ZN3osg13gluTessNormalEPNS_13GLUtesselatorEddd
0x143C85   __ZN3osg15gluTessCallbackEPNS_13GLUtesselatorEjPFvvE
0x143E44   __ZN3osg13gluTessVertexEPNS_13GLUtesselatorEPdPv
0x143FE4   __ZL10EmptyCachePN3osg13GLUtesselatorE
0x144063   __ZL9AddVertexPN3osg13GLUtesselatorEPdPv
0x14411A   __ZN3osg19gluTessBeginPolygonEPNS_13GLUtesselatorEPv
0x144161   __ZN3osg19gluTessBeginContourEPNS_13GLUtesselatorE
0x1441A1   __ZN3osg17gluTessEndContourEPNS_13GLUtesselatorE
0x1441C9   __ZN3osg17gluTessEndPolygonEPNS_13GLUtesselatorE

和：

__DATA  __const          0x001D9D28    pointer       0 __ZTv0_n72_NK3osg6Camera12DrawCallback9classNameEv
__DATA  __data           0x001E8208    pointer       0 __ZTv0_n72_NK3osg6Camera12DrawCallback9classNameEv
__DATA  __data           0x001E84E8    pointer       0 __ZTv0_n72_NK3osg6Camera12DrawCallback9classNameEv
__DATA  __const          0x001DA5F8    pointer       0 __ZTv0_n72_NK3osg8Drawable12CullCallback9classNameEv
__DATA  __data           0x001E57E8    pointer       0 __ZTv0_n72_NK3osg8Drawable12CullCallback9classNameEv

和往常一样，提取字符串和其他const数据非常容易。(以下是来自.so .在我30秒的搜索过程中，我找不到系统上的x86 .不过，方法是一样的(哦，而且您可以看出，我破坏了一个与val差利一起运来的库)：

如果你有由敏感数据组成的字符串，那么这些数据可以很容易地从你的库中提取出来.这就是我从把一个库放到IDA中得到的结果：

__cstring:00003A58 ; Segment type: Pure data
__cstring:00003A58 __cstring       segment dword public 'DATA' use32
__cstring:00003A58                 assume cs:__cstring
__cstring:00003A58                 ;org 3A58h
__cstring:00003A58 aDevRandom      db '/dev/random',0      ; DATA XREF: _vgr00000ZU_libSystemZdZaZddylib_arc4random+17o
__cstring:00003A58                                         ; __data:__crashreporter_info__o
__cstring:00003A64 aValgrind_launc db 'VALGRIND_LAUNCHER',0 ; DATA XREF: vg_cleanup_env+1Co
__cstring:00003A76 aDyld_shared_re db 'DYLD_SHARED_REGION',0
__cstring:00003A89 aDyld_insert_li db 'DYLD_INSERT_LIBRARIES',0
__cstring:00003A9F                 align 10h
__cstring:00003AA0 aInstrumentedBy db 'Instrumented by Valgrind 3.8.1',0
__cstring:00003AA0 __cstring       ends

在这里您可以找到所使用的所有const字符串。在本节下面(未显示)是存储其他const数据的“纯数据”部分。

因此，同样地，它完全取决于，确切地说，什么信息是敏感的。