kam800 / machobfuscator Goto Github PK

Add option to exclude all or selected frameworks from obfuscation

Dear,
Thank you for the tools provided. When I crash after using it, like this:

Exception Type: EXC_BAD_ACCESS (SIGSEGV)
Exception Subtype: KERN_INVALID_ADDRESS at 0x0000000000000020
VM Region Info: 0x20 is not in any region. Bytes before following region: 4328620000
REGION TYPE START - END [ VSIZE] PRT/MAX SHRMOD REGION DETAIL
UNUSED SPACE AT START
--->
__TEXT 0000000102018000-0000000102198000 [ 1536K] r-x/r-x SM=COW ...pp/appName

How can I solve this problem?

Hi!

I builded MachObufscator and SimpleMacApp, then copy them in folder
Running terminal and wrote ./MachObfuscator -v SimpleMacApp.app/
But nothing happened (obfuscation I mean)

Will obfuscate file:///Users/pavel/Documents/MachObfuscator/SimpleMacApp.app
Looking for dependencies...
0 obfuscable images
0 obfuscable NIBs
Collecting symbols...
0 obfuscable selectors
0 obfuscable classes
0 unobfuscable selectors
0 unobfuscable classes
Mangling symbols...
0 mangled selectors
0 mangled classes
Saving all the files in place...
BYE
MacBook-Pro-Pavel:MachObfuscator pavel$

What I made wrong?

Hi there,

We have used your tool to obfuscation iOS app and it works well as expected but when we run it on the mac app - the process works successfully but upon running the app we get a black screen.

Any assistance will be helpful.

Obfuscate type name for ObjC properties. Type name is referenced in property attributes and it is stored in __cstring section.
Types should be obfuscated in classes, protocol, categories.

Add option to obfuscate given framework. When using --skip-all-frameworks it would be convenient to select (maybe only a few) frameworks that should be obfuscated.

I detected the issue when I tried to obfuscate a binary twice. On the second obfuscation MachObfuscator detected duplicated export trie symbols – symbols that were created by the trie obfuscation mechanism.

Following screenshot is a proof, that empty-labelled nodes exist :)

Dear
When I use MachObfuscator -v MyApp.app, I found that some method names are missing in __objc_methname, like this:

before:

after:

initData:: and login:: is miss, I can't find what caused it.
I hope you can help me solve, Thanks

Reported on Twitter by @kkosovsky.
MachObfuscator works correctly on flat mach-o images.
MachObfuscator does not correctly work on fat images.

In RealWords mangler we need to generate identifier of the same length in bytes as original identifier. Original identifier could contain multibyte UTF8 characters but mangled names contain only ascii characters.

Currently MachObfuscator crashes on precondition in Data.replaceStrings due to different lengths in bytes before and after mangling.

Add debug log level so more information useful for diagnosing with obfuscation problems may be provided to the user if requested.

I found that he does not filter the system's functions and class name methods.
What other settings do you need to do?

When using caesar mode, MachObfuscator crashes:

Fatal error: ReverseMangler clashed on symbol '�A': file /Users/lukas/Downloads/MachObfuscator-master/MachObfuscator/SymbolMangling/CaesarMangler/CaesarMangler.swift, line 30

./BuildPhases/obfuscation: line 30: 9155 Illegal instruction: 4 MachObfuscator -v -m caesar //Users/lukas/Library/Developer/Xcode/DerivedData/Wakanda-fuikddtnfvllirgvhznhqqfaeofh/Build/Products/Debug-iphoneos/{REMOVED}.app

Using XCode 10.2.1 and the newest sources of MachObfuscator from master branch. realWords mode works fine.

Support for getopt_long for input parameters

Obfuscate methtype section using mangled class names

Entirely erasing methtype section causes problems for example with code utilizing NSMethodSignature. Format of methtype strings is not well documented (https://developer.apple.com/library/archive/documentation/Cocoa/Conceptual/ObjCRuntimeGuide/Articles/ocrtTypeEncodings.html#//apple_ref/doc/uid/TP40008048-CH100 - but this does not explain strings that I saw in binaries), according to the docs it is implementation-specific (https://developer.apple.com/documentation/foundation/nsmethodsignature)

When I use MachObfuscator by type MachObfuscator -v XXX.app, the process is done well, but the XXX.app will crash each time when I tap the iPhone. It seems the app could not locate some method and crashes.

I followed following steps:

XCode > Product > Archive > Distribute App > Enterprise > Next > Again Next > Once Again Next > and generated IPA file. . . now am trying to use instructions https://github.com/kam800/MachObfuscator#integration-with-fastlane- . . . but getting an error

PrivateNetwork:untitled folder excel$ cd /Users/excel/Downloads/MachObfuscator 

PrivateNetwork:MachObfuscator excel$ ./obfuscate.sh /Users/excel/Music/santhosh_m_kunthe/wastes/testes/Dummyy.ipa NO_RESIGN MACH_OBFUSCATOR
rm: /Users/excel/Music/santhosh_m_kunthe/wastes/testes/Dummyy.ipa_obf.ipa: No such file or directory
Unzipping...
Obfuscating...
ls: ./MachObfuscator.exe: No such file or directory

PrivateNetwork:MachObfuscator excel$ 

Looking for dependencies...
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreMotion.framework/CoreMotion
WARN: Unable to resolve dylib path /usr/lib/libSystem.B.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/MediaToolbox.framework/MediaToolbox
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreText.framework/CoreText
WARN: Unable to resolve dylib path /System/Library/Frameworks/AudioToolbox.framework/AudioToolbox
WARN: Unable to resolve dylib path /System/Library/Frameworks/AVFoundation.framework/AVFoundation
WARN: Unable to resolve dylib path /System/Library/Frameworks/CFNetwork.framework/CFNetwork
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreGraphics.framework/CoreGraphics
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreLocation.framework/CoreLocation
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreMedia.framework/CoreMedia
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreVideo.framework/CoreVideo
WARN: Unable to resolve dylib path /System/Library/Frameworks/Foundation.framework/Foundation
WARN: Unable to resolve dylib path /System/Library/Frameworks/MediaPlayer.framework/MediaPlayer
WARN: Unable to resolve dylib path /System/Library/Frameworks/OpenAL.framework/OpenAL
WARN: Unable to resolve dylib path /System/Library/Frameworks/OpenGLES.framework/OpenGLES
WARN: Unable to resolve dylib path /System/Library/Frameworks/QuartzCore.framework/QuartzCore
WARN: Unable to resolve dylib path /System/Library/Frameworks/SystemConfiguration.framework/SystemConfiguration
WARN: Unable to resolve dylib path /System/Library/Frameworks/UIKit.framework/UIKit
WARN: Unable to resolve dylib path /usr/lib/libiconv.2.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/Metal.framework/Metal
WARN: Unable to resolve dylib path /System/Library/Frameworks/GameController.framework/GameController
WARN: Unable to resolve dylib path /System/Library/Frameworks/Security.framework/Security
WARN: Unable to resolve dylib path /System/Library/Frameworks/MobileCoreServices.framework/MobileCoreServices
WARN: Unable to resolve dylib path /usr/lib/libicucore.A.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/AdSupport.framework/AdSupport
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreImage.framework/CoreImage
WARN: Unable to resolve dylib path /System/Library/Frameworks/WebKit.framework/WebKit
WARN: Unable to resolve dylib path /System/Library/Frameworks/AssetsLibrary.framework/AssetsLibrary
WARN: Unable to resolve dylib path /System/Library/Frameworks/StoreKit.framework/StoreKit
WARN: Unable to resolve dylib path /usr/lib/libz.1.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/Photos.framework/Photos
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreTelephony.framework/CoreTelephony
WARN: Unable to resolve dylib path /usr/lib/libsqlite3.dylib
WARN: Unable to resolve dylib path /usr/lib/libobjc.A.dylib
WARN: Unable to resolve dylib path /usr/lib/libc++.1.dylib
WARN: Unable to resolve dylib path /System/Library/Frameworks/CoreFoundation.framework/CoreFoundation

Add option to preserve symtab strings. By default symtab string table should be erased.

Currently Xcode paths are hardcoded. Consider using:

• xcode-select
• DEVELOPER_DIR (used by e.g xcversion from fastlane).

Compilation in Xcode11 is terribly slow. It looks like Apple fixed the Set.union performance.

Project does not compile with Xcode 11.

Dear

When run the target ,
The number is always 0 , please kindly help to find where i was wrong .
Thanks very much

AppStore rejects our build due to missing SwiftSupport folder inside IPA file.
After analyzing source and target ipa files, the source one contains SwiftSupport folder, while obfuscated one does not.

Error message from AppStoreConnect:
ITMS-90426: Invalid Swift Support - The SwiftSupport folder is missing. Rebuild your app using the current public (GM) version of Xcode and resubmit it.

Of course, unobfuscated app goes through AppStoreConnect without any issues.

Obfuscator probably should not destroy ivar_layout for ObjC classes. ivar_layout is stored in __objc_classname section alongside regular class names. Its format is 0-terminated byte array. __objc_classname section may contain also other class-related strings/byte arrays.

LC_DYLD_INFO_ONLY can contain empty ranges. MachObfuscator will crash trying to parse an export trie from empty data. MachObfuscator should skip empty ranges.

Add support for LC_BUILD_VERSION load command generated by current compiler version.

Hi Kam
I do appreciate this repo help me to solve the obfuscator problem. But I found a problem when I obfuscated .app file. This is the log:

2019-12-23 22:03:56.963655+0800 Simulation[3932:439170] -[XXXxxx setApiVersion:]: unrecognized selector sent to instance 0x280bb2780
2019-12-23 22:03:56.966199+0800 Simulation[3932:439170] *** Terminating app due to uncaught exception 'NSInvalidArgumentException', reason: '-[XXXxxx setApiVersion:]: unrecognized selector sent to instance 0x280bb2780'
*** First throw call stack:
(0x1af5b180c 0x1af2d9fa4 0x1af4b536c 0x1af5b5c88 0x1af5b7a6c 0x1051f8578 0x1051f13e4 0x1051dae10 0x104f035e8 0x10573ffb8 0x1b3610ecc 0x1b3612cf8 0x1b361852c 0x1b2de6c3c 0x1b327bf9c 0x1b2de7724 0x1b2de717c 0x1b2de7550 0x1b2de6e0c 0x1b2deb328 0x1b31ae67c 0x1b3295588 0x1b2deb060 0x1b3295484 0x1b2deaecc 0x1b2c5cb04 0x1b2c5b66c 0x1b2c5c83c 0x1b36168ac 0x1b31cf074 0x1b46b6850 0x1b46db8e8 0x1b46c0fb4 0x1b46db5a4 0x1058aabd8 0x1058adffc 0x1b47004c8 0x1b4700194 0x1b47006bc 0x1af52f7c4 0x1af52f71c 0x1af52eeb4 0x1af52a000 0x1af5298a0 0x1b9481328 0x1b361a740 0x104f2e9b0 0x1af3b4360)
libc++abi.dylib: terminating with uncaught exception of type NSException

So I add this method to --objc-blacklist-selector, but app crash again.

After I dump header, I can't found this method, but there is a property with this name.

I want to know how to add an obfuscation strategy that does not obfuscate the specified attributes.

Add blacklist for ObjC selectors: list of values and regex.

MachObfuscator should detect problematic libraries (like UnityAds, Firebase Performane, Ironsource, etc...) and warn the user about the danger. MachObfuscator could also provide a brief proposal for possible actions.

Explicitly blacklist selectors used by libobjc. Currently some of them may blacklisted because they occur in system dependencies (like .cxx_destruct) and some are probably rarely used or do not occur in binaries. Hovever, any attempt to obfuscate them may have unpredictable consequences.
See sel_init in https://opensource.apple.com/source/objc4/objc4-750.1/runtime/objc-sel.mm.auto.html - list of internal selectors.

Dear
When build with xcode, i show "Build Failed"

/Users/LinhMui/Library/Developer/Xcode/DerivedData/MachObfuscator-hiuiglqeupyhqzfaqyqbkxxmzanu/Build/Intermediates.noindex/MachObfuscator.build/Debug/MachObfuscator.build/Script-D481608B211CF068008671D8.sh: line 2: swiftformat: command not found
Command /bin/sh failed with exit code 127

Please help me or sent me binary file when built complete
Thanks

__cstring section contain filenames that are generated by #file (in Swift) or __FILE__ (C/C++/ObjC)
In particular they appear when using fatalError in Swift.
They are stored in binary near class names, so they should be deleted to not give original class name this way.

It is hard to detect them, so patten (prefix) to recognize them must be given as parameter.

where is the final export path? it says 'saving... bye'!

I try to obfuscate the binary for an application I have built -

Will obfuscate file:///Users/mukoan/Programs/Yoyodyne.app/Contents/MacOS/Yoyodyne
Looking for dependencies...
WARN: Unable to resolve dylib path /AppleInternal/Library/Frameworks/InputMethodKitInternal.framework/Versions/A/InputMethodKitInternal
Fatal error: Unsupported mach binary magic CEFAEDFE: file /Users/mukoan/Software/MachObfuscator/MachObfuscator/Mach/Mach+Loading.swift, line 61
Illegal instruction: 4

My application is a mix of C++ and ObjectiveC++.
Xcode 11.3.1
macOS 10.15.3

Simplify Options parsing code by passing Options struct between main and Obfuscator instead of separate variables/fields for each setting

Add dry-run option: analyse and try to perform obfuscation but do update the images.

Add option to disable analysis dependencies: not very useful in production run, but speeds up execution significantly during obfuscator development

Dear
My game can't show Unity Ads after using MachOfuscator. Please give quick fix. Because i don't check it before submit to Apple Store, now when submit and run campaign to boost install, i got no revenue so check game again and see that. Hope you can fix only today

Thanks

can You add some code comment ? On the principle of Obfuscator, I do not understand ,thank you

Add Swift5 (apparently used from Swift version 4.2) reflection sections to list of erased sections. Note, that this may cause problems with running the application.

Hi there!

I'm trying to integrate MachObfuscator in our current project, which uses external Pods / Frameworks. Obfuscation works great - using realWords - but application crashes on runtime with NSUnknownKeyException. Seems like obfuscator replaced some of the keys in FireBase.

*** Terminating app due to uncaught exception 'NSUnknownKeyException', reason: '[<ConsiderNightSize 0x2829c82a0> valueForUndefinedKey:]: this class is not key value coding-compliant for the key dataCollectionEnabled.'
*** First throw call stack:
(0x2222b1eb8 0x2214abf18 0x2221c7c08 0x222cd0f9c 0x222d2aa88 0x222c414b4 0x100d52c68 0x100d5d868 0x1034578a0 0x103458e38 0x10345be10 0x10346a110 0x10346ab04 0x221eb6bc0 0x221ebcdd4)
libc++abi.dylib: terminating with uncaught exception of type NSException

Would be great if MachObfuscator provided more options and args, like Frameworks / types to exclude from obfuscation.

Cheers!

Lukas

Dear
I using Ironsource Ads to monetize but when i using MachOfuscator, it break my ads. I try to using skip framework but nothings happen. You can see Ironsrc SDK here: https://developers.ironsrc.com/ironsource-mobile/ios/ios-sdk/#step-1
Please help me
Thanks

Hello,

I tried to use your project and discovered that there is no "--swift-obfuscation" option.

I've been using this line of code:
sh("MACH_OBFUSCATOR=../MachObfuscator ../obfuscate.sh ../exported_ipa/#{TARGET_NAME}.ipa NO_RESIGN -v --swift-obfuscation | tee ../app/obfuscation.log")

Any kind of help would be highly appreciated.

Thanks.

Add possibility to pass path to the image instead of directory.
If executable file of iOS app instead of directory is passed, nibs will not be loaded, so this option should not be used for iOS apps. It is aimed at MacOS apps.

Add option to erase given Mach-O section.

Add option to replace arbitrary cstrings. This is a bit dangerous, but sometimes useful, for example if there is a text that should be obfuscated but is not a symbol.

It looks like a problem with URL coding.
Fatal error: 'try!' expression unexpectedly raised an error: Error Domain=NSCocoaErrorDomain Code=260 "未能打开文件“%E6%95%B0%E5%AD%97%E7%88%86%E7%82%B8”，因为它不存在。"