Code obfuscation for swift project

Since Xcode does symbolize the app (written in swift and distribute to enterprise) while generating the .ipa, is code obfuscation still necessary ?

The reason the team is considering the obfuscation is security is the highest priority to us, we have lots of algorithms within the app and we don't want it has any chance to be reverse engineered or expose human readable source code.

Thank you,
Richard
Up vote post of dffffwew Down vote post of dffffwew
2.2k views
Posted by
dffffwew
Reply
Add a Comment

Replies

An .ipa is just a .zip - change the suffix, unpack the app and see if any if the contents reveal your algos...once a compiled binary is generated, there is no human readable source code, and the amount of work just to attempt knowing your IP is not worth even trying, I think.

As always, tho, the only way to prohibit others having what you have is to not put it out in the wild.
Posted by
KMT
Up vote reply of KMT Down vote reply of KMT
Add a Comment

Ghidra makes reverse engineering trivial, and free see https://ghidra-sre.org/InstallationGuide.html

In a case I'm working on substituting 20 00 80 D2 C0 03 5F D6 for FF 03 03 D1 F6 57 09 A9 at offset 00000001005DE584 bypasses our license and verification of integrity completely! That code simply does mov x0 #1 and then a ret. Obfuscation would make finding that very hard, as it is a simple string search gives the code location away. Instead of picking through 21mb of code to try to find that one set of call you do a string search and bingo.

I'm looking for a good obfuscator for both Objective-c and swift.

Posted by
pjford
Post not yet marked as solved Up vote reply of pjford Down vote reply of pjford
Add a Comment