/swiftshield

A tool to protect iOS apps against reverse engineering attacks.

Primary LanguageSwift

SwiftShield logo

Swift/OBJ-C Obfuscator

GitHub release GitHub license

SwiftShield is a tool that generates irreversible, encrypted names for your iOS project's objects (including your Pods and Storyboards) in order to protect your app from tools that reverse engineer iOS apps, like class-dump and Cycript.

🛡 Manual mode (Swift/OBJ-C)

Manual mode will obfuscate properties and classes based on a tag of your choice at the end of it's name. For example, after running SwiftShield in manual mode and a tag __s, the following code:

class EncryptedVideoPlayer__s: DecryptionProtocol__s {
  func start__s() {
    let vc__s = ImportantDecryptingController__s(secureMode__s: true)
    vc__s.start__s(playAutomatically__s: true)
  }
}

becomes:

class fjiovh4894bvic: XbuinvcxoDHFh3fjid {
  func cxncjnx8fh83FDJSDd() {
    let DjivneVjxrbv42jsr = vPAOSNdcbif372hFKF(vnjdDNsbufhdks3hdDs: true)
    DjivneVjxrbv42jsr.cxncjnx8fh83FDJSDd(dncjCNCNCKSDhssuhw21w: true)
  }
}

🤖 Automatic mode (Swift only, BETA)

With the -auto tag, SwiftShield can also use SourceKit to automatically obfuscate entire projects (including dependencies) without the need of putting tags on objects. Unfortunately, due to a few SourceKit bugs, it is still very unreliable. Use with caution and don't expect much.

💥 Dealing with encrypted crash logs / analytics

After succesfully encrypting your project, SwiftShield generates a conversionMap.txt file with all the changes it made to your project, allowing you to pinpoint what an encrypted object really is.

//
//  SwiftShield
//  Conversion Map
//

Data:

ViewController ===> YytSIcFnBAqTAyR
AppDelegate ===> uJXJkhVbwdQGNhh
SuperImportantClassThatShouldBeHidden ===> GDqKGsHjJsWQzdq

🚨 Requirements

  1. No logic based on class/property names, like loading MyClass.xib because String(describing: type(of:self)) is 'MyClass'.
  2. Xcode 8.1+ (untested on other versions, but could work)

Automatic mode:

  1. Xcode command-line tools
  2. Swift 3.0 (untested on other versions, but could work)
  3. No Objective-C classes that call Swift methods (untested, but could work. Swift classes that call Objective-C methods are fine)

Manual mode:

  1. Make sure your tags aren't used on things that are not supposed to be obfuscated, like hardcoded strings.

Installation

Warning: SwiftShield irreversibly overwrites all your source files. Ideally, you should have it run only on your CI server, and on release builds.

Download the latest release from this repository and click here to see how to setup SwiftShield.

Next steps

  1. Fix SourceKit's exceptions
  2. Module names
  3. Method names (For automatic mode)

License

SwiftShield is released under the MIT license. See LICENSE for details.

Thanks

Thanks to John Holdsworth from Refactorator for SourceKit.swift.