防护IOS APP安全的几种方式(详解)

1.URL编码加密
对iOS app中出现的URL进行编码加密,防止URL被静态分析
2.本地数据加密
对NSUserDefaults,sqlite存储文件数据加密,保护iOS app的帐号和关键信息。
3.网络传输数据加密
对iOS app客户端传输数据提供加密方案,有效防止通过网络接口的拦截获取
4.方法体,方法名高级混淆
对iOS app的方法名和方法体进行混淆,保证源码被逆向后无法解析代码
5.程序结构混排加密
对iOS app逻辑结构进行打乱混排,保证源码可读性降到最低

一 .URL编码加密

1.背景介绍
a. iOS 下URL加解密,项目使用AFNetworking.
b. 虽然是使用HTTPS,但是从安全方面考虑,在很多情况下还是需要对url的参数进行加密的.
c. 不管是get请求还是post请求,都可以对后边的参数进行加密,这里说下post请求。

2.加密方式
a. 加密:首先对字符串记性AES128加密,然后进行base64加密(主要是为了去除特殊字符)
b. 其中base64加解密使用 GTMBase64添加两个方法
c. 解密:先base64解密,然后在AES128解密即可还原数据

3.加密代码

加密之前的代码 :
NSMutableDictionary *para = [NSMutableDictionary dictionary];
para[@"method"] = @"encryp";
para[@"userId"] = 35617236572;
para[@"userName"] = @"小红";
para[@"code"] = @"1521***6657";
 NSString *url = [NSString stringWithFormat:@"%@ActivityAction/saveActivity.do", serverURL];
AFHTTPRequestOperation *operation = [NetWorkInst POST:url parameters:dict constructingBodyWithBlock:^(id formData) {       
} success:^(AFHTTPRequestOperation *operation, id responseObject) {
    
}];
加密之后:
NSMutableDictionary *para = [NSMutableDictionary dictionary];
para[@"method"] = @"encryp";
para[@"userId"] = 35617236572;
para[@"userName"] = @"小红";
para[@"code"] = @"1521***6657";
// 开始加密,格式化数据****************************
NSString *str = [NSString stringWithFormat:@"'method':'encryp','userId':'35617236572 35617236572','userPsw':'小红','content':''1521***6657"];
NSLog(@"原始数据:%@",str);
NSData *data = [str dataUsingEncoding:NSUTF8StringEncoding];
NSData *aaa = [data AES128EncryptWithKey:@"dt8888"]; // aes加密
NSLog(@"加密AES128后:%@",aaa);
NSString *bbb = [PublicMethod encodeBase64Data:aaa];//base64加密
NSLog(@"base64加密后:%@",bbb);

NSMutableDictionary *dict = [NSMutableDictionary dictionary];
dict[@"info"] = bbb;

NSString *url = [NSString stringWithFormat:@"https://%@:82/frame/webInteface.do?", NHBaseURL];
AFHTTPRequestOperation *operation = [NetWorkInst POST:url parameters:dict constructingBodyWithBlock:^(id formData) {       
} success:^(AFHTTPRequestOperation *operation, id responseObject) {
    
}];

其中URLString可以作为最基础的,不需要加密
parameters 就是我们需要加密的地方,这是一个字典,因为AFN会对这个parameters进行解析,所以对这个参数集合进行一次包装,拼接成一个字符串。然后对字符串进行加密。

base64加解密使用 GTMBase64添加两个方发如下:

//加密
+ (NSString*)encodeBase64Data:(NSData *)data {
    data = [GTMBase64 encodeData:data];
    NSString *base64String = [[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding];
    return base64String;
}
//解密
+ (NSData*)decodeBase64String:(NSString * )input {
    NSData *data = [input dataUsingEncoding:NSUTF8StringEncoding allowLossyConversion:YES];
    data = [GTMBase64 decodeData:data];
    return data;
}

AES128使用系统CommonCrypto/CommonCryptor.h实现 //用于AES
添加NSData分类,增加两个方法

//加密
- (NSData *)AES128EncryptWithKey:(NSString *)key {
    
    char keyPtr[kCCKeySizeAES128 + 1];
    memset(keyPtr, 0, sizeof(keyPtr));
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
    
    NSUInteger dataLength = [self length];
    
    size_t bufferSize = dataLength + kCCBlockSizeAES128;
    void *buffer = malloc(bufferSize);
    
    size_t numBytesEncrypted = 0;
    CCCryptorStatus cryptStatus = CCCrypt(kCCEncrypt,
                                          kCCAlgorithmAES,
                                          kCCOptionPKCS7Padding|kCCOptionECBMode,
                                          keyPtr,
                                          kCCBlockSizeAES128,
                                          NULL /* initialization vector (optional) */,
                                          [self bytes],
                                          dataLength, /* input */
                                          buffer,
                                          bufferSize, /* output */
                                          &numBytesEncrypted);
    if (cryptStatus == kCCSuccess) {
        //the returned NSData takes ownership of the buffer and will free it on deallocation
        return [NSData dataWithBytesNoCopy:buffer length:numBytesEncrypted];
    }
    
    free(buffer); //free the buffer;
    return nil;
}
//解密
- (NSData *)AES128DecryptWithKey:(NSString *)key {
    // 'key' should be 32 bytes for AES256, will be null-padded otherwise
    char keyPtr[kCCKeySizeAES128+1]; // room for terminator (unused)
    bzero(keyPtr, sizeof(keyPtr)); // fill with zeroes (for padding)
    
    // fetch key data
    [key getCString:keyPtr maxLength:sizeof(keyPtr) encoding:NSUTF8StringEncoding];
    
    NSUInteger dataLength = [self length];
    
    //See the doc: For block ciphers, the output size will always be less than or
    //equal to the input size plus the size of one block.
    //That's why we need to add the size of one block here
    size_t bufferSize = dataLength + kCCBlockSizeAES128;
    void *buffer = malloc(bufferSize);
    
    size_t numBytesDecrypted = 0;
    CCCryptorStatus cryptStatus = CCCrypt(kCCDecrypt,
                                          kCCAlgorithmAES128,
                                          kCCOptionPKCS7Padding|kCCOptionECBMode,
                                          keyPtr,
                                          kCCBlockSizeAES128,
                                          NULL /* initialization vector (optional) */,
                                          [self bytes],
                                          dataLength, /* input */
                                          buffer,
                                          bufferSize, /* output */
                                          &numBytesDecrypted);
    
    if (cryptStatus == kCCSuccess) {
        //the returned NSData takes ownership of the buffer and will free it on deallocation
        return [NSData dataWithBytesNoCopy:buffer length:numBytesDecrypted];
    }
    
    free(buffer); //free the buffer;
    return nil;
}

 

你可能感兴趣的:(iOS开发)