DJKeyObfuscation/DJKeyObfuscation.m at master · danielmj/DJKeyObfuscation · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
//
//  DJKeyObfuscation.m
//
//  Created by Daniel Jackson on 8/18/15.
//  Copyright (c) 2015 Daniel Jackson. All rights reserved.
//

#import "DJKeyObfuscation.h"
#include <CommonCrypto/CommonCrypto.h>

@interface DJKeyObfuscation ()

@end

@implementation DJKeyObfuscation

//LIMIT 48 chars.
+ (void)printObfuscationSecretArray:(NSString*)key
{
    const unsigned char* obfuscatedSecretKey = (const unsigned char*)[key UTF8String];

    unsigned char obfuscator[CC_SHA384_DIGEST_LENGTH];
    NSData *className = [NSStringFromClass([ViewController class])
                         dataUsingEncoding:NSUTF8StringEncoding];
    CC_SHA384(className.bytes, (CC_LONG)className.length, obfuscator);

    NSMutableString* hexString = [NSMutableString new];
    for (int i=0; i<key.length; i++) {

        if (i!=0) {
            [hexString appendString:@", "];
        }

        unsigned char actualSecretChar = obfuscatedSecretKey[i] ^ obfuscator[i];
        [hexString appendFormat:@"%02x", (unsigned int)actualSecretChar];
    }

    NSLog(@"{ %@ }", hexString);
}

+ (NSString*)keyFromArray:(const unsigned char*)obfuscatedSecretKey length:(int)length
{
    // Get the SHA1 of a class name, to form the obfuscator.
    unsigned char obfuscator[CC_SHA384_DIGEST_LENGTH];
    NSData *className = [NSStringFromClass([ViewController class])
                         dataUsingEncoding:NSUTF8StringEncoding];
    CC_SHA384(className.bytes, (CC_LONG)className.length, obfuscator);

    // XOR the class name against the obfuscated key, to form the real key.
    unsigned char actualSecretKey[length];
    for (int i=0; i<length; i++) {
        actualSecretKey[i] = obfuscatedSecretKey[i] ^ obfuscator[i];
    }

    return [[NSString alloc] initWithBytes:actualSecretKey length:length encoding:NSUTF8StringEncoding];
}

- (id)init {
    self = [super init];
    if (self)
    {
        [self example];
    }
    return self;
}

- (void)example
{
    NSLog(@"Starting Hashing!");

    // Max chars must be < SHA value. (currently 48)
    // REMOVE IN PROD
    NSString* secret = @"e2cc765a81604edb99658aed289276d6";

    // This will print the SHA(class name) XOR secret byte array. To be used below
    // REMOVE IN PROD
    [self.class printObfuscationSecretArray:secret];


    // Stored as binary array to prevent strings attack
    // Stored using SHA(class name) XOR secret
    unsigned char obfuscatedSecretKey[] = { 0x3e, 0xcc, 0x9d, 0xca, 0x2f, 0x8a, 0xf2, 0xc1, 0x57, 0x01, 0xc2, 0x2e, 0x44, 0xea, 0x0d, 0xf5, 0x60, 0x09, 0x99, 0xe7, 0xb1, 0x13, 0x2a, 0x6f, 0x2c, 0xa2, 0xfe, 0x12, 0xbb, 0x58, 0x90, 0x85 };

    // Converts the XORed value back to the secret.
    NSLog(@"%@", [self.class keyFromArray:obfuscatedSecretKey length:32]);
}

@end