{"id":1951,"url":"https://github.com/pjebs/Obfuscator-iOS","last_synced_at":"2025-08-02T05:33:14.779Z","repository":{"id":33864128,"uuid":"37571812","full_name":"pjebs/Obfuscator-iOS","owner":"pjebs","description":"Secure your app by obfuscating all the hard-coded security-sensitive strings.","archived":false,"fork":false,"pushed_at":"2021-02-13T05:15:43.000Z","size":57,"stargazers_count":664,"open_issues_count":4,"forks_count":112,"subscribers_count":17,"default_branch":"master","last_synced_at":"2025-06-21T06:17:03.272Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Objective-C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/pjebs.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":".github/FUNDING.yml","license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null},"funding":{"github":"rocketlaunchr"}},"created_at":"2015-06-17T04:08:09.000Z","updated_at":"2025-06-19T11:48:49.000Z","dependencies_parsed_at":"2022-07-13T14:32:37.174Z","dependency_job_id":null,"html_url":"https://github.com/pjebs/Obfuscator-iOS","commit_stats":null,"previous_names":[],"tags_count":3,"template":false,"template_full_name":null,"purl":"pkg:github/pjebs/Obfuscator-iOS","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pjebs%2FObfuscator-iOS","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pjebs%2FObfuscator-iOS/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pjebs%2FObfuscator-iOS/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pjebs%2FObfuscator-iOS/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/pjebs","download_url":"https://codeload.github.com/pjebs/Obfuscator-iOS/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/pjebs%2FObfuscator-iOS/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":268339405,"owners_count":24234544,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-08-02T02:00:12.353Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-01-05T20:15:59.728Z","updated_at":"2025-08-02T05:33:14.466Z","avatar_url":"https://github.com/pjebs.png","language":"Objective-C","funding_links":["https://github.com/sponsors/rocketlaunchr"],"categories":["Security","Objective-C"],"sub_categories":["Encryption","Other free courses"],"readme":"App Obfuscator for iOS Apps\n============================\n\nSecure your app by obfuscating all the hard-coded security-sensitive strings.\n\nSecurity Sensitive strings can be:\n\n* REST API Credentials\n* OAuth Credentials\n* Passwords\n* URLs not intended to be known to the public (i.e. private backend API endpoints)\n* Keys \u0026 Secrets\n\nThis library hard-codes typical NSStrings as C language strings by obfuscating and then encoding as hexadecimal.\nWhen your app needs the original unobfuscated NSStrings, it dynamically decodes it back.\n\nIt adds an extra layer of security against prying eyes.\n\nThis makes it harder for people with jail-broken iPhones from opening up your app's executable file and \nthen looking for strings embedded in the binary that may appear 'interesting'.\n\nSee generally:\n* [iOS App Security and Analysis](http://www.raywenderlich.com/46223/ios-app-security-analysis-part-2)\n* [Storing Secret Keys](http://www.splinter.com.au/2014/09/16/storing-secret-keys/)\n\nThis library (v2+) can now be bridged over to Swift.\n\nInstallation\n-------------\n\n### CocoaPods\n\npod 'Obfuscator', '~\u003e 2.0'\n\n### Create Globals.h \u0026 Globals.m files\n\nThis is typically where you store your sensitive strings that you want available globally.\n\nFile(top menu)-\u003eNew-\u003eFile...\n\n### Create a Prefix Header\n\nFor XCode 6, you will need to create a `pch` file [from scratch](http://stackoverflow.com/questions/24158648/why-isnt-projectname-prefix-pch-created-automatically-in-xcode-6).\n\n- Add to bottom:\n\n```objective-c\n//Now you do not need to include those headers anywhere else in your project.\n#import \"Globals.h\"\n#import \u003cObfuscator/Obfuscator.h\u003e\n```\n\nUsage\n-----\n\n### Step 1\n\nLet's assume you are using [Parse](https://parse.com/). In order to use their backend services, they will provide you with a client key:\n\n```objective-c\nclientKey:@\"JEG3i8R9LAXIDW0kXGHGjauak0G2mAjPacv1QfkO\"\n```\n\nSince the string is hard-coded, it will be baked into the executable binary - easily accessible to unscrupulous prying eyes.\n\nWe need to encode it as a global C-String encoded in hexadecimal.\n\n```objective-c\nObfuscator *o = [Obfuscator newWithSalt:[AppDelegate class],[NSString class], nil];  //Use any class(es) within your app that won't stand out to a hacker\n\n[o hexByObfuscatingString:@\"JEG3i8R9LAXIDW0kXGHGjauak0G2mAjPacv1QfkO\"];\n```\n\nThis will print out the following code in the XCode Console output (`NSLog`):\n\n```objective-c\nObjective-C Code:\nextern const unsigned char *key;\n//Original: JEG3i8R9LAXIDW0kXGHGjauak0G2mAjPacv1QfkO\nconst unsigned char _key[] = { 0x7E, 0x23, 0x25, 0xB, 0xB, 0xF, 0x31, 0x9, 0x7B, 0x70, 0x3B, 0x7F, 0x21, 0x35, 0x9, 0x52, 0x6D, 0x21, 0x2C, 0x7F, 0xE, 0x4, 0x43, 0x52, 0x53, 0x54, 0x75, 0x4, 0x5C, 0x27, 0xB, 0x36, 0x3, 0x5B, 0x15, 0x52, 0x60, 0x5E, 0xE, 0x2E, 0x00 };\nconst unsigned char *key = \u0026_key[0];\n```\n\n**Before Deploying your app DELETE OUT ALL REFERENCE TO `hexByObfuscatingString:` METHOD.** It is purely for obtaining the Objective-C code above.\n\n\n### Step 2\n\nCopy the `extern const unsigned char *key;` from **Step 1** into `Globals.h`.\n\nCopy the `const unsigned char *_key[] = ...` from **Step 1** into `Globals.m`.\n\nCopy the `const unsigned char *key = \u0026_key[0];` from **Step 1** into `Globals.m`.\n\nRemember to change `key` to something more meaningful such as `parseKey`.\n\nIt may be a good idea to add the original string as comments in `Globals.m` in case you need to re-encode it again (i.e. Step 4).\n\n### Step 3\n\nWhen your app needs to use the unobfuscated string:\n\n```objective-c\n- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {\n\t\n\tObfuscator *o = [Obfuscator newWithSalt:[AppDelegate class],[NSString class], nil]; //The salt MUST match Step 1\n\t\n\t/* INSTEAD OF THIS:\n\t[Parse setApplicationId:@\"TestApp\"\n              clientKey:@\"JEG3i8R9LAXIDW0kXGHGjauak0G2mAjPacv1QfkO\"];\n\t */\n\n\n\t[Parse setApplicationId:@\"TestApp\"\n              \tclientKey:[o reveal:parseKey];\n\n\treturn YES;\n}\n```\n\n**The Salt used by `reveal:` method MUST MATCH the salt used in Step 1.**\n\n### Step 4\n\n**THIS STEP IS VERY IMPORTANT**\n\nDouble check that **ALL** of your obfuscated strings can be unobfuscated back to the original. If not, then change the salt and try again.\nIf even one string cannot be unofuscated, then that *particular* string can not be used with this library. The others can.\n\nMore Advanced Usage\n--------------------\n\n### Step 1 - Generate Objective-C Code\n\n```objective-c\n- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {\n\t\n    [Obfuscator generateCodeWithSalt:@[[NSString class], [AppDelegate class], [NSObject class]]\n                         WithStrings:@[\n                                       @{@\"id\": @\"AA\", @\"string\":@\"testSecret\"},\n                                       @{@\"id\": @\"BB\", @\"string\":@\"testKey\"},\n                                       @{@\"id\": @\"CC\", @\"string\":@\"parseKey1234\"},\n                                       ]];\n\n\n\treturn YES;\n}\n```\n\nThis will output in Console Log:\n\n```objective-c\nSalt used (in this order): [AppDelegate class],[NSObject class],[NSString class],\n\nObjective-C Code:\n**********Globals.h**********\nextern const unsigned char *AA;\nextern const unsigned char *BB;\nextern const unsigned char *CC;\n\n**********Globals.m**********\n//Original: \"testSecret\"\nconst unsigned char _AA[] = { 0x41, 0x51, 0x46, 0x44, 0x62, 0x52, 0x55, 0x44, 0x3, 0x4C, 0x00 };\nconst unsigned char *AA = \u0026_AA[0];\n\n//Original: \"testKey\"\nconst unsigned char _BB[] = { 0x41, 0x51, 0x46, 0x44, 0x7A, 0x52, 0x4F, 0x00 };\nconst unsigned char *BB = \u0026_BB[0];\n\n//Original: \"parseKey1234\"\nconst unsigned char _CC[] = { 0x45, 0x55, 0x47, 0x43, 0x54, 0x7C, 0x53, 0x4F, 0x57, 0xA, 0x56, 0x56, 0x00 };\nconst unsigned char *CC = \u0026_CC[0];\n```\n\nCopy and Paste the generated code.\n\n**NB: The Salt has been rearranged because the original arrangement was not able to obfuscate all 3 strings.**\n\nThe Algorithm will go through all permutations of `Salt` to maximize the number of strings it was able to obfuscate.\nSometimes it will not succeed completely, so the output will indicate which strings were not obfuscated. For the unobfuscated strings, try a totally different salt OR add more classes to the salt list and try again. The more classes you add, the better chance of obfuscating all strings.\n\n**DELETE OUT [Obfuscator generateCodeWithSalt:WithStrings:] for production.**\n\n### Step 2 - Store Salt in key-value internal database\n\n```objective-c\n[Obfuscator storeKey:@\"swift\" forSalt:[AppDelegate class],[NSObject class],[NSString class], nil];\n```\n\nIf your project is written in Objective-C, there are other undocumented ways to proceed after Step 1. However, this is the only way to proceed\nfor a Swift based project. This way will also work in both Swift and Objective-C.\n\n**NB: The Salt list applied to `storeKey:forSalt:` must be ordered according to the output in Step 1. This arrangement may be different to the argument applied to `generateCodeWithSalt:WithStrings:`.**\n\nYou can use different keys to identify different salts if you choose to obfuscate multiple strings using different salts.\n\n\n### Step 3 - Dynamically decode obfuscated string when you need to use it.\n\n\n```objective-c\n- (BOOL)application:(UIApplication *)application didFinishLaunchingWithOptions:(NSDictionary *)launchOptions {\n\t\t\n\t/* INSTEAD OF THIS:\n\t[Parse setApplicationId:@\"TestApp\"\n              clientKey:@\"JEG3i8R9LAXIDW0kXGHGjauak0G2mAjPacv1QfkO\"];\n\t */\n\n\n\t[Parse setApplicationId:@\"TestApp\"\n              \tclientKey:[Obfuscator reveal:CC UsingStoredSalt:@\"swift\"];\n\n\treturn YES;\n}\n```\n\nFor swift:\n\n```swift\n\tObfuscator.reveal(CC, usingStoredSalt: \"swift\")\n```\n\n\nOther Useful Packages\n------------\n\nCheck out [`\"github.com/pjebs/EasySocial\"`](https://github.com/pjebs/EasySocial) library. The Easiest and Simplest iOS library for Twitter and Facebook. Just Drop in and Use!\n\n\nCheck out [`\"github.com/pjebs/optimus-go\"`](https://github.com/pjebs/optimus-go) package. Internal ID hashing and Obfuscation using Knuth's Algorithm. (For databases etc)\n\nCredits: \n--------\n\n* [Storing Secret Keys](http://www.splinter.com.au/2014/09/16/storing-secret-keys/)\n* [Obfuscation Encryption of String NSString](http://iosdevelopertips.com/cocoa/obfuscation-encryption-of-string-nsstring.html)\n* [Creating SHA1 Hash from NSString](http://stackoverflow.com/questions/7570377/creating-sha1-hash-from-nsstring)\n\nFinal Notes\n------------\n\nIf you found this package useful, please **Star** it on github. Feel free to fork or provide pull requests. Any bug reports will be warmly received.\n\n\n[PJ Engineering and Business Solutions Pty. Ltd.](http://www.pjebs.com.au)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpjebs%2FObfuscator-iOS","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fpjebs%2FObfuscator-iOS","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fpjebs%2FObfuscator-iOS/lists"}