打开APP
userphoto
未登录

开通VIP,畅享免费电子书等14项超值服

开通VIP
Cordova (PhoneGap) iOS Security | Less pain in your''s development hands

Cordova (PhoneGap) iOS Security hobby

Almost a year ago I wrote an article about securing PhoneGap source files on iOS platform.

There were a lot of questions, and private emails, that's why I have actualized the description a bit, and made new manual.

NOTE: using this method will not secure your javascript code 100%, but will help a lot to protect it from a lot of hackers. This method ONLY works for iOS.

The idea

The main idea at the moment contain 2 steps:

  1. Prepare single-file application inside index.html and encrypt it with key.
  2. Put decryption mechanism into XCode application while loading the html.

At step #1 better to embed all CSS, JS and even images into one file, so it will a hacker less holes to get in.

At step #2 your encryption key will be stored in binary mode, so only very experienced hackers will try to find it.

Preparing index.html

Once you have developed your application with cordova, we need to encrypt it. For this purpose I have made a small tool, as previously a lot of things was not working in right way.

To install the tool, you should install NodeJS and NPM like it described here.

Then you should install my small tool corc through Mac OS terminal:

npm install -g cordovacrypt

Maybe, you will need to use sudo.

To run encryption you should execute:

corc KEY FILEIN [FILEOUT]

Where:

  • KEY - your key without spaces and any bash illegal symbols.
  • FILEIN - path to the index.html file which should be encrypted.
  • FILEOUT - optional parameter where to save encrypted file. If not specified, original will be rewritten.

Example:

corc mySecretKey index_original.html index.html

Now you have prepared index.html file.

Making changes to XCode application

Make sure, you have created a new Cordova application like it is written here, and make next steps:

  1. Once the application is ready, open project inside XCode, and go to the Project Navigator.
  2. There you will see the www item, *YourProjectname*.xcodeproj, etc.
  3. Unfold .xcodeproj item and than Classes > Cleaver and select CDVViewController.m.
  4. In the center you will see the source code of CDVViewController.m.
  5. Find the line - (void)viewDidLoad. This is a method on view loading.
  6. Scroll down to the end of this method (the last if statement), where will be the line: if (!loadErr) {.

You should remove everything inside this if statement, except body of else statement. And paste next code into if statement:


本站仅提供存储服务,所有内容均由用户发布,如发现有害或侵权内容,请点击举报
打开APP,阅读全文并永久保存 查看更多类似文章
猜你喜欢
类似文章
【热】打开小程序,算一算2024你的财运
!!!基于Phonegap的本地信息推送插件
让人惊艳的九款跨平台移动开发工具、技术与平台 | 数盟社区
跨平台移动开发phonegap/cordova 3.3全系列教程
Emulating PhoneGap/Cordova Apps in the Desktop Browser
phonegap安装 环境搭建与配置详解(3.4 完整版 提供下载地址)
现有主流Hybrid框架都有哪些
更多类似文章 >>
生活服务
热点新闻
分享 收藏 导长图 关注 下载文章
绑定账号成功
后续可登录账号畅享VIP特权!
如果VIP功能使用有故障,
可点击这里联系客服!

联系客服