Apple Keychain Services offer a secure means to store sensitive information. Through the keychain, all the hardwork is managed for you to store and retrieve content. As powerful as the keychain services are, I was recently tinkering with some code to see if I could obfuscate content within an application.
I had a few strings defined as constants and I was interested to see if there was a painless way to store the values as obfuscated strings, and when running the application, un-obfuscate the strings and use the same within the application.
Using Exclusive-Or (XOR) to Obfuscate an NSString
The basic concept is that for each character in a string, I XOR the value against a key value, replacing the original character with the new XOR’d character. This will create a string that is unrecognizable from the original. To get the original string back, perform the same XOR operation with the same key. The obfuscate method is shown below.
- (NSString *)obfuscate:(NSString *)string withKey:(NSString *)key
{
// Create data object from the string
NSData *data = [string dataUsingEncoding:NSUTF8StringEncoding];
// Get pointer to data to obfuscate
char *dataPtr = (char *) [data bytes];
// Get pointer to key data
char *keyData = (char *) [[key dataUsingEncoding:NSUTF8StringEncoding] bytes];
// Points to each char in sequence in the key
char *keyPtr = keyData;
int keyIndex = 0;
// For each character in data, xor with current value in key
for (int x = 0; x < [data length]; x++)
{
// Replace current character in data with
// current character xor'd with current key value.
// Bump each pointer to the next character
*dataPtr = *dataPtr++ ^ *keyPtr++;
// If at end of key data, reset count and
// set key pointer back to start of key value
if (++keyIndex == [key length])
keyIndex = 0, keyPtr = keyData;
}
return [[[NSString alloc] initWithData:data encoding:NSUTF8StringEncoding] autorelease];
}
|
Test Obfuscation
Pass in the string to obfuscate as well as a key which will provide the characters to use in the XOR process. To un-obfuscate a string, call the method with the obfuscated string and the same key.
Below is a short test of the obfuscation:
NSString *str = @"iPhoneDeveloperTips";
NSLog(@"Input string:%@", str);
// Obfuscate string
NSString *obfuscatedStr = [self obfuscate:str withKey:@"+@$"];
NSLog(@"Obfuscated string:%@", obfuscatedStr);
// Run obfuscate again to get the original string
str = [self obfuscate:obfuscatedStr withKey:@"+@$"];
NSLog(@"Final string:%@", str);
|
The output will look as follows:
No comments:
Post a Comment