Skip to content

Help to check app integrity #1

New issue
New issue
Open
Open
Help to check app integrity#1
@ogezue

Description

@ogezue
ogezue
opened on Sep 26, 2019

I found your code to calculate the integrity but I ask myself if it is still relevant for Swift apps.
My current approach to check the integrity is to import an array of possible app sizes and hashes from my backend and compare it to the calculated app size and hash.
Anyway - I have some struggle with the comparison: How do I modify the trusted hash so that the function returns 0?

Here is my code:

#import <Foundation/Foundation.h>
#import "IntegrityCheck.h"
#import <CommonCrypto/CommonDigest.h>

unsigned char sha256_placeholder[] =
{ 0x16, 0x13, 0x13, 0x19, 0x14, 0x48, 0xbe, 0xd2, 0x9d, 0x3d, 0x27, 0x45, 0x0b, 0x86, 0x51, 0xde, 0x58, 0x6d,0x39, 0xb2};

unsigned char file_size_placeholder[] = { 0x80, 0x04, 0x67, 0x02 };

NSData *get_sha256() {
   return  [NSData dataWithBytes:sha256_placeholder length:32];
}


NSData *get_fileSize() {
   return[NSData dataWithBytes:file_size_placeholder  length:8];
}

#ifdef FAIL
    NSString *AppName = @"MyAppiOS_fail";
#else
     NSString *AppName = @"MyAppiOS";
#endif

int doAppIntegrity() {
    
    int ret = 0;

    //** read my APPS executable
    NSFileHandle      *inFile;
    NSFileManager     *fileMgr;
    NSString          *filePath;
    
    fileMgr = [NSFileManager defaultManager];
    
    //** open and read APP file into a data block
    filePath = [[NSBundle mainBundle] pathForResource:AppName ofType:0 ];
    
    if ( [fileMgr fileExistsAtPath:filePath] == NO ) {
        NSLog(@"File does not exist!");
        ret = -1;
    }
    
    //** FILE SIZE
    inFile = [NSFileHandle fileHandleForReadingAtPath: filePath];
    NSData *plain_txt = [ inFile readDataToEndOfFile];
    unsigned int app_file_size = (CC_LONG)[plain_txt length];
    NSLog(@"AS-IS - APP file size: %d", app_file_size);
    [inFile closeFile];
    
    //** SHA256bit HASH
    unsigned char hash[CC_SHA256_DIGEST_LENGTH];
    CC_SHA256([plain_txt bytes], (CC_LONG)[plain_txt length], hash);
    NSData *app_sig = [NSData dataWithBytes:hash length:CC_SHA1_DIGEST_LENGTH];
    NSLog(@"AS-IS - sha_hash_val 20 bytes: %@", app_sig);
    NSLog(@"app_sig_len:%lu", (unsigned long)[app_sig length]);
    
    
    NSData *trusted_app_sig = [NSData dataWithBytes:sha256_placeholder length:CC_SHA1_DIGEST_LENGTH];
    NSLog(@"trusted app sig:%@", trusted_app_sig);
    NSLog(@"trusted app sig len:%lu", (unsigned long)[trusted_app_sig length]);
    
    NSData *trusted_app_size_data = [NSData dataWithBytes:file_size_placeholder length:4];
    unsigned int trusted_app_size;
    [trusted_app_size_data getBytes:&trusted_app_size length:sizeof(trusted_app_size)];
    
    NSLog(@"trusted app size hex:%@", trusted_app_size_data);
    NSLog(@"trusted app size:%d", trusted_app_size);
    
    // compare computed sha hash to passed in value
    if (8004672 != app_file_size) {
        NSLog(@"App Integrity FAIL - file size MISMATCH");
        ret = -1;
    }
    
    else {
        NSLog(@"App Integrity PASS - file size MATCH");
    }
    if ([trusted_app_sig isEqualToData:app_sig]){
        NSLog(@"App Integrity PASS - signature MATCH");
    }
    else {
        NSLog(@"App Integrity FAIL - signature MISMATCH");
        ret = -1;
    }
    
    return ret;
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions