A project built atop of task of implementing example of string obfuscation. Doesn't focus on the obfuscation details itself, rather on building a complete automated solution for verification of any obfuscation implementation.
- To make things simple, obfuscated value is available as
ObfuscatedString, a wrapper aroundString. The value is disposed from memory together with the wrapper. - Unobfuscated value is available via
.withUbfuscated(allowCopy: Bool, handler: (String) -> Void) throws. UsingfalseforallowCopyenables detection of attempts to make a copy of unobfuscated value. - The correctness of the implementation is basically confirmed through observation of (un)obfuscated value in memory while and only while it's allowed by API.
- For now
NSStringis used as backing storage for both unobfuscated and obfuscated values. - (Unit) tests use real process memory scanning via stringdups(1). The whole thing is fully automated and includes simple but efficient solution for running external tool as part of verification, based on shell2http.
- SIP (System Integrity Protection) debugging restrictions should be disabled for stringdups to be able to dump the memory content/unit tests to work as expected.
- There's a generic workaround for pre-/post-action failures not aborting main action/not tracked in Xcode action logs.