MonoTouch: How to protect my application

Question

I used Dotfuscator to protect my application from reverse engineering I encrypted the dll files in windows application, but how can I do it in OSX/MonoTouch?

Extract the dll from ipa, then confuse the dlls in windows, and repack the encrypted dlls into IPA, then publish it to appstore?

Is there any simple solution?

Answer 1

Foremost you need to remember that iOS does not allow JIT (just in time) compiling. This means everything needs to go thru the AOT (ahead of time) compiler.

This results that all the IL code from your assemblies is being converted into native ARM (v6, v7 and/or thumb) instructions and that the IL is not required anymore.

This means that, when you're building for Release|iPhone, the IL code will be removed from your assemblies. Since it's strip'ed away it won't be present (to be decompiled) in the application you publish.

NOTES

• the assemblies will still be inside the application because the metadata is still required (e.g. System.Reflection needs it). So symbols names and resources files won't be mangled/encrypted like obfuscators generally do;

• You can disassemble ARM assembly (that would be true even if you obfuscated the assemblies before the AOT compilation) but it's much harder to understand (and get back to C#) than IL is.

• Extracting the assemblies from the IPA and procesing them will break at least the application's signature (you can re-sign it). It will also likely break a lot of other things (since the code will refer to names/structures that might have changed). I do not think this will work (but it depends on the options you would use from your obfuscator).