plist (property list) file md5sum changes when compiled into iPhone app
https://stackoverflow.com/questions/1142995
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
RussianQuestion
I am including a plist file in my iPhone app. It is in binary format (using plutil to convert from xml to binary). I want to run an MD5 checksum (or SHA-1) on it at runtime to confirm its contents are what is expected. Unfortunately, I always get a checksum that's different than what I originally included. After over an hour of assuming I was calculating the MD5 sum wrong, I decided to run a test and confirm that the bytes are indeed, the same. They aren't. The file size remains the same, but starting at byte 30, and on throughout the file (except for the last 32 bytes), the file contents are completely different. Does anyone know if property list files are signed or otherwise "compiled" to a different binary format before inclusion in an iPhone app? If so, can you provide any more details on the process?
Thanks in advance!
Solution
By default, rather than just doing a straight copy, Xcode uses a small script to process and copy plist files when building a target. If you bring up the info window for your target in Xcode and select the "Rules" tab, you'll see that for processing text.plist source files, it uses its own tool called CopyPlistFile. It does some basic checking to make sure the plist is valid, and can optionally convert it to a different format, although it appears that no conversion is performed by default.
I don't know if this is what's causing a change in your plist file, but if you want you can get info on the plist file itself in your project and change its file type from "text.plist" to just "text". That should cause Xcode to treat it as a plain text file rather than a property list file and just make a straight copy instead of running it through the CopyPlistFile tool.
OTHER TIPS
I'll pop the why stack on this question. I don't know the answer to your question, but I'm curious why you're spending time on it.
Since apps are digitally signed, why are you concerned about the integrity of the PList? If someone modified it, then the app wouldn't install because the digital signature would no longer be valid.
The other reason might be that you are concerned about the app being hacked. Perfectly reasonable, but if someone can hack the app, then they can also modify the PList, and change the checksum in your code so that it will still run. There's really no way to guarantee integrity of your content without actually getting it from a third party (e.g. your own server)
