Home/ Questions/Q 671455
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-14T00:22:32+00:00

Im making an application in cocoa and wanted to see if some strings in

  • 0

Im making an application in cocoa and wanted to see if some strings in it were easily accessible so I ran OTX on it and sadly all of my code was found. Is there a method I can use to make my code more “secure” or at least encrypt/hide the strings? The reason I want to encrypt the string is it’s a password for a server. I don’d need it really secure I just don’t want the password to be so easy to find.

Thanks for any help

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    1. Avoid ObjC in secure code.

    Because ObjC’s class system depends heavily on runtime reflection, the whole interface needs to be included alongside the executable. This allows tools like class-dump to easily recover the source @interface of the binary.

    Therefore, the secure code functions should be written as a C function, not an ObjC method.

    2. Use strip.

    By default the compiler will keep all the private symbols (which allows stack trace to be more readable). You can use strip to delete all these symbols.

    3. Obfuscation.

    The above steps can only hide the code logic. But if the password is a constant string, it is immediately visible using the strings utility. You may obfuscate this by constructing the password in runtime (e.g. store the password encoded in ROT-13 in the file.)

    4. Or just change your design.

    No matter how good your protection system is, as the hacker have total control on their machine, given enough time, they always win. It’s better to revise your design, like why the password must come with the executable? Or why a global password even needed?

    • 0