# Add simple GUI for iOS security intrusion_RN

The AppSealing library within your App is automatically activated when right after App has launched. If AppSealing library has detected any abnormal environment (such as jailbroken-device, executable has decrypted or debugger has attached) it will close the app after 20 seconds irrespectively of user action, so the app should notify the detection result to user and show some proper message box for user can recognize there's some invalid environment in his/her device.

If you want to show that dialog box in your app, you can easily do that inserting small chunk of code into "AppDelegate.m" file.

# Show UIAlertController window in your app

First, open MyRnApp xcode project and select “AppDelegate.m" file.

Click again selected “AppDelegate.m” item and rename it “AppDelegate.mm (opens new window)”. After renaming move source code to ‘didFinishLaunchingWithOptions’ method part and paste following small code block between last two lines.

# Simple UI code into ‘AppDelegate.mm’ for React Native project

NSString* msg = @"\n-------------------------------------\n* Security Threat : ";
    int tamper = ObjC_IsAbnormalEnvironmentDetected();
if ( tamper > 0 )
    {
        NSString* msg = @"Abnormal Environment Detected !!";
        if (( tamper & DETECTED_JAILBROKEN ) > 0 )
            msg = [msg stringByAppendingString:@"\n - Jailbroken"];
        if (( tamper & DETECTED_DRM_DECRYPTED ) > 0 )
            msg = [msg stringByAppendingString:@"\n - Executable is not encrypted"];
        if (( tamper & DETECTED_DEBUG_ATTACHED ) > 0 )
            msg = [msg stringByAppendingString:@"\n - App is debugged"];
if (( tamper & ( DETECTED_HASH_INFO_CORRUPTED | DETECTED_HASH_MODIFIED )) > 0 )
    msg = [msg stringByAppendingString:@"\n - App integrity corrupted"];
if (( tamper & ( DETECTED_CODESIGN_CORRUPTED | DETECTED_EXECUTABLE_CORRUPTED )) > 0 )
    msg = [msg stringByAppendingString:@"\n - App executable has corrupted"];
if (( tamper & DETECTED_CERTIFICATE_CHANGED ) > 0 )
    msg = [msg stringByAppendingString:@"\n - App has re-signed"];
        
        UIAlertController *alert = [UIAlertController alertControllerWithTitle:@"AppSealing"
                                       message:msg
                                       preferredStyle:UIAlertControllerStyleAlert];
        UIAlertAction *confirm = [UIAlertAction actionWithTitle:@"Confirm"
                                     style:UIAlertActionStyleDefault
                                     handler:^(UIAlertAction * _Nonnull action) { exit(0); }];
        [alert addAction:confirm];
        [rootViewController presentViewController:alert animated:YES completion:nil];
    }

Previous sample UI code included in "AppsealingiOS.mm (opens new window)" source file of AppSealing SDK so you can copy & paste the code block. Check whether the code block has inserted in right place.

In the beginning of “AppDelegate.mm (opens new window)”(renamed) file, insert #include “AppsealingiOS.h” after first line.

Your app will show simple alert box like below when you run your app on abnormal device such as jailbroken or debug your app using Xcode or gdb. In such situation irrespective of user action the app will exit after 20 seconds automatically.

# Reminds about Xcode build mode

*AppSealing SDK for React Native works only in Release build mode.

Due to instability in Debug build mode of React Native app, AppSealing security features will be applied only to Release build mode and following functions will be activated. For using Debug build mode in development process, remove AppSealing features and proceed.

  • Jailbreak detection

  • Anti-debugging

  • Not encrypted executable file detection

  • App-Integrity corruption detection

  • Re-signing detection

You will build the app as Release mode when distributing to the App Store. If you test AppSealing with Release mode, your app should be distributed to App Store or 'TestFlight'. If not, the executable file will be detected as not encrypted, so the app will be closed.

# Generate App integrity & certificate verification snapshot

There is additional process to verify app integrity & certificate when you test your app or distribute app through app store. If you skip this step the app running on device will be terminated after few seconds for broken app integrity.

When distributing app built in Release mode through Development or Ad Hoc it will be terminated for security check which tells the executable has not encrypted by Fairplay DRM so skipping this step will have the same result, but you should process this step when you distribute your app through TestFlight or App Store.

Let’s see the upload process to App Store or TestFlight step by step. Below is Organizer window after Archive from Xcode.

Click “Distribute App” button to generate IPA for uploading to App Store.

Click “Next” button with “App Store Connect” is selected.

You usually selected “Upload” almost but you must select “Export” to apply AppSealing. This is because taking snapshot for app integrity and certificate is needed and your app will not run normally on device without this process. Click “Next” button with “Export” is selected.

Click “Next” button with all options keep default.

With default options retained, click “Next” button. Then you can see the window from which you can export as an IPA.

Verify the brief contents and click “Export” button.

When destination dialog appear select store location and click “Export” button. This document used folder named “~/Downloads/MyRnApp_Upload”

After you’ve clicked “Export” button IPA file will be created at the designated folder. You can see the generated IPA file at finder like below. Now, you should keep in mind the location of IPA or remain finder widow opened.

Run add permission command like below and open generate_genesis file. (You can open the file by double-clicking it in Finder)

$ chmod +x MyRnApp/ios/AppSealingSDK_ReactNative/generate_hash
$ chmod +x MyRnApp/ios/AppSealingSDK_ReactNative/generate_genesis
$ open AppSealingSDK/Tools/generate_genesis

When you first install the SDK and open the generate_genesis file for the first time, the following warning window may appear.

In this case, click the OK button to close the window, then go to the settings window and click the “Security and Privacy” item.

Select the “General” tab on the left and click the “Open Anyway” button at the bottom.

Click “Open” button when another confirmation window appears after clicking the “Open Anyway” button.

New terminal window will show the execution result of “Open” action, just close the window.

Using terminal app, type in “chmod +x “ and in Finder window move to the “MyRnApp/ios/AppSealingSDK_ReactNative” folder which has uncompressed in chapter 1-2. Then drag & drop “generate_hash” file into terminal window.

Now you should process next step with exported IPA. Launch terminal app and move to ios folder of MyRnApp project. You can check current folder using pwd command in terminal window.

Now you run ‘generate_hash’ script like below. This script has only one parameter which is path to the exported IPA file in previous step. You can type the IPA path manually or drag & drop the IPA file from the opened Finder window in previous step.

$ ./AppSealingSDK_ReactNative/generate_hash ~/Downloads/MyRnApp_Upload/MyRnAppt.ipa

After you execute the script you will see the progress like below and snapshot for app integrity and certificate will be added to the IPA file. The javascript bytecode included in app will be encrypted also.

This process has to be applied to distribution step as “Ad Hoc”, “Enterprise”, “Development” identically.

# Upload re-signed IPA to App Store Connect

Now you can upload re-signed IPA to App Store Connect. This document uses Transporter app (MAC) for convenient uploading. If the Transporter app has not installed in your MAC you can open Mac AppStore, search “Transporter” and install

Launch Transporter after installation you are requested for Apple ID like below. Enter your Apple ID and password. (This step is required only once for the first time)

After you login with your ID and password you can see the Transporter window like below. Click the “+” button upper-left or “ADD APP” button in the middle to select IPA to be uploaded and select the re-signed IPA in previous step.

When you update your app by adding IPA file with new version or higher build number a warning dialog can appear like below because of same bundle ID. In this case just click “Replace” button to upload new IPA.

After IPA file has added, click “DELIVER” button then verifying and uploading to App Store Connect process will be in progress.

If you encounter below window the upload process has finished and you can submit your build for App Store review or TestFlight distribution.

Last Updated: 11/19/2024, 6:55:37 AM

Acquire AppSealing device unique identifier