We are doing our bests to protect our frameworks, however, we are developers and we perfectly understand, that there is no uncrackable software, but there are lots of ways to make attackers’ efforts significantly more time-consuming. So here are some our best-practice tips to do this:
- Inlining the code where activation status and trial state are checked.
- Adding checking code to some core places where main functionality should be performed.
- Using C/C++ functions with check code instead of Objective-C classes and methods, use C structures instead of Objective-C ivars and properties.
- Using name obfuscation for functions/variables that are connected to activation/trial check.
- Combining original system/Kevlar functions usage with previously saved (e.g. at startup) pointers to them in your check code:
// somewhere at start (e.g. in -applicationWillFinishLaunching:)
BOOL (*isActivated_func_p)(NSInteger *) = &DMKIsApplicationActivated;
...
// some check code (e.g. in -applicationDidFinishLaunching:)
NSInteger kevlarError = NSIntegerMax;
if (!(isActivated_func_p(&kevlarError) && kevlarError == DMKevlarNoError))
{
// if DMKIsApplicationActivated returns YES then kevlarError must be DMKevlarNoError
// not activated here
…
}