Geek Answers Handbook

How to protect Digital Content (PDF) inside my iOS app?

This question is mainly about content protection inside my iOS app. I intend to make an application that will download a large amount of content (mainly PDF files) at the request of the user. After downloading these PDF files, they will be stored locally for convenient offline access.

Now I don’t want anyone to be able to hook on the .ipa file and manage to extract the PDF files. If this is not possible, is it possible that even if they extract the PDF files, they can NOT view or run it?

I am not sure how to handle this. Any suggestions are welcome.

An alternative is that I can provide password protected files to the user for download. Save the associated password in the sqlite database. Then, when the user opens the PDF file inside the APP, the application will find the password from the database and open it without prompting the user to enter the password. Is it possible? How?

Thanks and Regards

+7
source share
4 answers

Suppose that you somehow linked your PDF file before you put it on your download server, and the application descrambles it before showing it to the user.

In the application, you can do the following:

  • Load the scrambled PDF file into an NSData object.
  • Create an NSMutableData object and decrypt your PDF data into this buffer using any algorithm you choose.
  • You now have a useful PDF document in mind, but only a scrambled version on disk. If you need to create a CGPDFDocumentRef , you can do this by first creating a dataprovider using your descrambled NSMutableData object, which connects CFData to CFData with a simple application

Something like

 NSMutableData *data = descrambled PDF; CFDataRef myPDFData = (CFDataRef)data; CGDataProviderRef provider = CGDataProviderCreateWithCFData(myPDFData); CGPDFDocumentRef pdf = CGPDFDocumentCreateWithProvider(provider);

(Credit for this fragment goes into this answer .)

Since the application must be able to descramble the PDF file, and the user has access to both the application and the scrambled PDF file, everything you do to prevent them from being extracted will basically be obscurity. Therefore, I would not worry about a complex encryption algorithm. Perhaps you can just do something simple, such as XOR, data with a secret string hidden in a binary application.

Defeating this approach will require an attacker to disassemble your binary, and if someone is determined, you cannot win, as evidenced by the sad state of the DRM video game.

By the way: in the spirit of ambiguity, you can also call your scrambled downloaded PDF files something less obvious than valuabledocument.pdf . But real security is not the case.

Edit to illustrate XOR'ing data :

Feed your scrambled NSData to something like this ...

 // Fill this out with whatever you want. Use the same string // and algorithm to scramble the files on the server. static unsigned char secretString[SECRET_STRING_LENGTH]; - (NSData *)scrambleOrDescrambleData:(NSData*)input { unsigned char *outputBytes = malloc(input.length); memcpy(outputBytes, input.bytes, input.length); for (int i = 0; i < input.length; i++) { outputBytes[i] = outputBytes[i] ^ secretString[i % SECRET_STRING_LENGTH]; } NSData *outputData = [[NSData alloc] initWithBytes:outputBytes length:input.length]; free(outputBytes); return outputData; }

The convenient thing about XOR is that doing this twice will give you back the original data, so scrambling and descrambling is the same code.

I avoid the term encryption here because it is really just confusing data in order to save it from random observers.

+7
source

You can protect your files by encrypting them. See the apple link for Data Protection with Disk Encryption .

+3
source

Take a look at this article: http://aptogo.co.uk/2010/07/protecting-resources/

The author details the encryption of the resources of the application package and then decrypts the files in memory, so only the scrambled version is ever located on the disk.

They use custom NSURLProtocol for on-the-fly encryption. Pretty nice summary.

+1
source

You should not worry that someone delays the .ipa file and extracts the PDF files this way (since your application downloads the PDF files and the PDF files do not come with the .ipa file).

However, there are tools that allow users to view files in applications located on their devices. For example, checkout iExplorer . You should note that users can potentially open any file - so storing a password in the sqlite database is not a good idea. Using something like SFHKeychainUtils will be more secure.

Regarding setting the username / password for the PDF file, here is an example code (you can learn more from the CGPDFContext Reference )

 NSDictionary *options = [NSDictionary dictionaryWithObjectsAndKeys: @"letMeIn", kCGPDFContextOwnerPassword, @"r3adm3", kCGPDFContextUserPassword, nil]; [myPDFDocument writeToFile: @"/some/path" withOptions: options];

I also suggest storing the file encrypted on disk. You can use NSData + AES for this. Here is another implementation of NSData + AES . When reading from disk, you can store unencrypted NSData in memory and display a PDF file, instead of reading an unencrypted PDF file from disk.

0
source

More articles: