Repackaging detection
Repackaging detection is a security feature that detects if the application was modified and resigned with a different signing certificate.
To properly configure the repackage detection, you need to get the Base64 encoded string of your signing certificate:
- Open the
Keychain Accessapplication. - Find a certificate that will be used to sign your application, for example, “Apple Development: Jan Tester (c)”.
- Right-click on the item and click “Export…”.
- Export the certificate in the
.cerformat. - Open up the terminal and
cdinto the folder with your exported certificate. - Encode the certificate in Base64 with
cat your_exported.cer | base64. - Copy the output of the command and use it as a parameter for the repackage detection configuration:
// Prepare the RASP feature configuration
let raspConfig = AppProtectionRaspConfig(
// ...
repackage:.exit([AppProtectionTrustedCert(withBase64EncodedString: "BASE_64_ENCODED_CERT")!], "https://myurl.com/repackage-explained")
// ...
)
Tip: To hide the string in your binary, use init constructor for AppProtectionTrustedCert with Data or [UInt8] arguments.
Last updated on Apr 25, 2022 (14:09)
Edit on Github
Send Feedback