How can objective C classes be encrypted

I开发者_如何学JAVA would like to encrypt a few of my obj c classes in my iphone game which handle openfeint data and classes which handle scores.

I have heard there is a way to encrypt this data to act as another level of security, at least enough to discourage some from cracking it and forging scores on a jailbroken iphone and then spam the leaderboards.

How is this done, what are good techniques to secure this data and discourage some from attempting to spoof data?

Thanks

To truly encrypt compiled code is probably more trouble than it is worth. You have to isolate the code that will be decrypted into a dynamic library and load the library manually after decrypting it in memory. Dynamic libraries, and the other methods you might use to modify code at runtime, are frowned on by Apple when used with iOS.

With Objective-C you essentially ship with the headers build into your code. That makes it much easier to dig around in your application. Anything you can do in C, where symbols may be stripped, will be slightly harder to read. You can also use #define to obfuscate your class and method names a little. This is nowhere near encryption, but is much easier to implement and less likely to introduce wacky bugs.

#define MyNicelyNamedClass somegarblegarble
#define myNicelyNamedMethod othergarblegarble

@interface MyNicelyNamedClass

-(id) myNicelyNamedMethod;

@end

This is a relatively painless way for a developer to make their Objective-C code less obvious to others. It is about as effective as javascript obfuscation, which is to say it is one more little hurdle that will dissuade many casual attackers.

If you choose meaningful but misleading names instead of straight garbage you may even trick someone into spending hours digging through the wrong code. Not that you would ever know, but it is a satisfying thought.

Encrypting classes suffers the "shipping the lock with the key" problem that any DRM or similar security system has.

What you are looking for is self modifying code, where the code is either loaded and decrypted later by the application, or is present as machine code in the binary and modified at runtime by a key the application has.

Note that you'll likely create some very subtle and interesting bugs, and your method will be bypassed (it will take someone maybe an extra day).