This article is reprinted from the WeChat public account "Swift Community", the author is Jingfeng Lingyu. Please contact the Swift Community public account to reprint this article. PrefaceIn recent business development, we have encountered the situation where the location of our project app was tampered, which was particularly obvious on the Android side. In order to prevent this kind of black industry from using virtual positioning to make money, iOS also has to circumvent virtual positioning. After doing technical research, we found that it is difficult to achieve virtual positioning on an Apple phone with just a phone, but it is still possible. The bugly record of one of the company's project app reported that a user was using a jailbroken Apple phone, which really makes this behavior suspicious. With the joint efforts of myself and my company partners, we have roughly investigated the following situations of using virtual positioning (the method of using Xcode virtual positioning is ignored in this article): The first method: using a jailbroken phoneGenerally, app users use jailbroken Apple phones. It can be inferred that the users are trying to take advantage of the system (there is also the possibility that their apps are reverse engineered by competing companies). This is because it is more difficult to buy a jailbroken phone than a normal one, and it is not as good as a normal phone in terms of system upgrades and use of the App Store. I have had some superficial knowledge of app reverse engineering by jailbreaking an iPhone 5s. Identification method It is recommended to use a one-size-fits-all approach, which is to identify whether the phone has Cydia.app installed. If it has, it will be directly judged as a jailbroken phone and report the "device abnormality" information to the backend. If you do not use this method, please continue reading, there will be other solutions later. Professional reverse engineers can definitely avoid app developers from detecting Cydia installations. Of course, this is because the app is very popular in the market and is used by competitors for reverse analysis. In this case, virtual identification is basically meaningless. My personal suggestion is to directly lock and stop the interface service of this mobile app. Here is an article on how developers can identify whether an Apple phone has been jailbroken [1]. Code Implementation
The second method: Use Aisi AssistantFor scenarios where virtual positioning is used, it should mostly be drivers or docking personnel clocking in. In this scenario, a group of black industries that specialize in using virtual positioning to clock in and out may have emerged. For Apple phones, at present, the virtual positioning function of Aisi Assistant can be very well implemented. Usage steps: Download the Aisi Assistant Mac client, connect the iPhone, click Virtual Positioning in the toolbox, select the location on the map, and then click Modify Virtual Positioning to modify the location information of the map. Principle: On a non-jailbroken device, connect the computer and the phone via USB. The computer sends simulated coordinate data to the DTSimulateLocation service on the phone through a special protocol to achieve false positioning. Currently, the built-in location simulation in Xcode is achieved with the help of this technology. (Article source [2]) Identification method 1. By repeatedly recording the virtual positioning data of Aisi Assistant, it is found that the altitude of the longitude and latitude of its virtual positioning information is 0 and the number of longitude and latitude data bits is also worth studying. The real positioning and virtual positioning data are as follows: True positioning Virtual Positioning By carefully observing the data, it is not difficult to find that if we compare the altitude of the positioning information and verify the double digits of the longitude and latitude, the black hat of virtual positioning can be easily cracked. If we compare the virtual positioning height to 0, we will identify it as virtual positioning, and then a question will arise: the real altitude is the zero point. How to solve it? Here is a brief introduction to China's zero altitude position. China's zero point is located in the "People's Republic of China Zero Point" in Yinhai World on Donghai Middle Road, Qingdao. It is the only zero point in China. The only zero point. At the same time, by comparing the double digits of longitude and latitude, it was found that the digits of virtual positioning were obviously wrong. By checking the digit precision of Swift's float and double, it was found that the longitude and latitude data of virtual positioning only perfunctorily met the double precision digits. The number of significant digits of Swift's float is 7, and the number of significant digits of double is 15. Of course, the weight of this comparison is relatively low. I just updated the Aisi Assistant version and found that the new version has more detailed latitude and longitude, but it still does not reach the level of double significant digits. Compared with the current Aisi Assistant's height comparison recognition as virtual positioning, it is completely possible. Code Implementation
Second, upload the latitude and longitude of the positioned data to the backend, which then obtains detailed latitude and longitude information based on the received latitude and longitude, and makes an in-depth comparison of the driver's geographic information other than the latitude and longitude, giving priority to comparing the altitude, horizontalAccuracy, and verticalAccuracy values, and makes a decision after weighing whether the values are equal. three, (1) By obtaining the public IP address, the approximate location can be obtained based on the IP address through the interface, but the error range is a bit large.
(ii) Reading the app location via Wi-Fi hotspot[3] (III) Use CLCircularRegion to set the specified longitude and latitude of the center of the region and the configurable radius for monitoring. Simple code implementation:
(IV) Through IBeacon technology, use CBPeripheralManager under the CoreBluetooth framework to establish a Bluetooth base station. This positioning is end-to-end direct positioning, eliminating the need for GPS satellite and cellular data base station communication. Simple code implementation:
4. (To be improved) I have tried the solution at the end of the article on iOS anti-black industry false location detection technology. I read the fLocation of CLLocation's _internal through kvc layer by layer, but I can only read this far. If I read it through kvc again, the following error will be reported:
After further research, I found this explanation in Apple's official development documents [4]. It also said to set the debug+ optimization strategy, but the default bug environment of iOS is -Onone level. In fact, the main reason seems to be that the JIT setting can only be found in the Hardened Runtime of Signing & Capabilities when developing the Mac client. About the setting of Allow Execution of JIT-compiled Code (official article [5]). In the end, I can only get here. If there is a great god who can read the real location of CLLocation through other methods (this is an extremely perfect solution), please feel free to enlighten me. Attachment: The official definition of the CLLocation object private variable _internal instance object [6]:
References [1] How to use code to determine whether the iOS system is jailbroken: https://www.huaweicloud.com/articles/7c6b8027253c4a97196d359840f638d9.html [2] iOS anti-black industry false location detection technology: https://cloud.tencent.com/developer/article/1800531 [3] Wifi positioning principle and iOS Wifi list acquisition: http://www.caojiarun.com/2017/01/iOS_Wifilist/ [4] Allow Execution of JIT-compiled Code Entitlement: https://developer.apple.com/documentation/bundleresources/entitlements/com_apple_security_cs_allow-jit [5] Hardened Runtime: https://developer.apple.com/documentation/security/hardened_runtime [6] Official definition of _internal instance object: https://github.com/nst/iOS-Runtime-Headers/blob/master/Frameworks/CoreLocation.framework/CLLocationInternal.h |
<<: WeChat launches "Send Now Pay Later" service: courier picks up and leaves without waiting
[[156534]] I like every entrepreneur, so I really...
[Original article from 51CTO.com] On November 25,...
A loading page is also called a landing page. It ...
Today, I want to share with you an instant render...
Contents: /36 lessons to help you advance from a ...
Google voice search was launched in 2008. Four ye...
Today I want to share a project with you, which i...
After opening at the fifth limit down on July 17,...
On December 16, at the "Ape Universe" m...
How to promote Kuaishou live streaming ? In 4 yea...
Before officially launching event marketing , you...
Wang Jing, Wang Chao, Shen Qiushi, Science and Te...
WeChat had a malfunction yesterday afternoon, and...
When playing Douyin store , there are ways to pla...
A good creative can not only improve the ranking ...