{ "id": "159176", "key": "TIMOB-23183", "fields": { "issuetype": { "id": "1", "description": "A problem which impairs or prevents the functions of the product.", "name": "Bug", "subtask": false }, "project": { "id": "10153", "key": "TIMOB", "name": "Titanium SDK/CLI", "projectCategory": { "id": "10100", "description": "Titanium and related SDKs used in application development", "name": "Client" } }, "fixVersions": [ { "id": "20115", "name": "Release 7.3.0", "archived": false, "released": true, "releaseDate": "2018-08-17" } ], "resolution": { "id": "1", "description": "A fix for this issue is checked into the tree and tested.", "name": "Fixed" }, "resolutiondate": "2018-02-26T22:06:20.000+0000", "created": "2016-03-31T14:58:45.000+0000", "priority": { "name": "Critical", "id": "1" }, "labels": [ "ios" ], "versions": [], "issuelinks": [], "assignee": { "name": "ewieber", "key": "ewieber", "displayName": "Eric Wieber", "active": false, "timeZone": "America/Los_Angeles" }, "updated": "2018-07-11T20:09:50.000+0000", "status": { "description": "The issue is considered finished, the resolution is correct. Issues which are closed can be reopened.", "name": "Closed", "id": "6", "statusCategory": { "id": 3, "key": "done", "colorName": "green", "name": "Done" } }, "components": [ { "id": "10206", "name": "iOS", "description": "iOS Platform" } ], "attachment": [], "flagged": false, "summary": "iOS Non-public API usage: The app references non-public symbols in : _ptrace", "creator": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "subtasks": [], "reporter": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "environment": "Ti SDK 5.2.1 \r\nAppcelerator Studio, build: 4.5.0.201602170831\r\nMac OS X EI Capitan", "closedSprints": [ { "id": 1008, "state": "closed", "name": "2018 Sprint 06 SDK", "startDate": "2018-03-11T22:18:04.396Z", "endDate": "2018-03-25T22:18:00.000Z", "completeDate": "2018-03-25T21:52:36.683Z", "originBoardId": 216 } ], "comment": { "comments": [ { "id": "381867", "author": { "name": "sdarda", "key": "sdarda", "displayName": "Sharif AbuDarda", "active": false, "timeZone": "Asia/Dhaka" }, "body": "Hello, \r\n\r\nThere is a similar reported issue in the stake overflow. But that seems to be for the native platform. http://stackoverflow.com/questions/21829521/fails-to-distribute-my-app-your-app-contains-non-public-api-usage. Can you try following the ticket. \r\n\r\nRegards,\r\nSharif", "updateAuthor": { "name": "sdarda", "key": "sdarda", "displayName": "Sharif AbuDarda", "active": false, "timeZone": "Asia/Dhaka" }, "created": "2016-04-06T15:49:22.000+0000", "updated": "2016-04-06T15:49:22.000+0000" }, { "id": "381876", "author": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hi,\r\n\r\nIf you have read my post above carefully, you would have noticed the difference between your link and our issue. The ptrace problem was due to the fact that version 5.2.1 has a fix for the appc-security-debugger-detect crash on ios 9.1. You can search in your jira where there is that bug. So we believe your team tried to tix that problem while introducing another bug in the process.\r\n\r\nIt seems that appcelerator is not really willing to check such a major problem where it impact app submission to the Ios App Store because we have submitted ticket for so many days and no one bother to care about it. It is quite a disappointment really. \r\n\r\n", "updateAuthor": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-04-06T16:57:36.000+0000", "updated": "2016-04-06T16:57:36.000+0000" }, { "id": "382007", "author": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-04-07T01:26:48.000+0000", "updated": "2016-04-07T01:26:48.000+0000" }, { "id": "382188", "author": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hi,\r\n\r\nWe already used the previous version to compile and submit to app store. We will try the latest release very soon.\r\n\r\nBy the way, did your team use \"ptrace\" in your code in order to detect users connecting debugger tool?\r\n\r\nAnd thanks for giving us something related to the issue which could possibly be the solution.\r\n\r\nThanks,\r\nHeng", "updateAuthor": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-04-08T11:39:14.000+0000", "updated": "2016-04-08T11:41:10.000+0000" }, { "id": "382258", "author": { "name": "peterladis", "key": "peterladis", "displayName": "Peter Ladis", "active": true, "timeZone": "America/Los_Angeles" }, "body": "I just got this error: The app references non-public symbols in LilyPad: _ptrace from iTunes when using GA 5.2.2.\r\n\r\nAny suggestions?", "updateAuthor": { "name": "peterladis", "key": "peterladis", "displayName": "Peter Ladis", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-04-10T13:25:10.000+0000", "updated": "2016-04-10T13:25:10.000+0000" }, { "id": "382265", "author": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "body": "[~peterladis] May I know if you configured this in your tiapp.xml? \r\n{code}\r\n remote\r\n true\r\n true \r\n{code}\r\nand if removing all 3 properties helps?\r\n\r\n[~ngweixing] may I ask if you faced the same issue with all 3 properties above removed on 5.2.1.GA?\r\nThanks.", "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-04-11T02:02:43.000+0000", "updated": "2016-04-11T02:02:43.000+0000" }, { "id": "382269", "author": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hi @cheekiatng, with or without the 3 properties also has the ptrace problem. Even with just appc-security-debugger-detect, it also has the error.\r\n\r\nI haven't tested with version 5.2.2 yet though.\r\n\r\n", "updateAuthor": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-04-11T03:22:49.000+0000", "updated": "2016-04-11T03:22:49.000+0000" }, { "id": "382273", "author": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "body": "[~ngweixing] Thanks, we will continue to investigate. If it's related to ptrace, there indeed 1 line of code that may include that, but there's been no changes to it between sdk versions so I'm not sure why it would come up now.", "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-04-11T03:46:31.000+0000", "updated": "2016-04-11T03:46:31.000+0000" }, { "id": "382278", "author": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hi kiat, if you want to do a quick test. We try using sublime text editor and search through the build folder in the titanium app folder which contains the xcode project files. Sublime was able to detect the presence of ptrace in the binary somehow. When we do the same using sdk 5.2.0, no ptrace string was found.\r\n\r\nAs long as ptrace is found, apple will reject it. you can also test upload to your testflight via ituneconnect", "updateAuthor": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-04-11T04:26:15.000+0000", "updated": "2016-04-11T04:26:41.000+0000" }, { "id": "382288", "author": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "body": "ok our team just did a quick test. This only happens if this property is existing in tiapp.xml (no matter if value is remote or embed):\r\n{code}\r\n remote\r\n{code} \r\nSo it looks like our jaibreak detection is broken. We will try to fix this. Meanwhile, the workaround is to not have any of these 3 properties in your tiapp.xml.\r\n", "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-04-11T07:42:42.000+0000", "updated": "2016-04-11T07:42:42.000+0000" }, { "id": "382319", "author": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Thanks for the update. Finally, your team can recognise that there is a problem and is an independent issue from the issue posted on stackoverflow since last year.\r\n\r\nFor sdk 5.2.1, no matter you include any of those 3 properties or not, build always contain ptrace with failed submission to app store.\r\n\r\nI assume sdk 5.2.2 is what you are experiencing which is the same behaviour on sdk 5.2.0 in which as long as we do not include any of those properties, it submits fine. \r\n\r\nWe really hope you can fix this problem soon for everyone's benefit and for those who have been using these properties to protect their codes and is in urgent needs to upload a new version to the app store.", "updateAuthor": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-04-11T14:10:27.000+0000", "updated": "2016-04-11T14:10:27.000+0000" }, { "id": "383759", "author": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "body": "[~peterladis] [~ngweixing] Based on our investigations so far, ptrace is only used for detecting debugger, so since our primary concern is detecting jailbreak, please let me know if setting the following properties work for you while we continue to find alternative solutions to this problem.\r\n{code}\r\n remote\r\n false\r\n true \r\n{code}", "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-04-25T02:53:42.000+0000", "updated": "2016-04-25T02:53:42.000+0000" }, { "id": "384154", "author": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "body": "@Chee Kiat Ng Actually our primary concern is getting debugger detect to work and not jailbreak detect. We don't need to detect jailbreak.\r\n\r\nWe want to use debugger detect to protect our code and api keys in the code, etc", "updateAuthor": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-04-28T05:51:50.000+0000", "updated": "2016-04-28T05:51:50.000+0000" }, { "id": "384156", "author": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "body": "Hmm. At the moment we still are unable to find a better way to do debugger detect without the use of ptrace. Will keep you posted see what we can do.", "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-04-28T06:16:54.000+0000", "updated": "2016-04-28T06:16:54.000+0000" }, { "id": "384157", "author": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Ok sure. Thanks for this!", "updateAuthor": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-04-28T06:45:00.000+0000", "updated": "2016-04-28T06:45:00.000+0000" }, { "id": "384319", "author": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hi Kiat, appcelerator is seriously facing big issues with these parameters. We tested with the latest 5.2.2.GA and still fails to submit to testflight because of ptrace. We placed all 3 parameters you suggest from your previous post.\r\n\r\nMay I know if we don't specify remote for appc-sourcecode-encryption-policy, what is the default value? \r\n\r\nNow we just want to ensure encryption policy is remote and set the other 2 to false and still get ptrace problem with 5.2.2.GA.", "updateAuthor": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-04-29T12:56:51.000+0000", "updated": "2016-04-29T12:56:51.000+0000" }, { "id": "384322", "author": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "body": "Don't specify these 3 properties at all, and it'll default to our non-remote encryption. With no jailbreak or debugger detection enabled. Ptrace will not be a problem because the library that has it won't be included [~ngweixing]", "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-04-29T13:13:05.000+0000", "updated": "2016-04-29T13:13:05.000+0000" }, { "id": "385898", "author": { "name": "michael@thecodesharman.com.au", "key": "michael@thecodesharman.com.au", "displayName": "Michael Sharman", "active": true, "timeZone": "Australia/Hobart" }, "body": "I'm also getting this problem with 5.2.2.GA - I'm not specifying any of those 3 properties. Its currently stopping me upload a update to the AppStore?", "updateAuthor": { "name": "michael@thecodesharman.com.au", "key": "michael@thecodesharman.com.au", "displayName": "Michael Sharman", "active": true, "timeZone": "Australia/Hobart" }, "created": "2016-05-17T12:43:49.000+0000", "updated": "2016-05-17T12:43:49.000+0000" }, { "id": "385900", "author": { "name": "michael@thecodesharman.com.au", "key": "michael@thecodesharman.com.au", "displayName": "Michael Sharman", "active": true, "timeZone": "Australia/Hobart" }, "body": "Looks like appc-security-debugger-detect is enabled by default when building for distribution. \r\n\r\nBut even by explicitly turning this off is not enough to remove the _ptrace symbol from the application binary. ", "updateAuthor": { "name": "michael@thecodesharman.com.au", "key": "michael@thecodesharman.com.au", "displayName": "Michael Sharman", "active": true, "timeZone": "Australia/Hobart" }, "created": "2016-05-17T13:35:37.000+0000", "updated": "2016-05-17T15:46:27.000+0000" }, { "id": "385967", "author": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "body": "[~michael@thecodesharman.com.au] That's an interesting problem you have there. I'm quite sure the debugger detect is not enabled by default. Do you think you can provide me with more details?\r\nAre you using any external modules or libraries?\r\n\r\n", "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-05-18T01:58:05.000+0000", "updated": "2016-05-18T01:58:05.000+0000" }, { "id": "386003", "author": { "name": "michael@thecodesharman.com.au", "key": "michael@thecodesharman.com.au", "displayName": "Michael Sharman", "active": true, "timeZone": "Australia/Hobart" }, "body": "No external modules or libraries, I've been trying to figure out where the _ptrace symbol is coming from by passing the using the \"-why_live _ptrace\" option to ld, this is the result:\r\n\r\n_ptrace from /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/iPhoneOS9.3.sdk/usr/lib/libSystem.tbd\r\n _icucfasf7797nnzz from /Users/msharman/Documents/walta/walta-app/build/iphone/lib/libtiverify.a(TiVerify.o)\r\n +[ApplicationRouting initialize] from /Users/msharman/Documents/walta/walta-app/build/iphone/build/Intermediates/Waterbug.build/Release-iphoneos/Waterbug.build/Objects-normal/arm64/ApplicationRouting.o\r\n l_OBJC_$_CLASS_METHODS_ApplicationRouting from /Users/msharman/Documents/walta/walta-app/build/iphone/build/Intermediates/Waterbug.build/Release-iphoneos/Waterbug.build/Objects-normal/arm64/ApplicationRouting.o\r\n l_OBJC_METACLASS_RO_$_ApplicationRouting from /Users/msharman/Documents/walta/walta-app/build/iphone/build/Intermediates/Waterbug.build/Release-iphoneos/Waterbug.build/Objects-normal/arm64/ApplicationRouting.o\r\n _OBJC_METACLASS_$_ApplicationRouting from /Users/msharman/Documents/walta/walta-app/build/iphone/build/Intermediates/Waterbug.build/Release-iphoneos/Waterbug.build/Objects-normal/arm64/ApplicationRouting.o\r\n _OBJC_CLASS_$_ApplicationRouting from /Users/msharman/Documents/walta/walta-app/build/iphone/build/Intermediates/Waterbug.build/Release-iphoneos/Waterbug.build/Objects-normal/arm64/ApplicationRouting.o\r\n ltmp10 from /Users/msharman/Documents/walta/walta-app/build/iphone/build/Intermediates/Waterbug.build/Release-iphoneos/Waterbug.build/Objects-normal/arm64/ApplicationRouting.o\r\n ltmp10 from /Users/msharman/Documents/walta/walta-app/build/iphone/build/Intermediates/Waterbug.build/Release-iphoneos/Waterbug.build/Objects-normal/arm64/ApplicationRouting.o\r\n\r\nSo it looks like it is being linked in from the ApplicationRouting.m code via the libtiverify.o library regardless of any settings. ", "updateAuthor": { "name": "michael@thecodesharman.com.au", "key": "michael@thecodesharman.com.au", "displayName": "Michael Sharman", "active": true, "timeZone": "Australia/Hobart" }, "created": "2016-05-18T06:11:38.000+0000", "updated": "2016-05-18T06:11:53.000+0000" }, { "id": "386006", "author": { "name": "michael@thecodesharman.com.au", "key": "michael@thecodesharman.com.au", "displayName": "Michael Sharman", "active": true, "timeZone": "Australia/Hobart" }, "body": "Also I'm using the appcelerator CLI version 5.3.0-43 for this. I note that the libtiverify.a is symlinked to /Users/msharman/.appcelerator/install/5.3.0-43/package/node_modules/appc-cli-titanium/support/ios/libappcverify.a so this may be related to specifically the appcelerator CLI version ?", "updateAuthor": { "name": "michael@thecodesharman.com.au", "key": "michael@thecodesharman.com.au", "displayName": "Michael Sharman", "active": true, "timeZone": "Australia/Hobart" }, "created": "2016-05-18T06:26:58.000+0000", "updated": "2016-05-18T06:27:06.000+0000" }, { "id": "386007", "author": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "body": "[~michael@thecodesharman.com.au] Do you mind sharing the ApplicationRouting.m content? It's in your build/iphone/Classes/", "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-05-18T06:29:25.000+0000", "updated": "2016-05-18T06:29:25.000+0000" }, { "id": "386012", "author": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "body": "Thanks for pointing that out [~michael@thecodesharman.com.au]. Those are actually 2 different libraries (libtiverify.a vs libappcverify.a). Are you sure they are symlinked? ", "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-05-18T06:42:37.000+0000", "updated": "2016-05-18T06:42:37.000+0000" }, { "id": "386015", "author": { "name": "michael@thecodesharman.com.au", "key": "michael@thecodesharman.com.au", "displayName": "Michael Sharman", "active": true, "timeZone": "Australia/Hobart" }, "body": "Sure this is the content:\r\n{code}\r\n/**\r\n * This code is closed source and Confidential and Proprietary to\r\n * Appcelerator, Inc. All Rights Reserved. This code MUST not be\r\n * modified, copied or otherwise redistributed without express\r\n * written permission of Appcelerator. This file is licensed as\r\n * part of the Appcelerator Platform and governed under the terms\r\n * of the Appcelerator license agreement.\r\n * Copyright (c) 2015 Appcelerator, Inc. All Rights Reserved.\r\n */\r\n#import \r\n#import \r\n#import \"ApplicationRouting.h\"\r\n#import \r\n\r\n#define initializeAppData icucfasf7797nnzz\r\n#define filterAppData sdnmnciuuu66zzaq\r\n\r\nextern NSString * const TI_APPLICATION_GUID;\r\nextern NSData * filterAppData (NSString *filename, NSData * thedata);\r\nextern void initializeAppData (NSString * sha1);\r\n\r\n/**\r\n * gunzip NSData and return as NSData\r\n */\r\nstatic NSData* gunzip(NSData *data) {\r\n\tz_stream zStream;\r\n\tmemset(&zStream, 0, sizeof(zStream));\r\n\tinflateInit2(&zStream, 16);\r\n\r\n\tUInt32 nUncompressedBytes = *(UInt32*)(data.bytes + data.length - 4);\r\n\tNSMutableData* gunzippedData = [NSMutableData dataWithLength:nUncompressedBytes];\r\n\r\n\tzStream.next_in = (Bytef*)data.bytes;\r\n\tzStream.avail_in =(uInt) data.length;\r\n\tzStream.next_out = (Bytef*)gunzippedData.bytes;\r\n\tzStream.avail_out = (uInt)gunzippedData.length;\r\n\r\n\tinflate(&zStream, Z_FINISH);\r\n\tinflateEnd(&zStream);\r\n\r\n\treturn gunzippedData;\r\n}\r\n\r\n/**\r\n * return a char* as hex NSString*\r\n */\r\nstatic NSString* toHexString(unsigned char* data, unsigned int length) {\r\n\tNSMutableString* hash = [NSMutableString stringWithCapacity:length * 2];\r\n\tfor (unsigned int i = 0; i < length; i++) {\r\n\t\t[hash appendFormat:@\"%02x\", data[i]];\r\n\t\tdata[i] = 0;\r\n\t}\r\n\treturn hash;\r\n}\r\n\r\n/**\r\n * sha1 a NSString\r\n */\r\nstatic NSString* sha1Str(NSString *data) {\r\n\tunsigned int outputLength = CC_SHA1_DIGEST_LENGTH;\r\n\tunsigned char output[outputLength];\r\n\tCC_LONG length = (CC_LONG)[data lengthOfBytesUsingEncoding:NSUTF8StringEncoding];\r\n\tCC_SHA1([data UTF8String], length, output);\r\n\treturn toHexString(output,outputLength);\r\n}\r\n\r\n/**\r\n * sha1 a NSData\r\n */\r\nstatic NSData* sha1Data(NSData *data) {\r\n\tunsigned int outputLength = CC_SHA1_DIGEST_LENGTH;\r\n\tunsigned char output[outputLength];\r\n\tCC_SHA1(data.bytes, (unsigned int) data.length, output);\r\n\tNSString *str = toHexString(output,outputLength);\r\n\treturn [str dataUsingEncoding:NSUTF8StringEncoding];\r\n}\r\n\r\n@implementation ApplicationRouting\r\n\r\n+ (void) initialize {\r\n\tNSError *error = nil;\r\n\tNSString *dirsha = sha1Str(TI_APPLICATION_GUID);\r\n\tNSString *dirPath = [[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:dirsha];\r\n\tNSArray *directoryContents = [[NSFileManager defaultManager] contentsOfDirectoryAtPath:dirPath error:&error];\r\n#if !TARGET_OS_IPHONE && TARGET_IPHONE_SIMULATOR\r\n\tNSLog(@\"[INFO] ApplicationRouting initialize, dirPath=%@\",dirPath);\r\n#endif\r\n\tif (error==nil && [directoryContents count] > 0) {\r\n\t\t// sort the files alphabetically\r\n\t\tdirectoryContents = [directoryContents sortedArrayUsingSelector:@selector(localizedCaseInsensitiveCompare:)];\r\n\t\tNSMutableData *shadata = [NSMutableData dataWithCapacity:CC_SHA1_DIGEST_LENGTH];\r\n\t\tfor (NSString *filename in directoryContents) {\r\n\t\t\tNSString *filePath = [dirPath stringByAppendingPathComponent:filename];\r\n\t\t\tNSFileHandle *aHandle = [NSFileHandle fileHandleForReadingAtPath:filePath];\r\n\t\t\tNSData *contentData = [aHandle readDataToEndOfFile];\r\n\t\t\tNSData *sha = sha1Data(contentData);\r\n\t\t\t[shadata appendData:sha];\r\n\t\t}\r\n\t\tNSString *sha = [[[NSString alloc] initWithData:sha1Data(shadata) encoding:NSUTF8StringEncoding] autorelease];\r\n#if !TARGET_OS_IPHONE && TARGET_IPHONE_SIMULATOR\r\n\t\tNSLog(@\"[DEBUG] sha of filenames = [%@]\",sha);\r\n#endif\r\n\t\tinitializeAppData(sha);\r\n\t}\r\n}\r\n\r\n+ (NSData *) resolveAppAsset:(NSString *)path {\r\n#if !TARGET_OS_IPHONE && TARGET_IPHONE_SIMULATOR\r\n\tNSLog(@\"[INFO] resolveAppAsset path %@\",path);\r\n#endif\r\n\tNSString *dirsha = sha1Str(TI_APPLICATION_GUID);\r\n\tNSString *pathsha = sha1Str(path);\r\n\tNSString *filePath = [[[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:dirsha] stringByAppendingPathComponent:pathsha];\r\n\tNSFileHandle *aHandle = [NSFileHandle fileHandleForReadingAtPath:filePath];\r\n\tif (aHandle) {\r\n\t\tNSData *contentData = [aHandle readDataToEndOfFile];\r\n\t\tNSData *unzipData = gunzip(contentData);\r\n\t\treturn filterAppData(path, unzipData);\r\n\t}\r\n\t\r\n\tNSLog(@\"[WARN] couldn't find file %@\",path);\r\n\treturn nil;\r\n}\r\n\r\n@end\r\n{code}", "updateAuthor": { "name": "michael@thecodesharman.com.au", "key": "michael@thecodesharman.com.au", "displayName": "Michael Sharman", "active": true, "timeZone": "Australia/Hobart" }, "created": "2016-05-18T06:56:01.000+0000", "updated": "2016-05-18T07:01:54.000+0000" }, { "id": "386017", "author": { "name": "michael@thecodesharman.com.au", "key": "michael@thecodesharman.com.au", "displayName": "Michael Sharman", "active": true, "timeZone": "Australia/Hobart" }, "body": "Yes this is the contents of my build/iphone/lib folder:\r\n\r\n$ ls -l lib\r\ntotal 32\r\nlrwxr-xr-x 1 msharman staff 94 18 May 16:43 libTiCore.a -> /Users/msharman/Library/Application Support/Titanium/mobilesdk/osx/5.2.2.GA/iphone/libTiCore.a\r\nlrwxr-xr-x 1 msharman staff 103 18 May 16:43 libti_ios_debugger.a -> /Users/msharman/Library/Application Support/Titanium/mobilesdk/osx/5.2.2.GA/iphone/libti_ios_debugger.a\r\nlrwxr-xr-x 1 msharman staff 103 18 May 16:43 libti_ios_profiler.a -> /Users/msharman/Library/Application Support/Titanium/mobilesdk/osx/5.2.2.GA/iphone/libti_ios_profiler.a\r\nlrwxr-xr-x 1 msharman staff 113 18 May 16:43 libtiverify.a -> /Users/msharman/.appcelerator/install/5.3.0-43/package/node_modules/appc-cli-titanium/support/ios/libappcverify.a\r\n", "updateAuthor": { "name": "michael@thecodesharman.com.au", "key": "michael@thecodesharman.com.au", "displayName": "Michael Sharman", "active": true, "timeZone": "Australia/Hobart" }, "created": "2016-05-18T07:03:26.000+0000", "updated": "2016-05-18T07:04:05.000+0000" }, { "id": "386018", "author": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "body": "[~michael@thecodesharman.com.au] Now that's odd. This file should only contain this content if debugger detector is enabled. if you didn't enable it, it should only have:\r\n{code}\r\n/**\r\n * Appcelerator Titanium Mobile\r\n * Copyright (c) 2009-2016 by Appcelerator, Inc. All Rights Reserved.\r\n * Licensed under the terms of the Apache Public License\r\n * Please see the LICENSE included with this distribution for details.\r\n *\r\n * WARNING: This is generated code. Do not modify. Your changes *will* be lost.\r\n */\r\n#import \r\n#import \"ApplicationRouting.h\"\r\n\r\n@implementation ApplicationRouting\r\n\r\n+ (NSData*) resolveAppAsset:(NSString*)path;\r\n{\r\n return nil;\r\n}\r\n\r\n@end\r\n{code}\r\nCan you make 100% sure that your tiapp.xml has ZERO mention of any of these properties:\r\n{code}\r\n remote\r\n false\r\n true \r\n{code}\r\n\r\nIf you are using Ti SDK 5.2.2.GA and you do an appc new, the default created project's tiapp.xml will NOT have these properties. you can make reference to that.", "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-05-18T07:03:49.000+0000", "updated": "2016-05-18T07:03:49.000+0000" }, { "id": "386019", "author": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "body": "Doing a *appc ti clean* would be helpful just in case. I noticed that you have libappcverify.a inside your build/iphone/lib. It shouldn't be there.", "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-05-18T07:05:50.000+0000", "updated": "2016-05-18T07:07:49.000+0000" }, { "id": "386022", "author": { "name": "michael@thecodesharman.com.au", "key": "michael@thecodesharman.com.au", "displayName": "Michael Sharman", "active": true, "timeZone": "Australia/Hobart" }, "body": "I found some references I hadn't noticed previously:\r\n\r\nembed\r\nfalse\r\n\r\nI removed both and the symlink points to libtiverify.a instead of libappcverify.a and there is no longer any _ptrace symbol in the resulting binary !! Excellent! Thanks for that.\r\n\r\nFYI: The ApplicationRouting.m is not the simple file posted above, it appears that the javascript is being encrypted with the key embedded (which is what I thought I specified with the properties above). What I really want is for the encryption not to happen at all: it is unnecessary for us since our javascript is public anyway?", "updateAuthor": { "name": "michael@thecodesharman.com.au", "key": "michael@thecodesharman.com.au", "displayName": "Michael Sharman", "active": true, "timeZone": "Australia/Hobart" }, "created": "2016-05-18T07:26:31.000+0000", "updated": "2016-05-18T07:26:31.000+0000" }, { "id": "386023", "author": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "body": "The basic 'encryption' you are seeing encompasses a way for us to verify that you are using legit titanium sdk when building the project. It's not possible to disable it, but it's nothing to worry about. that stuff has been around since the birth of titanium.", "updateAuthor": { "name": "cng", "key": "cng", "displayName": "Chee Kiat Ng", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2016-05-18T07:34:37.000+0000", "updated": "2016-05-18T07:34:37.000+0000" }, { "id": "386045", "author": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hi Kiat, problems remain that we still can't use the remote encryption policy. I have a feeling that 5.3.0 and above is not stable and causes problem. Hope Appcelerator can test properly by test uploading to test flight.", "updateAuthor": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-05-18T11:30:04.000+0000", "updated": "2016-05-18T11:30:04.000+0000" }, { "id": "390581", "author": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hi Chee Kiat, after 2 months, any update on this?", "updateAuthor": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2016-07-13T06:50:41.000+0000", "updated": "2016-07-13T06:50:41.000+0000" }, { "id": "415827", "author": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "body": "Hi Chee Kiat, so after more than 6 months, still no update on this? When we set the 2 properties in tiapp.xml and submit to app store, it still show the ptrace problem described above with the latest 6.0.3.GA. I am surprised that Appcelerator team still does not address this issue even after more than 6 months. If this feature does not work, at least you should update the Doc and inform us about it rather than leaving this setting hanging in the air.", "updateAuthor": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-03-25T04:00:34.000+0000", "updated": "2017-03-25T04:00:34.000+0000" }, { "id": "416478", "author": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "body": "Hey [~ngweixing], we've reassigned it and checking it out the upcoming sprint, thx! And to be more specific, do you know if only the combination of both or one specific of them is causing the rejection? Here are the two bad-boys again, I guess meant those two as well:\r\n{code}\r\nembed\r\nfalse\r\n{code}\r\nIf it's {{appc-security-debugger-detect}} causing it, then we might have a possible solution already that we could test with you.", "updateAuthor": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "created": "2017-03-31T14:13:49.000+0000", "updated": "2017-03-31T14:17:05.000+0000" }, { "id": "416479", "author": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "body": "thanks Hans! I was surprised these settings still produce the same problem. Hope you can fix this loop hole.", "updateAuthor": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-03-31T14:16:03.000+0000", "updated": "2017-03-31T14:16:03.000+0000" }, { "id": "416480", "author": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "body": "In your documentation, it says\r\n\r\nto turn debugger detect on, appc-sourcecode-encryption-policy has to be set to remote. When we set to remote, it has the ptrace problem. \r\nEven we tried remove appc-security-debugger-detect from tiapp.xml and leave only appc-sourcecode-encryption-policy set to remote, it still has ptrace problem. So i think it is appc-sourcecode-encryption-policy that is the culprit.", "updateAuthor": { "name": "ngweixing", "key": "ngweixing", "displayName": "ngweixing", "active": true, "timeZone": "America/Los_Angeles" }, "created": "2017-03-31T14:20:19.000+0000", "updated": "2017-03-31T14:20:19.000+0000" }, { "id": "419230", "author": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "body": "PR's: \r\n- appc-verify: https://github.com/appcelerator/appc-verify/pull/10\r\n- appc-cli-titanium: https://github.com/appcelerator/appc-cli-titanium/pull/222\r\n\r\n*QE-Test-Steps*:\r\n# Ensure to replace the {{libappcverify.a}} binary from the appc-cli-titanium PR in your local env\r\n# Create a new Titanium app with {{appc new -p ios}}\r\n# Include the following three properties in your tiapp.xml\r\n{code:xml}\r\nremote\r\ntrue\r\ntrue\r\n{code}\r\n# Run your app on the Simulator and Device (should not crash)\r\n# Observe the app-symbols by navigating to {{/build/iphone/build/Products/Debug-iphoneos/.app}} and use {{nm | egrep \"(ptrace)\" | wc -l | sed -e 's/^[ \\t]*//'}}. The result should be {{0}} with the patch and {{2}} (because of the different device-archs) without the patch. Alternatively, you can observe [this files|https://www.dropbox.com/s/5mmdf879mypj0cu/ptrace_before_after.zip?dl=1] that include both the fix and the old version.\r\n\r\nPlease feel free to reach out to me for further questions.\r\n\r\n*Additional Notes*:\r\nWhat I tried to do is to obfuscate the {{ptrace}} method used for the anti-debugger feature. Please note: This is really just a hack and every developer using this feature should be aware that the app could still be rejected because of private API usage (although it should go through now). During my investigations, I've read that people explained the reason for using it to Apple and Apple approved it (and future update) afterwards. This should be documented around the jailbreak / debugger detection.", "updateAuthor": { "name": "hknoechel", "key": "hansknoechel", "displayName": "Hans Knöchel", "active": true, "timeZone": "Europe/Berlin" }, "created": "2017-05-05T21:46:13.000+0000", "updated": "2017-05-06T11:36:18.000+0000" }, { "id": "434937", "author": { "name": "ewieber", "key": "ewieber", "displayName": "Eric Wieber", "active": false, "timeZone": "America/Los_Angeles" }, "body": "FR Passed. Able to have remote source code encryption policy, debugger detect and jailbreak detect enabled and submit to the app store without issue.", "updateAuthor": { "name": "ewieber", "key": "ewieber", "displayName": "Eric Wieber", "active": false, "timeZone": "America/Los_Angeles" }, "created": "2018-02-26T22:06:20.000+0000", "updated": "2018-02-26T22:06:20.000+0000" } ], "maxResults": 58, "total": 58, "startAt": 0 } } }