I was playing around with Apple's Testflight lately. Everything works fine, I can upload and test my app internally. However, I stumbled about something curious while looking into it.
I looked at the traffic generated by the Testflight app and noticed that it is requesting the IPA to install from phobos.apple.com. However, the server's response doesn't seem to be a valid zip archive/IPA. When I download the IPA manually, I can neither install nor unzip it. It seems to be corrupt.
On further inspection it looks like this IPA is indeed a zip archive (there are the local file headers, central directory entries, and the EOCD header, as well as most of the filenames in plaintext). A lot of things don't make any sense though. For example, the EOCD header states that there are 38 central directory entries, but when searching for the central directory headers, I only find 32 occurences. Additionally, some of the file names are partly scrambled.
All things considered, it looks like some parts of the zip archive are somehow scrambled/encrypted. By running some experiments with different filenames I was able to determine that the binary data seems to be partitioned into blocks of 512 byte, with the first 112 bytes being scrambled, seemingly meaningless data and the remaining 400 bytes is just regular plaintext/zip data.
I couldn't determine yet how exactly the data is scrambled, just that a different "key" is used for each block. Right now I suspect, it's some kind of protection mechanism to prevent unauthorized installations.
But why would Apple implement it this way? Why not just encrypt the file? Is this maybe some kind of integrated checksum mechanism?
If anybody can tell me more about what's going on here, or can point me to some resources I'm missing, I would really like to know more about this..
Aucun commentaire:
Enregistrer un commentaire