Anti-Cheat
Hardening Service
General Security
Economy Risk Management
Content Moderation
Note: This article is sourced from Walter Li, Senior Engineer from Anti-Cheat Expert (ACE).
While game piracy on Windows and Android is commonly associated with cracked versions, iOS game piracy receives significantly less discussion. In fact, around 90% of cheat issues on iOS originate from cracked apps. By modifying the game files to circumvent payments and features, these unauthorized versions inflict substantial financial harm on developers and disadvantage legitimate players.
Why is game piracy so rampant on iOS? A key factor is the persistent lack of effective hardening solutions within the industry.
The intrinsic architectural characteristics of iOS impose formidable obstacles to conventional hardening implementations. Primary methodologies including dynamic encryption, static binary rewriting, and toolchain obfuscation each encounter distinct technical impediments within the iOS runtime environment.
Dynamic encryption, which encrypts critical functions during hardening and decrypts them post-launch, faces fundamental prohibitions on iOS. Unlike Android's permissive runtime modification policies, iOS enforces strict memory access constraints through APRR (Apple Page Readonly Reliability). This mechanism lockes loaded Mach-O __TEXT segments as read-only at the memory page level, rendering dynamic code modification impossible during execution.
Where dynamic encryption faces prohibitions, static binary rewriting takes a fundamentally different approach by altering Mach-O binaries to insert custom payloads and redirect function pointers. This necessitates exceptional precision in executable format manipulation. Apple mandates absolute Mach-O specification compliance where minor deviations such as single byte misalignments or section padding errors cause immediate termination or App Store rejection. Following ten years of unsuccessful industry efforts toward compliant rewriting, our team pioneered a novel approach through meticulous analysis of load command dependencies, achieving App Store validated Mach-O rewriting that constitutes the foundation of our iOS hardening technology.
The final method, toolchain obfuscation, replaces Xcode's compilation tools with custom LLVM passes to protect code logic. However, crucially, obfuscation differs from hardening in core objectives: hardening prevents cracked IPA distribution, whereas obfuscation merely elevates static analysis barriers.
Even sophisticated obfuscation fails against dynamic analysis techniques. Once attackers reverse-engineer the logic, the obfuscated binary remains fully modifiable. Furthermore, maintaining custom toolchains imposes significant operational overhead. Xcode's mandatory annual updates require at least yearly adaptations, creating substantial developer experience friction.
To combat cracked apps, Apple integrated trusted hardware and server infrastructure in iOS 14 with its Device Attestation API, a mechanism leveraging Trusted Execution Environments (TEE) to validate app integrity. While effective against data tampering mid-transmission, it still carries critical operational burdens.
In real-world conditions, network disruptions or intentional blocking can prevent the server from receiving any data, leaving developers unable to distinguish between users in poor signal environments and those actively trying to bypass security. Crackers can exploit this by simply blocking verification requests or removing Attest API calls, completely nullifying the mechanism.
Beyond these two drawbacks, this solution has another minor flaw. Server-side verification consumes server resources. Assuming each verification takes 0.1 seconds, and our games typically serve millions to tens of millions of users, you can imagine the immense pressure on the servers. For a game with ten million daily active users, it requires over a hundred dedicated servers just for verification, which also represent significant costs.
To address AttestVerify's limitations, we implemented an innovative client-side solution, bypassing server verification entirely to eliminate network-disruption attacks. Although Apple provides an open-source verification tool written in Kotlin, our server tests revealed significant performance issues: each verification took 200ms. Given iOS's incompatibility with Kotlin (no JVM integration allowed), we rewrote the entire logic in C++ for native compatibility. This approach not only enables iOS integration but also resolves Kotlin's notorious execution inefficiency.
However, the porting process presented significant challenges. Unlike server environments where Java/Kotlin leverage abundant third-party libraries, client-side iOS imposes strict binary constraints. We had to reimplement critical components from scratch in C++, attestation/assertion data parsing, certificate chain validation, elliptic curve digital signature algorithm (ECDSA) verification, etc. By integrating these custom modules, we achieved a fully functional client-side verifier. Benchmark results demonstrate dramatic improvements over the Kotlin reference implementation: 100x faster execution and 1000x smaller binary footprint.
To enhance security, our team developed ObjVM, a proprietary virtual machine that transforms source code through obfuscation, encryption, and compression. This process converts logic into unintelligible data blocks executable only by ObjVM, significantly raising reverse-engineering barriers for attackers. Currently, ObjVM remains unbroken with zero successful logic extraction attempts reported. Its polymorphic engine even enables device-specific behavior variations for identical code.
Finally, instead of requiring source code integration, we implemented a source-free protection mechanism using our in-house Mach-O static merging technology. This allows us to hook any function and redirect game logic into the protected shell, significantly improving resistance to stripping and tampering.
Since its launch in June last year, our solution has been adopted by 30+ games, including titles with over 3.5 million DAU. It has successfully run on over 10 million devices, passed App Store review with a 100% success rate, and had negligible impact on CPU usage and app startup time.
The integration process is equally streamlined. Just one line of initialization code, followed by downloading our CLI tool from the developer portal and executing a single command. This complete package eliminates code modifications, removes developer dependencies, and requires minimal adaptation.
Developers interested in iOS hardening are welcome to contact us for a hands-on trial.
Copyright © 1998 - 2025 Anti-Cheat Expert. All Rights Reserved.
