0

I'm building an iOS project that includes a sub-project whose symbols I would like exclude from the product's .dSYM DWARF file.

The situation is that the sub-project (a static library) contains valuable proprietary code that I would not want an attacker to be able to symbolicate, even if they had the dSYM files used for resymbolicate crash reports for the whole app. The subproject covers a very specific domain and is well tested independently, so I'm not worried about being unable to resymbolicate stack traces in that code. However, I do need to be able to resymbolicate crash reports for the rest of the app, so I need a dSYM (as distributing symbols with the app is not an option).

I've already managed to make sure that all of the relevant symbols are stripped from the binary, and setting GCC_GENERATE_DEBUGGING_SYMBOLS=NO removed a lot from the dSYM, but I'm still seeing class-private C++ method names inside the dSYM file. For reference, I'm using clang.

How could I produce a dSYM for my app without compromising the symbols of this sub-project?

MxSagan
  • 123
  • 1
  • 7

1 Answers1

0

With a bog-standard Xcode workflow, this might be difficult. You could probably do something with a shell script phase which moves the static library to a different filename ("hides" it) and then runs dsymutil on your main app binary to create a dSYM. Because dsymutil can't find the static library, it won't be able to include any debug information for those functions. Alternatively, you can create a no-debug-info version of the static library although this will take a little bit more scripting. A static library is really a zip file of object (.o) files -- you need to create a directory, extract the .o files (ar x mylib.a), strip the .o files, then create a new static library (ar q mylib-nodebuginfo.a *.o I think) and put that in place before running dsymutil.

I know no on way to selectively remove debug information from a dSYM once it has been created, though. It's possible to do but I don't think anyone has written a tool like that.

Jason Molenda
  • 14,835
  • 1
  • 59
  • 61
  • How do the debug symbols from the sub-project's static library get propagated into the dSYM for the whole app? It seems like this could be accomplished by linking against the static library as if it was a 3rd party library for which I didn't have the debug symbols, but perhaps I don't understand the flow correctly. – MxSagan May 22 '14 at 16:31
  • the debug information lives in the .o files. The static library (a "ranlib library") is a collection of .o files. The main app has pointers (filenames) to the .o files. When you run dsymutil on your app, it follows those filenames to get all the debug info, collects them into the dSYM bundle. – Jason Molenda May 23 '14 at 01:49