My app is a not free tweak app for jailbroken iOS device, it uses server side license verification, but someone falsify the hosts from my domain to the fake domain. How can I avoid this hacking?
Asked
Active
Viewed 72 times
0
-
1Depends how the license verification works. For example you could exchange certificates. Sounds like your implementation is lacking somewhat. – trojanfoe Jan 30 '16 at 10:09
-
@trojanfoe, yes the verification implementation is simple and has been spied clearly by some hackers. Because I use this simple implementation in the versions at early period, but now, customers use different versions include old and new. To compatible the different versions, I keep using the simple implementation. Most of time it works well, but recently it is hacked by hosts falsifying. Should I use RAS? Or https? I've thought about https, but which looks useless for that hacking way, am I right? Thank you! – Suge Jan 30 '16 at 10:19
-
1Well it needs to use an encrypted connection, for sure, but the client needs to verify the server, so ensure you have a proper SSL certificate and then you can simply verify the fingerprint. They are cheap to buy these days. This question isn't really about programming, though, is it... – trojanfoe Jan 30 '16 at 12:14
-
I find it slightly ironic that you're surprised that a verification scheme was broken on a jailbroken device. That is all. – Avi Jan 30 '16 at 18:02
-
@trojanfoe, thank you very much, I got it. – Suge Jan 31 '16 at 01:29