Step‑by‑Step Guide to Obfuscating Objective‑C iOS Apps

Origin

Using classdump to dump an iOS binary reveals all function signatures, variable names and class structures, which makes reverse‑engineering easy for attackers; therefore code obfuscation is required to protect the app.

Start Obfuscation

1. Add Required Files

Create two empty files in the project root: confuse.sh and func.list. Use the terminal to navigate to the project directory and run touch confuse.sh and touch func.list. After creation, add both files to the Xcode project.

2. Populate confuse.sh

Open confuse.sh and paste the script from the referenced “Objective‑C code obfuscation” tutorial (link provided in the original article).

3. Add a .pch File

Create a .pch file (pre‑compiled header) in the project. After adding it, insert the line #import "codeObfuscation.h" into the .pch file. Resolve any compilation errors before proceeding.

4. Configure Build Phase

In Xcode, open the target’s Build Phases , click the + button, choose New Run Script Phase , and set the script path to the previously created confuse.sh file.

5. Specify Classes to Obfuscate

Copy the source code of any .h/.m class you wish to obfuscate and paste it into func.list. Build the project; the tool will rename the class’s methods and properties.

6. Verify Obfuscation

After a successful build, inspect the compiled binary or the Xcode output to confirm that method and property names have been scrambled.

Limitations

This method works only for classes that have both .h and .m files; static libraries containing only header files cannot be obfuscated with this approach.