1:https证书绑定 可以防止通过设置代理来抓包
<dict>
<key>CFBundleIconName</key>
<string>AppIcon</string>
<key>ITSAppUsesNonExemptEncryption</key>
<false/>
<key>NSAppTransportSecurity</key>
<dict>
<key>NSAllowsArbitraryLoads</key>
<true/>
<key>NSPinnedDomains</key>
<dict>
<key>cademy.yingan.com</key>
<dict>
<key>NSExceptionRequiresForwardSecrecy</key>
<false/>
<key>NSExceptionAllowsInsecureHTTPLoads</key>
<true/>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSExceptionMinimumTLSVersion</key>
<string>TLSv1.3</string>
</dict>
</dict>
</dict>
<key>UIViewControllerBasedStatusBarAppearance</key>
<false/>
</dict>
-----------------
防中间人攻击
<key>NSPinnedDomains</key>
<dict>
<key>cademy.starnet.com</key>
<dict>
<key>NSIncludesSubdomains</key>
<true/>
<key>NSPinnedLeafIdentities</key>
<array>
<dict>
<key>SPKI-SHA256-BASE64</key>
<string>sha256/7A2+9k8Bg6zRVNiFfmLOJdQt+ez1AgXzrqEkvIezkXM=</string>
</dict>
<dict>
<key>SPKI-SHA256-BASE64</key>
<string>sha256/4H6OXny7MqJPbCOTpHyS0fSSUeHk/I5nKbIyuQwnfsA=</string>
</dict>
<dict>
<key>SPKI-SHA256-BASE64</key>
<string>sha256/r/mIkG3eEpVdm+u/ko/cwxzOMo1bk4TyHIlByibiA5E=</string>
</dict>
</array>
</dict>
</dict>
2:防堆栈溢出 增加-fstack-protector-all (貌似不太好使?)
build setting 中 Other C Flags /debug release/ Any Architecture | Any SDK -fstack-protector-all
3:代码混淆 ipaguard工具
Ipa Guard使用常见问题 | ipaguard使用教程
IpaGuard - iOS Application IPA File Obfuscation Encryption Protection Tool
4:360加固助手 需要购买服务 iOS应用加固/8000元/月 应用安装后在下载目录里
5:重签名工具 JGBReSign -- 重签名,未发现有什么用处
6:查看是否加壳 otool -l BYD |grep cryptid 在应用二进制包下执行