A growing consensus among the iPhone developer community is that Apple recently began using a static code analysis tool to detect the use of undocumented API calls.
Just for the sake of argument, I wonder if it is possible to bypass this tool by creating a call at runtime as follows:
NSString *const aMethod = @"doStuff:withStuff:";
SEL aSelector = NSSelectorFromString(aMethod);
NSMethodSignature *aSignature = [targetObject methodSignatureForSelector:aSelector];
NSInvokation *anInvokation = [NSInvokation invocationWithMethodSignature:aSignature];
[anInvokation setTarget:targetObject];
[anInvokation setSelector:aSelector];
[anInvokation setArgument:&firstArg atIndex:2];
[anInvokation setArgument:&secondArg atIndex:3];
[anInvokation invoke];
It seems almost too easy, so I wonder - what am I missing? How can Apple detect this using static code analysis on the assembly?
A few points:
- I know that the method name will be stored in binary format as a static string. However, it would be trivial to generate a method name at runtime using stringWithFormat: or another type of small obfuscation (just confuse the static analyzer).
- , gdb - , Apple , , , .