As published in the OpenSSL Security Advisory [07 Apr 2014], a security issue has been identified in the TLS heartbeat function of the OpenSSL library.
For more details, refer to TLS heartbeat read overrun (CVE-2014-0160).
The validation code generated by Receigen DOES NOT use any of the SSL functions provided by OpenSSL. Therefore, there is no security vulnerability associated with the generated code.
The assistant only needs few information (the bundle identifier/version, the type of code) to generate the App Store receipt validation code. You can choose to generate code either for Receipt validation or for Receipt/InApp purchase validation. The generated code is ready-to-integrate, documented, debuggable and integrates various protection mechanisms to harden the reverse engineering.
Apple recommends that the validation code should be resilient against circumvention or alteration. Receigen generates code that uses mechanisms like strings obfuscation, constants computation, de-referenced function calls, non-predictible branching, and inlining so the resulting binary code can be hardly reverse-engineered or patched. Moreover, Apple suggests that the validation code should change to not provide a common target. That is why, each time Receigen generates code, it is different.
Ever wanted to know if an application is signed or if what its receipt contains ? Receigen provides an inspector window where you can visualize the signature, the receipt and the entitlements of any OS X application.
The inspector shows whether the application is signed or not and whether the application contains a receipt. It also displays the chain of certification for both the application and the receipt. If the application contains a receipt, the inspector displays all the known attributes it contains.
Need to integrate into Xcode ? Using a Continuous Integration build process for your application ? Receigen can also be used on a command line, making easy to integrate into a building process.
Receigen provides a command line interface that makes it easy to be called inside a Xcode build phase. When invoked, Receigen only generates new validation code if the parameters have changed. See the Xcode integration page to learn how to integrate Receigen with Xcode.