{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}

Code na maelezo zaidi katika [https://mas.owasp.org/MASTG/iOS/0x06h-Testing-Platform-Interaction/#object-persistence](https://mas.owasp.org/MASTG/iOS/0x06h-Testing-Platform-Interaction/#object-persistence).

## Uwekaji wa Vitu katika Maendeleo ya iOS

Katika iOS, **uwekaji wa vitu** unahusisha kubadilisha vitu kuwa katika muundo ambao unaweza kuhifadhiwa au kuhamishwa kwa urahisi, na kisha kuyajenga tena kutoka katika muundo huu inapohitajika. Protokali mbili kuu, **`NSCoding`** na **`NSSecureCoding`**, zinawezesha mchakato huu kwa ajili ya Objective-C au `NSObject` subclasses, kuruhusu vitu kuwekewa katika **`NSData`**, muundo unaofunga buffer za byte.

### **`NSCoding`** Utekelezaji
Ili kutekeleza `NSCoding`, darasa lazima irithi kutoka `NSObject` au iwe imewekwa alama kama `@objc`. Protokali hii inahitaji utekelezaji wa mbinu mbili za kuandika na kusoma mabadiliko ya mfano:
```swift
class CustomPoint: NSObject, NSCoding {
var x: Double = 0.0
var name: String = ""

func encode(with aCoder: NSCoder) {
aCoder.encode(x, forKey: "x")
aCoder.encode(name, forKey: "name")
}

required convenience init?(coder aDecoder: NSCoder) {
guard let name = aDecoder.decodeObject(forKey: "name") as? String else { return nil }
self.init(x: aDecoder.decodeDouble(forKey: "x"), name: name)
}
}
```
### **Kuimarisha Usalama kwa `NSSecureCoding`**
Ili kupunguza udhaifu ambapo washambuliaji wanaingiza data kwenye vitu vilivyoundwa tayari, **`NSSecureCoding`** inatoa protokali iliyoboreshwa. Madarasa yanayokubaliana na `NSSecureCoding` yanapaswa kuthibitisha aina ya vitu wakati wa ufafanuzi, kuhakikisha kwamba ni aina za vitu zinazotarajiwa pekee ndizo zinazoanzishwa. Hata hivyo, ni muhimu kutambua kwamba ingawa `NSSecureCoding` inaboresha usalama wa aina, haifanyi usimbaji wa data au kuhakikisha uadilifu wake, hivyo inahitaji hatua za ziada za kulinda taarifa nyeti:
```swift
static var supportsSecureCoding: Bool {
return true
}

let obj = decoder.decodeObject(of: MyClass.self, forKey: "myKey")
```
## Data Archiving with `NSKeyedArchiver`
`NSKeyedArchiver` na mwenzake, `NSKeyedUnarchiver`, zinawezesha kuandika vitu kwenye faili na baadaye kuvipata. Mekanism hii ni muhimu kwa kuhifadhi vitu:
```swift
NSKeyedArchiver.archiveRootObject(customPoint, toFile: "/path/to/archive")
let customPoint = NSKeyedUnarchiver.unarchiveObjectWithFile("/path/to/archive") as? CustomPoint
```
### Using `Codable` for Simplified Serialization
Protokali ya `Codable` ya Swift inachanganya `Decodable` na `Encodable`, ikirahisisha uandishi na usomaji wa vitu kama `String`, `Int`, `Double`, nk, bila juhudi za ziada:
```swift
struct CustomPointStruct: Codable {
var x: Double
var name: String
}
```
Huu njia inasaidia serialization rahisi kutoka na kwenda kwenye orodha za mali na JSON, ikiboresha usimamizi wa data katika programu za Swift.

## Mbadala wa Uandishi wa JSON na XML
Mbali na msaada wa asili, maktaba kadhaa za upande wa tatu zinatoa uwezo wa uandishi/kuandika JSON na XML, kila moja ikiwa na sifa zake za utendaji na maelezo ya usalama. Ni muhimu kuchagua maktaba hizi kwa makini, hasa ili kupunguza udhaifu kama mashambulizi ya XXE (XML External Entities) kwa kuunda waandishi wa habari ili kuzuia usindikaji wa vitu vya nje.

### Maelezo ya Usalama
Wakati wa kuandika data, hasa kwenye mfumo wa faili, ni muhimu kuwa makini kuhusu uwezekano wa kujumuisha taarifa nyeti. Data iliyosajiliwa, ikiwa itakamatwa au kushughulikiwa vibaya, inaweza kufichua programu kwa hatari kama vitendo visivyoidhinishwa au uvujaji wa data. Inapendekezwa kuandika na kusaini data iliyosajiliwa ili kuboresha usalama.

## Marejeo
* [https://mas.owasp.org/MASTG/iOS/0x06h-Testing-Platform-Interaction/#object-persistence](https://mas.owasp.org/MASTG/iOS/0x06h-Testing-Platform-Interaction/#object-persistence)

{% hint style="success" %}
Learn & practice AWS Hacking:<img src="/.gitbook/assets/arte.png" alt="" data-size="line">[**HackTricks Training AWS Red Team Expert (ARTE)**](https://training.hacktricks.xyz/courses/arte)<img src="/.gitbook/assets/arte.png" alt="" data-size="line">\
Learn & practice GCP Hacking: <img src="/.gitbook/assets/grte.png" alt="" data-size="line">[**HackTricks Training GCP Red Team Expert (GRTE)**<img src="/.gitbook/assets/grte.png" alt="" data-size="line">](https://training.hacktricks.xyz/courses/grte)

<details>

<summary>Support HackTricks</summary>

* Check the [**subscription plans**](https://github.com/sponsors/carlospolop)!
* **Join the** 💬 [**Discord group**](https://discord.gg/hRep4RUj7f) or the [**telegram group**](https://t.me/peass) or **follow** us on **Twitter** 🐦 [**@hacktricks\_live**](https://twitter.com/hacktricks\_live)**.**
* **Share hacking tricks by submitting PRs to the** [**HackTricks**](https://github.com/carlospolop/hacktricks) and [**HackTricks Cloud**](https://github.com/carlospolop/hacktricks-cloud) github repos.

</details>
{% endhint %}