越狱检测

Posted on

越狱检测

  • 不要用NSFileManager,这是最容易被hook掉的。
  • 检测方法中所用到的函数尽可能用底层的C,如文件检测用stat函数(iPod7.0,越狱机检测越狱常见的会安装的文件只能检测到此步骤,下面的检测不出来)
  • 再进一步,就是检测stat是否出自系统库
  • 再进一步,就是检测链接动态库(尽量不要,appStore可能审核不过)
  • 再进一步,检测程序运行的环境变量

https://blog.csdn.net/zsk_zane/article/details/50698946
https://blog.csdn.net/Zsk_Zane/article/details/50704992
https://blog.csdn.net/zsk_zane/article/details/50698975
https://www.theiphonewiki.com/wiki/Bypassing_Jailbreak_Detection
https://jaq.alibaba.com/community/art/show?articleid=870

https://weibo.com/ttarticle/p/show?id=2309404216824328811237
ios Liberty Lite

ios Block Jailbreak Detection

https://ryleyangus.com/repo/liberty.html

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69

#import <UIKit/UIKit.h>
#import <AdSupport/AdSupport.h>
#include <mach/mach.h>
#include <sys/socket.h>
#include <sys/sysctl.h>
#include <dlfcn.h>
#include <sys/stat.h>
#import <mach-o/loader.h>
#import <mach-o/dyld.h>
#import <mach-o/arch.h>

#pragma mark - Jailbreak

- (BOOL)jailbreak {
    BOOL jailbroken = NO;
    NSString *cydiaPath = @"/Applications/Cydia.app";
    NSString *aptPath = @"/private/var/lib/apt/";
    if ([[NSFileManager defaultManager] fileExistsAtPath:cydiaPath]) {
        jailbroken = YES;
    }
    if ([[NSFileManager defaultManager] fileExistsAtPath:aptPath]) {
        jailbroken = YES;
    }
    struct stat stat_info;
    if (0 == stat("/Library/MobileSubstrate/MobileSubstrate.dylib", &stat_info)) {
        jailbroken = YES;
    }
    if (0 == stat("/Applications/Cydia.app", &stat_info)) {
        jailbroken = YES;
    }
    if (0 == stat("/var/lib/cydia/", &stat_info)) {
        jailbroken = YES;
    }
    if (0 == stat("/var/cache/apt", &stat_info)) {
        jailbroken = YES;
    }
    int ret;
    Dl_info dylib_info;
    int (*func_stat)(const char *,struct stat *) = stat;
    if ((ret = dladdr(func_stat, &dylib_info))) {
        if (strcmp(dylib_info.dli_fname, "/usr/lib/system/libsystem_kernel.dylib")) {
            jailbroken = YES;
        }
    }

    char *env = getenv("DYLD_INSERT_LIBRARIES");
    if (env != NULL) {
        jailbroken = YES;
    }
    return jailbroken;
}


- (NSArray *)loadBinarys {
    NSMutableArray *dyldArr = [NSMutableArray array];
    uint32_t count = _dyld_image_count();
    for(uint32_t i = 0; i < count; i++)
    {
        const char *dyld = _dyld_get_image_name(i);
        NSString *dyldName = [NSString stringWithUTF8String:dyld];
        if([dyldName hasPrefix:@"/usr/lib/"] || [dyldName hasPrefix:@"/System/Library/"] || [dyldName hasPrefix:@"/Developer/Library/"] || [dyldName hasPrefix:@"/Developer/usr/lib/"]){
            continue;
        }
        [dyldArr addObject:dyldName];
    }
    return dyldArr;
}
@end