Attack and Defense Against jailbreak Detection
In the process of application development, we want to know whether the device is jailbroken, what permissions are being used to run the program, and take defense and security prompt measures accordingly.
Compared with earlier versions, iOS7 has upgraded the sandbox mechanism and blocked the portal for sharing data with almost all application sandboxes. Even in the case of jailbreak, there are many restrictions, greatly increasing the difficulty of attacks at the application layer. For example, before iOS7, we can try to write a file out of the sandbox to determine whether it is jailbroken, but iOS7 does not have this permission after jailbreak, and the old method will cause a false positive.
So how should we detect jailbreak? What If attackers break the attack? This article focuses on the attack and defense of jailbreak detection.
<喎?http: www.bkjia.com kf ware vc " target="_blank" class="keylink"> Release/Io6zE47/release/GwstewwcvI58/C1L3T/release + PGJyIC8 + PGJyIC8 + release + Lmlu/fV39axvdPL + LaoxL + release + rvhPGJyIC8 + release "brush: java; "> + (BOOL) isJailbroken {if ([[NSFileManager defaultManager] fileExistsAtPath: @"/Applications/Cydia. app "]) {return YES ;}//...}
Attackers may change the installation path of these tools to avoid your judgment.
Then, you can try to open the URL scheme registered by the cydia application:
if([[UIApplication sharedApplication] canOpenURL:[NSURL URLWithString:@"cydia://package/com.example.package"]]){ NSLog(@"Device is jailbroken");}
However, not all tools register URL scheme, and attackers can modify the URL scheme of any application.
Then, you can try to read the Application List to see if you have the following permissions:
if ([[NSFileManager defaultManager] fileExistsAtPath:@"/User/Applications/"]){ NSLog(@"Device is jailbroken"); NSArray *applist = [[NSFileManager defaultManager] contentsOfDirectoryAtPath:@"/User/Applications/" error:nil]; NSLog(@"applist = %@",applist);}
Attackers may hook up the NSFileManager method to make your ideas unfeasible.
Then, you can avoid NSFileManager and use tools such as stat series functions to detect Cydia:
#import
void checkCydia(void){ struct stat stat_info; if (0 == stat("/Applications/Cydia.app", &stat_info)) { NSLog(@"Device is jailbroken"); }}
Attackers may use the Fishhook principle to hook up stat.
Then, you can check whether stat is from the system database and whether it has been replaced by an attacker:
#import
void checkInject(void){ int ret ; Dl_info dylib_info; int(*func_stat)(const char *, struct stat *) = stat; if ((ret = dladdr(func_stat, &dylib_info))) { NSLog(@"lib :%s", dylib_info.dli_fname); }}
There's nothing to defend against, too ......
Then, you may wonder if your application is linked to an Abnormal dynamic library.
List all linked dynamic libraries:
#import
void checkDylibs(void){ uint32_t count = _dyld_image_count(); for (uint32_t i = 0 ; i < count; ++i) { NSString *name = [[NSString alloc]initWithUTF8String:_dyld_get_image_name(i)]; NSLog(@"--%@", name); }}
void printEnv(void){ char *env = getenv("DYLD_INSERT_LIBRARIES"); NSLog(@"%s", env);}
If no jailbreaking device returns null, The jailbreaking device has its own advantages, especially in the old iOS version jailbreak environment.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
