Ways to detect whether IOS devices are escaping _ios

Source: Internet
Author: User

In the application development process, we want to know whether the device escapes, what permissions are running the program, to take some defensive and security hints.

First, you can try using Nsfilemanager to determine if the device is installed with the following jailbreak common tools:

/applications/cydia.app
/library/mobilesubstrate/mobilesubstrate.dylib
/bin/bash
/usr/sbin/sshd
/etc/apt


But do not write the bool switch method, give the attacker a direct lock on the target hook bypassing the opportunity

Copy Code code as follows:

+ (BOOL) isjailbroken{
if ([[[Nsfilemanager Defaultmanager] fileexistsatpath:@ "/applications/cydia.app"]) {
return YES;
}
// ...
}

Attackers may change the installation path of these tools to avoid your judgment.


So, you can try to open the URL scheme for Cydia application registration:

Copy Code code as follows:

if ([[[UIApplication sharedapplication] canopenurl:[nsurl urlwithstring:@ "Cydia://package/com.example.package"]]) {
NSLog (@ "Device is jailbroken");
}

But not all tools will register URL scheme, and an attacker can modify any URL scheme that is applied.


Then, you can try to read the application list below to see if you have access to:

Copy Code code as follows:
if ([[Nsfilemanager Defaultmanager] fileexistsatpath:@ "/user/applications" /"]) { 
        NSLog (@" Device is jailbroken "); 
  &N bsp;     Nsarray *applist = [[Nsfilemanager Defaultmanager] contentsofdirectoryatpath:@ "/User/ applications/" 
                                                                                   error:nil]; 
         NSLog (@ "applist =%@", applist); 


The more prison equipment is available:

Attackers may hook up Nsfilemanager's methods to make your thoughts impossible.


So, you can avoid nsfilemanager, using STAT series functions to detect Cydia and other tools:

Copy Code code as follows:

#import <sys/stat.h>

void Checkcydia (void)
{
struct stat stat_info;
if (0 = stat ("/applications/cydia.app", &stat_info)) {
NSLog (@ "Device is jailbroken");
}
}

Attackers may use the fishhook principle to hook up Stat.

So you can see if stat is out of the system library and has been replaced by an attacker:

Copy Code code as follows:

#import <dlfcn.h>

void Checkinject (void)
{
int ret;
Dl_info Dylib_info;
Int (*func_stat) (const CHARCHAR *, struct stat *) = stat;
if (ret = DLADDR (Func_stat, &dylib_info)) {
NSLog (@ "Lib:%s", dylib_info.dli_fname);
}
}

If the result is not/usr/lib/system/libsystem_kernel.dylib, then 100% is attacked.
If Libsystem_kernel.dylib is replaced by an attacker ...
So, you might think, I should retrieve whether my application was linked to an exception dynamic library.
List all linked dynamic libraries:
Copy Code code as follows:

#import <mach-o/dyld.h>

void Checkdylibs (void)
{
uint32_t count = _dyld_image_count ();
for (uint32_t i = 0; i < count; ++i) {
NSString *name = [[NSString alloc]initwithutf8string:_dyld_get_image_name (i)];
NSLog (@ "--%@", name);
}
}

Typically, the output containing the jailbreak will contain a string: Library/mobilesubstrate/mobilesubstrate.dylib.


Attackers may rename mobilesubstrate, but the principle is to inject dynamic libraries through dyld_insert_libraries.


You can then detect the environment variables that are running by the current program:

Copy Code code as follows:

void printenv (void)
{
Charchar *env = getenv ("dyld_insert_libraries");
NSLog (@ "%s", env);
}

The result of the escaped device return is null, the jailbreak device has its own wonderful, especially the older version of the iOS versions of the jailbreak environment.

In fact, the easiest way is to see if your device is more than a jailbreak directory, to see a complete point of example:

Copy Code code as follows:

DetectDevice.h

@interface
Uidevice (Helper)

-(BOOL) Isjailbroken;

@end
Detectdevice.m

@implementation
Uidevice (Helper)

-(BOOL) Isjailbroken
{

BOOL
jailbroken = NO;

NSString
*cydiapath = @ "/applications/cydia.app";

NSString
*aptpath = @ "/private/var/lib/apt/";

If

([[[Nsfilemanager Defaultmanager] Fileexistsatpath:cydiapath]) {

Jailbroken
= YES;

}

If

([[[Nsfilemanager Defaultmanager] Fileexistsatpath:aptpath]) {

Jailbroken
= YES;

}

Return

jailbroken;

}

@end


Then call [Uidevice Currentdevice] Isjailbroken in your code, if the return yes is cracked, no, then it's not cracked.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.