iOS 越狱检测

2022-06-23  本文已影响0人  风依旧_c080

1

//判断⼯具安装路径本期先做成BOOL开关⽅法
//下面路径也可替换为以下常见越狱⼯具路径:
// /Library/MobileSubstrate/MobileSubstrate.dylib
///Applications/Cydia.app   /var/lib/cydia/
///var/cache/apt   /var/lib/apt    /etc/apt
///bin/bash /bin/sh
///usr/sbin/sshd   /usr/libexec/ssh-keysign   /etc/ssh/sshd_config
+ (BOOL)checkPath
{
    BOOL jailBroken = NO;
    NSString * cydiaPath = @"/Applications/Cydia.app";
    NSString * aptPath = @"/private/var/lib/apt";
    if ([[NSFileManager defaultManager] fileExistsAtPath:cydiaPath]) {
        jailBroken = YES;
    }
    if ([[NSFileManager defaultManager] fileExistsAtPath:aptPath]) {
        jailBroken = YES;
    }
    return jailBroken;
}

2

#include <sys/stat.h>
//防hook NSFileManager的⽅法使⽤stat系列函数检测Cydia等⼯具,路径同上
+ (BOOL)checkCydia
{
    struct stat stat_info;
    if (0 == stat("/Applications/Cydia.app", &stat_info)) {
        NSLog(@"Device is jailbroken");
        return YES;
    }
    return NO;
}

3

//检测当前程序运⾏的环境变量,防⽌通过DYLD_INSERT_LIBRARIES注⼊链接异常动态库,来更改相关⼯具名称
+ (BOOL)checkEnv
{
    char *env = getenv("DYLD_INSERT_LIBRARIES");
    NSLog(@"%s", env);
    if (env) {
        return YES;
    }
    return NO;
}

4

#include <sys/stat.h>
#include <dlfcn.h>
+ (BOOL)isStatNotSystemLib {
    
    if(TARGET_IPHONE_SIMULATOR)return NO;
    
    int ret ;
    
    Dl_info dylib_info;
    
    int (*func_stat)(const char *, struct stat *) = stat;
    
    if ((ret = dladdr(&func_stat, &dylib_info))) {
        
        NSString *fName = [NSString stringWithUTF8String: dylib_info.dli_fname];
        
        if(![fName isEqualToString:@"/usr/lib/system/libsystem_kernel.dylib"]){
            
            return YES;
            
        }
        
    }
    return NO;
}

5. 检测链接动态库,检测是否被链接了异常动态库,但动态库相关Api属于私有Api,调⽤的话appStore审核会不通过,所以不列举。

坑:

千万不要通过判断是否可以打开 cydia://为⾸的URL Schema 来判断是否越狱,因为你会发现很多App居然注册了这个URL Type !!

最后将以上几种方法结合起来,但凡有一条成立,那么手机就有可能越狱了!

上一篇 下一篇

猜你喜欢

热点阅读