iOS 越狱检测

1

//判断⼯具安装路径本期先做成BOOL开关⽅法
//下面路径也可替换为以下常见越狱⼯具路径：
// /Library/MobileSubstrate/MobileSubstrate.dylib
///Applications/Cydia.app   /var/lib/cydia/
///var/cache/apt   /var/lib/apt    /etc/apt
///bin/bash /bin/sh
///usr/sbin/sshd   /usr/libexec/ssh-keysign   /etc/ssh/sshd_config
+ (BOOL)checkPath
{
    BOOL jailBroken = NO;
    NSString * cydiaPath = @"/Applications/Cydia.app";
    NSString * aptPath = @"/private/var/lib/apt";
    if ([[NSFileManager defaultManager] fileExistsAtPath:cydiaPath]) {
        jailBroken = YES;
    }
    if ([[NSFileManager defaultManager] fileExistsAtPath:aptPath]) {
        jailBroken = YES;
    }
    return jailBroken;
}

2

#include <sys/stat.h>
//防hook NSFileManager的⽅法使⽤stat系列函数检测Cydia等⼯具，路径同上
+ (BOOL)checkCydia
{
    struct stat stat_info;
    if (0 == stat("/Applications/Cydia.app", &stat_info)) {
        NSLog(@"Device is jailbroken");
        return YES;
    }
    return NO;
}

3

//检测当前程序运⾏的环境变量，防⽌通过DYLD_INSERT_LIBRARIES注⼊链接异常动态库，来更改相关⼯具名称
+ (BOOL)checkEnv
{
    char *env = getenv("DYLD_INSERT_LIBRARIES");
    NSLog(@"%s", env);
    if (env) {
        return YES;
    }
    return NO;
}

4

#include <sys/stat.h>
#include <dlfcn.h>
+ (BOOL)isStatNotSystemLib {
    
    if(TARGET_IPHONE_SIMULATOR)return NO;
    
    int ret ;
    
    Dl_info dylib_info;
    
    int (*func_stat)(const char *, struct stat *) = stat;
    
    if ((ret = dladdr(&func_stat, &dylib_info))) {
        
        NSString *fName = [NSString stringWithUTF8String: dylib_info.dli_fname];
        
        if(![fName isEqualToString:@"/usr/lib/system/libsystem_kernel.dylib"]){
            
            return YES;
            
        }
        
    }
    return NO;
}

5. 检测链接动态库，检测是否被链接了异常动态库，但动态库相关Api属于私有Api，调⽤的话appStore审核会不通过，所以不列举。

坑：

千万不要通过判断是否可以打开 cydia://为⾸的URL Schema 来判断是否越狱，因为你会发现很多App居然注册了这个URL Type ！！

最后将以上几种方法结合起来，但凡有一条成立，那么手机就有可能越狱了！