How do I accurately detect the presence and/or absence of a jailbreak in iOS?

时间:2016-02-03 04:13:26

标签: ios jailbreak detection cydia

After I attended a programming class, one of my friends showed me an app that would not allow him get past the first screen due to his jailbroken iPhone.

Since then I have been intrigued as to how the app was able to detect the jailbreak without being blocked by apple and, being the anti-jailbreak advocate that I am, I kept fruitlessly trying to find a reliable way to detect a jailbroken iOS device to prevent people from cheating if I ever decided to release a game on the App Store.

Does anyone know of a reliable method(s) to detect a device's jailbreak status that cannot be easily bypassed by said jailbroken device?

EDIT: based on recent comments, I would just like to clarify that the intention of this post is to share the knowledge I gained from finding that article, and to provide a place where other users can contribute their methods of jailbreak detection.

2 个答案:

答案 0 :(得分:3)

The other day I stumbled across an article containing the exact answer I was looking for.

From https://www.theiphonewiki.com/wiki/Bypassing_Jailbreak_Detection

While there are countless ways apps can implement checks for jailbroken devices, they typically boil down to the following:

Existence of directories - Check your file system for paths like /Applications/Cydia.app/ and /private/var/stash, amongst a handful of others. Most often, these are checked using the -(BOOL)fileExistsAtPath:(NSString*)path method in NSFileManager, but more sneaky apps like to use lower-level C functions like fopen(), stat(), or access().

Directory permissions - Check the Unix file permissions of specific files and directories using NSFileManager methods as well as C functions like statfs(). Far more directories have write access on a jailbroken device than on one still in jail.

Process forking - sandboxd does not deny App Store applications the ability to use fork(), popen(), or any other C functions to create child processes on non-jailbroken devices. sandboxd explicitly denies process forking on devices in jail. if you check the returned pid on fork(), your app can tell if it has successfully forked or not, at which point it can determine a device's jailbreak status.

SSH loopback connections* - Due to the large portion of jailbroken devices that have OpenSSH installed, some apps will attempt to connect to 127.0.0.1 on port 22. If the connection succeeds, it means OpenSSH is installed and running on the device, therefore it is jailbroken.

system() - Calling the system() function with a NULL argument on a device in jail will return 0; doing the same on a jailbroken device will return 1. This is since the function will check whether /bin/sh exists, and this is only the case on jailbroken devices.[1]

dyld functions - By far the hardest to get around. Calling functions like _dyld_image_count() and _dyld_get_image_name() to see which dylibs are currently loaded. Very difficult to patch, as patches are themselves part of dylibs.

*Only a very small number of applications implement this (as it is not nearly as effective as the others)

the above passage was edited for brevity

I figured I'd post this here as a knowledge-share for those app developers wondering how that one app was able to successfully implement jailbreak detection when all other attempts at detecting jailbreak get rejected by Apple.

答案 1 :(得分:2)

Blocking all jailbroken users probably wouldn't help you fight app piracy if you released a game on the App Store because it would force them to get a pirated version of the game to be able to play (instead of giving them the possibility to pay to play the game).

What you'd want is to check if the game is a legit version off the App Store. But even that could be potentially patched by the guys who crack games to release them...

You can check if the currently running executable is encrypted, which is a good way to know if the app has been pirated by looking at this answer.

Otherwise if it's a free game with in-app purchase, doing receipt validation helps block out most tweaks that get around paying for in-app purchases.

But there's definitely no way to absolutely block out app piracy.

You could always mention how had you worked on that game within the game... That could convince a few persons to pay for the legit version of the game.