某缘App越狱检测分析

July 17, 2019

越狱检测

fopen检测

/bin/bash   
/Applications/Cydia.app
/Library/MobileSubstrate/MobileSubstrate.dylib
/usr/sbin/sshd
/etc/apt

environ检测

MobileSubstrate 
mobilesubstrate

getenv检测

DYLD_INSERT_LIBRARIES

_dyld_get_image_name检测

MobileSubstrate

-[NSFileManager fileExistsAtPath:]检测

/private/var/lib/cydia
/Applications/Cydia.app
/private/var/stash
/private/var/lib/apt/
/user/Applications
/User/Applications
/user/Containers/Bundle/Application
/etc/apt
/usr/sbin/sshd
/bin/bash
/Library/MobileSubstrate/MobileSubstrate.dylib

[NSString writeToFile:atomically:encoding:error:]检测

/private/filename

-[UIApplication URLWithString:]检测

cydia://

设备检测

uname检测

sysctl检测

KERN_BOOTTIME
hw.model
hw.machine
hw.ncpu
kern.boottime
kern.osversion
kern.hostname

NSLocale检测

NSLocaleCountryCode 
preferredLanguages

UIDevice检测

name
systemVersion
systemName

手机运营商检测

carrierName
mobileCountryCode
mobileNetworkCode
isoCountryCode
carrierName
currentRadioAccessTechnology

系统时间检测

NSFileCreationDate
NSFileModificationDate
NSProcessInfo.systemUptime

硬盘检测

NSFileSystemSize
NSFileSystemFreeSize

内存/CPU使用检测

task_info TASK_BASIC_INFO  CPU/MEM
task_thread thread_info
host_statistics  CPU
host_page_size MEM

耳机检测

AVAudioSession.currentRoute.outputs.portType

网络检测

SCNetworkReachabilityGetFlags
FHostGetAddressing
CFNetworkCopySystemProxySettings  VPN检测
getifaddrs
sysctl获取ipv4网关
sysctl获取mac地址
CNCopySupportedInterfaces获取wifi
CFHostGetAddressing DNS检测
CFNetworkCopyProxiesForURL 代理检测

摄像头检测

UIImagePickerController.isSourceTypeAvailable

NSUserDefaults检测

AppleICUForce24HourTime
AppleLocale
AppleLanguages
AppleKeyboards

屏幕检测

bounds
nativeBounds
scale
brightness 亮度
orientation 朝向

时区检测

systemTimeZone

iTunes检测

purchaseDate  app购买时间
acountInfo AppleID账号

app安装时间

fileCreationDate

IDFV/IDFA

电池检测

batteryLevel
batteryState

位置检测

altitude
verticalAccuracy
horizontalAccuracy
coordinate
timestamp

检测app是否被破解

SignerIdentity
ResourceRules.plist
_CodeSignature

←

动态修改iOS网络配置

iOS11上使用lldb调试App

→