404 Not Found
The requested URL /thread--1.html was not found on this server.06:12:58 UTC
我安装了 syslogd to var/log/syslog ,并重启了iPhone,依旧没有 syslog 文件夹。
iOS8.4.1。
操作步骤: 我就是做书上4.1.1的例子
localhost:iostargetapp senhongtouzi$ make package install
Making all for application iOSTargetApp…
==& Copying resource directories into the application wrapper…
==& Compiling main.m (armv7)…
==& Compiling
==& Compiling
==& Linking application iOSTargetApp (armv7)…
==& Generating debug symbols for iOSTargetApp (armv7)…
==& Compiling main.m (arm64)…
==& Compiling
==& Compiling
==& Linking application iOSTargetApp (arm64)…
==& Generating debug symbols for iOSTargetApp (arm64)…
==& Merging application iOSTargetApp…
==& Signing iOSTargetApp…
Making stage for application iOSTargetApp…
: building package com.dzy.dzytargetapp:iphoneos-arm' in./packages/com.dzy.dzytargetapp_0.0.1-3+debug_iphoneos-arm.deb’
==& Installing…
’s password:
(Reading database … 1220 files and directories currently installed.)
Preparing to unpack /tmp/_theos_install.deb …
Unpacking com.dzy.dzytargetapp (0.0.1-3+debug) over (0.0.1-2+debug) …
Setting up com.dzy.dzytargetapp (0.0.1-3+debug) …
install.exec "su mobile -c uicache"
’s password:
shell-init: error retrieving current directory: getcwd: cannot access parent directories: Permission denied
并没有自动运行安装的app,我是手动运行的。 然后我看不到syslog文件夹。
03:42:57 UTC
这个问题解决了没有
我手机上安装了syslogd to /var/log/syslog
目录里面就是没有这个文件夹
重启以后要修复越狱
03:58:14 UTC
换个工具,用 socat您需要通过验证再能继续浏览 3秒后开始验证
丨 粤ICP备号-10 丨 新三板上市公司威锋科技(836555)
增值电信业务经营许可证:
Powered by Discuz!
(C) Joyslink Inc. All rights reserved 保留所有权利帮忙看看log日志哪个是显示现在电池容量的_百度知道
帮忙看看log日志哪个是显示现在电池容量的
我有更好的答案
cat/var/log/*.log如果日志在更新,如何实时查看tail-f/var/log/messages还可以使用watch-d-n1cat/var/log/messages-d表示高亮不同的地方,-n表示多少秒刷新一次。该指令,不会直接返回命令行,而是实时打印日志文件中新增加的内容,这一特性,对于查看日志是非常有效的。如果想终止输出,按Ctrl+C即可。在Linux系统中,有三个主要的日志子系统: 连接时间日志--由多个程序执行,把纪录写入到/var/log/wtmp和/var/run/utmp,login等程序更新wtmp和utmp文件,使系统管理员能够跟踪谁在何时登录到系统。 进程统计--由系统内核执行。当一个进程终止时,为每个进程往进程统计文件(pacct或acct)中写一个纪录。进程统计的目的是为系统中的基本服务提供命令使用统计。 错误日志--由syslogd(8)执行。各种系统守护进程、用户程序和内核通过syslog(3)向文件/var/log/messages报告值得注意的事件。另外有许多UNIX程序创建日志。像HTTP和FTP这样提供网络服务的服务器也保持详细的日志。 常用的日志文件如下: access-log 纪录HTTP/web的传输 acct/pacct 纪录用户命令 aculog 纪录MODEM的活动 btmp 纪录失败的纪录 lastlog 纪录最近几次成功登录的事件和最后一次不成功的登录 messages 从syslog中记录信息(有的链接到syslog文件)系统启动后的信息和错误日志,是RedHatLinux中最常用的日志之一 sudolog 纪录使用sudo发出的命令 sulog 纪录使用su命令的使用 syslog 从syslog中记录信息(通常链接到messages文件) utmp 纪录当前登录的每个用户 wtmp 一个用户每次登录进入和退出时间的永久纪录 xferlog 纪录FTP会话/var/log/secure与安全相关的日志信息/var/log/maillog与邮件相关的日志信息/var/log/cron与定时任务相关的日志信息/var/log/spooler与UUCP和news设备相关的日志信息/var/log/boot.log守护进程启动和停止相关的日志消息 utmp、wtmp和lastlog日志文件是多数重用UNIX日志子系统的关键--保持用户登录进入和退出的纪录。有关当前登录用户的信息记录在文件utmp中;登录进入和退出纪录在文件wtmp中;最后一次登录文件可以用lastlog命令察看。数据交换、关机和重起也记录在wtmp文件中。所有的纪录都包含时间戳。这些文件(lastlog通常不大)在具有大量用户的系统中增长十分迅速。例如wtmp文件可以无限增长,除非定期截取。许多系统以一天或者一周为单位把wtmp配置成循环使用。它通常由cron运行的脚本来修改。这些脚本重新命名并循环使用wtmp文件。通常,wtmp在第一天结束后命名为wtmp.1;第二天后wtmp.1变为wtmp.2等等,直到wtmp.7。 每次有一个用户登录时,login程序在文件lastlog中察看用户的UID。如果找到了,则把用户上次登录、退出时间和主机名写到标准输出中,然后login程序在lastlog中纪录新的登录时间。在新的lastlog纪录写入后,utmp文件打开并插入用户的utmp纪录。该纪录一直用到用户登录退出时删除。utmp文件被各种命令文件使用,包括who、w、users和finger。 下一步,login程序打开文件wtmp附加用户的utmp纪录。当用户登录退出时,具有更新时间戳的同一utmp纪录附加到文件中。wtmp文件被程序last和ac使用。 具体命令 wtmp和utmp文件都是二进制文件,他们不能被诸如tail命令剪贴或合并(使用cat命令)。用户需要使用who、w、users、last和ac来使用这两个文件包含的信息。 who:who命令查询utmp文件并报告当前登录的每个用户。Who的缺省输出包括用户名、终端类型、登录日期及远程主机。例如:who(回车)显示 chyang pts/0Aug 1815:06 ynguo pts/2Aug 1815:32 ynguo pts/3Aug 1813:55 lewis pts/4Aug 1813:35 ynguo pts/7Aug 1814:12 ylou pts/8Aug 1814:15 如果指明了wtmp文件名,则who命令查询所有以前的纪录。命令who/var/log/wtmp将报告自从wtmp文件创建或删改以来的每一次登录。 w:w命令查询utmp文件并显示当前系统中每个用户和它所运行的进程信息。例如:w(回车)显示:3:36pmup1day,22:34,6users,loadaverage:0.23,0.29,0.27。 USER TTY FROM LOGIN@IDLEJCPUPCPU WHAT chyangpts/.242 3:06pm2:040.08s0.04s-bashynguopts/.47 3:32pm0.00s0.14s0.05 w lewispts/.233 1:55pm30:390.27s0.22s-bash lewispts/.233 1:35pm6.00s4.03s0.01ssh/home/users/ ynguopts/7simba.nic.ustc.e2:12pm0.00s0.47s0.24stelnetmail ylou pts/.235 2:15pm1:09m0.10s0.04s -bash users:users用单独的一行打印出当前登录的用户,每个显示的用户名对应一个登录会话。如果一个用户有不止一个登录会话,那他的用户名将显示相同的次数。例如:users(回车)显示:chyanglewislewisylouynguoynguo last:last命令往回搜索wtmp来显示自从文件第一次创建以来登录过的用户。例如: chyangpts/9 202.38.68.242TueAug108:34-11:23(02:49) cfan pts/6 202.38.64.224TueAug108:33-08:48(00:14) chyangpts/4 202.38.68.242TueAug108:32-12:13(03:40) lewispts/3 202.38.64.233TueAug108:06-11:09(03:03) lewispts/2 202.38.64.233TueAug107:56-11:09(03:12) 如果指明了用户,那么last只报告该用户的近期活动,例如:lastynguo(回车)显示: ynguo pts/4simba.nic.ustc.eFriAug416:50-08:20(15:30) ynguo pts/4simba.nic.ustc.eThuAug323:55-04:40(04:44) ynguo pts/11simba.nic.ustc.eThuAug320:45-22:02(01:16) ynguo pts/0simba.nic.ustc.eThuAug303:17-05:42(02:25) ynguo pts/0simba.nic.ustc.eWedAug201:04-03:161+02:12) ynguo pts/0simba.nic.ustc.eWedAug200:43-00:54(00:11) ynguo pts/9simba.nic.ustc.eThuAug120:30-21:26(00:55) ac:ac命令根据当前的/var/log/wtmp文件中的登录进入和退出来报告用户连结的时间(小时),如果不使用标志,则报告总的时间。例如:ac(回车)显示:total5177.47 ac-d(回车)显示每天的总的连结时间 Aug12total261.87 Aug13total351.39 Aug14total396.09 Aug15total462.63 Aug16total270.45 Aug17total104.29 Todaytotal179.00 ac-p(回车)显示每个用户的总的连接时间 ynguo193.23 yucao3.35 rong133.40 hdai10.52 zjzhu52.87 zqzhou13.14 liangliu24.34 total5178.22 lastlog:lastlog文件在每次有用户登录时被查询。可以使用lastlog命令来检查某特定用户上次登录的时间,并格式化输出上次登录日志/var/log/lastlog的内容。它根据UID排序显示登录名、端口号(tty)和上次登录时间。如果一个用户从未登录过,lastlog显示&**Neverlogged**。注意需要以root运行该命令,例如: rong 5 202.38.64.187 FriAug+ dbb **Neverloggedin** xinchen **Neverloggedin** pb9511 **Neverloggedin** xchen 0 202.38.64.190 SunAug+
为您推荐:
其他类似问题
换一换
回答问题,赢新手礼包
个人、企业类
违法有害信息,请在下方选择后提交
色情、暴力
我们会通过消息、邮箱等方式尽快将举报结果通知您。越狱检测/越狱检测绕过
越狱检测/越狱检测绕过——xCon
一直忽略了越狱检测与越狱检测绕过的问题,因为我认为在app争抢装机率的环境下,是不会在乎对方的设备越狱与否的。但很显然,我忽略了一个问题,app在设计的时候或许会依照设备是否越狱而采取不同的流程,比如说对越狱的设备采取更多的安全措施,在这种场景下,越狱检测是否可靠就成为了关键问题。本篇文章主要介绍越狱检测的常见方法(并配有相应的测试代码),以及最流行的越狱检测绕过插件xCon(会分析该工具会绕过哪些检测方法),最后总结了个人认为的比较可靠的越狱检测方法。
一、越狱检测
(一)《Hacking and Securing iOS Applications》这本书的第13章介绍了以下方面做越狱检测
1. 沙盒完整性校验
根据fork()的返回值判断创建子进程是否成功
(1)返回-1,表示没有创建新的进程
(2)在子进程中,返回0
(3)在父进程中,返回子进程的PID
沙盒如何被破坏,则fork的返回值为大于等于0.
我在越狱设备上,尝试了一下,创建子进程是失败,说明不能根据这种方法来判断是否越狱。xCon对此种方法有检测。
代码如下:
2. 文件系统检查
(1)检查常见的越狱文件是否存在
以下是最常见的越狱文件。可以使用stat函数来判断以下文件是否存在
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&str& style=&line-height: 25&&/Library/&/span&&span class=&typ& style=&line-height: 25&&MobileSubstrate&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&typ& style=&line-height: 25&&MobileSubstrate&/span&&span class=&pun& style=&line-height: 25&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&dylib &/span&&span class=&pun& style=&line-height: 25&&最重要的越狱文件,几乎所有的越狱机都会安装&/span&&span class=&typ& style=&line-height: 25&&MobileSubstrate&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&typ& style=&line-height: 25&&Applications&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&typ& style=&line-height: 25&&Cydia&/span&&span class=&pun& style=&line-height: 25&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&app&/span&&span class=&str& style=&line-height: 25&&/ &/span&&span class=&str& style=&line-height: 25&&/&/span&&span class=&kwd& style=&line-height: 25&&var&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&lib&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&cydia&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pun& style=&line-height: 25&&绝大多数越狱机都会安装&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&kwd& style=&line-height: 25&&var&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&cache&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&apt &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&kwd& style=&line-height: 25&&var&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&lib&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&apt &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&etc&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&apt&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&bin&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&bash &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&bin&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&sh&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&usr&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&sbin&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&sshd &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&usr&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&libexec&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&ssh&/span&&span class=&pun& style=&line-height: 25&&-&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&keysign &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&etc&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&ssh&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&sshd_config &/span&&/p&
代码如下:
(1)返回0,表示指定的文件存在
(2)返回-1,表示执行失败,错误代码存于errno中
&&& ENOENT&&&&&&&& 参数file_name指定的文件不存在
&&& ENOTDIR&&&&&&& 路径中的目录存在但却非真正的目录
&&& ELOOP&&&&&&&&& 欲打开的文件有过多符号连接问题,上限为16符号连接
&&& EFAULT&&&&&&&& 参数buf为无效指针,指向无法存在的内存空间
&&& EACCESS&&&&&&& 存取文件时被拒绝
&&& ENOMEM&&&&&&&& 核心内存不足
&&& ENAMETOOLONG&& 参数file_name的路径名称太长
struct stat {
&&& dev_t&&&&&&&& st_&&&&&& //文件的设备编号
&&& ino_t&&&&&&&& st_&&&&&& //节点
&&& mode_t&&&&&&& st_&&&&& //文件的类型和存取的权限
&&& nlink_t&&&&&& st_&&&& //连到该文件的硬连接数目,刚建立的文件值为1
&&& uid_t&&&&&&&& st_&&&&&& //用户ID
&&& gid_t&&&&&&&& st_&&&&&& //组ID
&&& dev_t&&&&&&&& st_&&&&& //(设备类型)若此文件为设备文件,则为其设备编号
&&& off_t&&&&&&&& st_&&&&& //文件字节数(文件大小)
&&& unsigned long st_&& //块大小(文件系统的I/O 缓冲区大小)
&&& unsigned long st_&&& //块数
&&& time_t&&&&&&& st_&&&& //最后一次访问时间
&&& time_t&&&&&&& st_&&&& //最后一次修改时间
&&& time_t&&&&&&& st_&&&& //最后一次改变时间(指属性)
该方法最简单,也是流程最广的,但最容易被破解。在使用该方法的时候,注意使用底层的c函数&stat函数来判断以下路径名,路径名做编码处理(不要使用base64编码),千万不要使用NSFileManager类,会被hook掉
(2) /etc/fstab文件的大小
该文件描述系统在启动时挂载文件系统和存储设备的详细信息,为了使得/root文件系统有读写权限,一般会修改该文件。虽然app不允许查看该文件的内容,但可以使用stat函数获得该文件的大小。在iOS 5上,未越狱的该文件大小未80字节,越狱的一般只有65字节。
代码如下:
在安装了xCon的越狱设备上运行,result的大小为 ;卸载xCon后在越狱设备上运行,result的大小为66
个人觉得该方法不怎么可靠,并且麻烦,特别是在app在多个iOS版本上运行时。xCon对此种方法有检测,不能采用这种办法
(3)检查特定的文件是否是符号链接文件
iOS磁盘通常会划分为两个分区,一个只读,容量较小的系统分区,和一个较大的用户分区。所有的预装app(例如appstore)都安装在系统分区的/Application文件夹下。在越狱设备上,为了使得第三方软件可以安装在该文件夹下同时又避免占用系统分区的空间,会创建一个符号链接到/var/stash/下。因此可以使用lstat函数,检测/Applications的属性,看是目录,还是符号链接。如果是符号链接,则能确定是越狱设备。
以下列出了一般会创建符号链接的几个文件,可以检查以下文件
&代码如下:
没有检测过未越狱设备的情况,所以不好判断该方法是否有效
(二)http://theiphonewiki.com/wiki/index.php?title=Bypassing_Jailbreak_Detection 给出了以下6种越狱监测方法
1、检测特定目录或文件是否存在
检测文件系统是否存在越狱后才会有的文件,例如/Applications/Cydia.app, /privte/var/stash
一般采用NSFileManager类的- (BOOL)fileExistsAtPath:(&*)path方法(很容易被hook掉)
或者采用底层的C函数,例如fopen(),stat()&or access()
与《Hacking and Securing iOS Applications》的方法2文件系统检查相同
xCon对此种方法有检测
2、检测特定目录或文件的文件访问权限
检测文件系统中特定文件或目录的unix文件访问权限(还有大小),越狱设备较之未越狱设备有太多的目录或文件具备写权限
一般采用NSFileManager类的- (BOOL)isWritableFileAtPath:(&*)path(很容易被hook掉)
或者采用底层的C函数,例如statfs()
xCon对此种方法有检测
3、检测是否能创建子进程
检测能否创建子进程,在非越狱设备上,由于沙箱保护机制,是不允许进程的
可以调用一些会创建子进程的C函数,例如fork(),popen()
与《Hacking and Securing iOS Applications》的方法1沙盒完整性检查相同
xCon对此种方法有检测
4、检测能否执行ssh本地连接
检测能否执行ssh本地连接,在绝大多数的非越狱设备上,一般会安装OpenSSH(ssh服务端),如果能检测到ssh 127.0.0.1 -p 22连接成功,则说明为越狱机
xCon对此种方法有检测
5、检测system()函数的返回值
检测system()函数的返回值,调用sytem()函数,不要任何参数。在越狱设备上会返回1,在非越狱设备上会返回0
sytem()函数如果不要参数会报错
6、检测dylib(动态链接库)的内容
这种方法是目前最靠谱的方法,调用_dyld_image_count()和_dyld_get_image_name()来看当前有哪些dylib被加载
测试结果:&
使用下面代码就可以知道目标iOS设备加载了哪些dylib
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&com& style=&line-height: 25&&#include&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&str& style=&line-height: 25&&&string.h&&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&com& style=&line-height: 25&&#import &/span&&span class=&com& style=&line-height: 25&&&mach-o/loader.h&&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&com& style=&line-height: 25&&#import &/span&&span class=&com& style=&line-height: 25&&&mach-o/dyld.h&&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&com& style=&line-height: 25&&#import &/span&&span class=&com& style=&line-height: 25&&&mach-o/arch.h&&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&kwd& style=&line-height: 25&&void&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& printDYLD&/span&&span class=&pun& style=&line-height: 25&&()&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&{&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&com& style=&line-height: 25&&//Get count of all currently loaded DYLD&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&typ& style=&line-height: 25&&uint32_t&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& count &/span&&span class=&pun& style=&line-height: 25&&=&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&_dyld_image_count&/span&&span class=&pun& style=&line-height: 25&&();&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&kwd& style=&line-height: 25&&for&/span&&span class=&pun& style=&line-height: 25&&(&/span&&span class=&typ& style=&line-height: 25&&uint32_t&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& i &/span&&span class=&pun& style=&line-height: 25&&=&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&lit& style=&line-height: 25&&0&/span&&span class=&pun& style=&line-height: 25&&;&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& i &/span&&span class=&pun& style=&line-height: 25&&&&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& count&/span&&span class=&pun& style=&line-height: 25&&;&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& i&/span&&span class=&pun& style=&line-height: 25&&++)&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&pun& style=&line-height: 25&&{&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&        &/span&&span class=&com& style=&line-height: 25&&//Name of image (includes full path)&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&        &/span&&span class=&kwd& style=&line-height: 25&&const&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&kwd& style=&line-height: 25&&char&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&pun& style=&line-height: 25&&*&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&dyld &/span&&span class=&pun& style=&line-height: 25&&=&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&_dyld_get_image_name&/span&&span class=&pun& style=&line-height: 25&&(&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&i&/span&&span class=&pun& style=&line-height: 25&&);&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&        &/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&        &/span&&span class=&com& style=&line-height: 25&&//Get name of file&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&        &/span&&span class=&kwd& style=&line-height: 25&&int&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& slength &/span&&span class=&pun& style=&line-height: 25&&=&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&strlen&/span&&span class=&pun& style=&line-height: 25&&(&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&dyld&/span&&span class=&pun& style=&line-height: 25&&);&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&        &/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&        &/span&&span class=&kwd& style=&line-height: 25&&int&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& j&/span&&span class=&pun& style=&line-height: 25&&;&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&        &/span&&span class=&kwd& style=&line-height: 25&&for&/span&&span class=&pun& style=&line-height: 25&&(&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&j &/span&&span class=&pun& style=&line-height: 25&&=&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& slength &/span&&span class=&pun& style=&line-height: 25&&-&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&lit& style=&line-height: 25&&1&/span&&span class=&pun& style=&line-height: 25&&;&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& j&/span&&span class=&pun& style=&line-height: 25&&&=&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&lit& style=&line-height: 25&&0&/span&&span class=&pun& style=&line-height: 25&&;&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&pun& style=&line-height: 25&&--&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&j&/span&&span class=&pun& style=&line-height: 25&&)&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&            &/span&&span class=&kwd& style=&line-height: 25&&if&/span&&span class=&pun& style=&line-height: 25&&(&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&dyld&/span&&span class=&pun& style=&line-height: 25&&[&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&j&/span&&span class=&pun& style=&line-height: 25&&]&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&pun& style=&line-height: 25&&==&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&str& style=&line-height: 25&&'/'&/span&&span class=&pun& style=&line-height: 25&&)&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&kwd& style=&line-height: 25&&break&/span&&span class=&pun& style=&line-height: 25&&;&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&       &/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&        &/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&printf&/span&&span class=&pun& style=&line-height: 25&&(&/span&&span class=&str& style=&line-height: 25&&&%s\n&&/span&&span class=&pun& style=&line-height: 25&&,&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&  dyld&/span&&span class=&pun& style=&line-height: 25&&);&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&pun& style=&line-height: 25&&}&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&printf&/span&&span class=&pun& style=&line-height: 25&&(&/span&&span class=&str& style=&line-height: 25&&&\n&&/span&&span class=&pun& style=&line-height: 25&&);&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&}&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&kwd& style=&line-height: 25&&int&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& main&/span&&span class=&pun& style=&line-height: 25&&(&/span&&span class=&kwd& style=&line-height: 25&&int&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& argc&/span&&span class=&pun& style=&line-height: 25&&,&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&kwd& style=&line-height: 25&&char&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&pun& style=&line-height: 25&&*&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&argv&/span&&span class=&pun& style=&line-height: 25&&[])&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&{&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&printDYLD&/span&&span class=&pun& style=&line-height: 25&&();&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&
&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&typ& style=&line-height: 25&&NSAutoreleasePool&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&pun& style=&line-height: 25&&*&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&pool &/span&&span class=&pun& style=&line-height: 25&&=&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&pun& style=&line-height: 25&&[[&/span&&span class=&typ& style=&line-height: 25&&NSAutoreleasePool&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&alloc&/span&&span class=&pun& style=&line-height: 25&&]&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&init&/span&&span class=&pun& style=&line-height: 25&&];&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&kwd& style=&line-height: 25&&int&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& retVal &/span&&span class=&pun& style=&line-height: 25&&=&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&typ& style=&line-height: 25&&UIApplicationMain&/span&&span class=&pun& style=&line-height: 25&&(&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&argc&/span&&span class=&pun& style=&line-height: 25&&,&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& argv&/span&&span class=&pun& style=&line-height: 25&&,&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&kwd& style=&line-height: 25&&nil&/span&&span class=&pun& style=&line-height: 25&&,&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&kwd& style=&line-height: 25&&nil&/span&&span class=&pun& style=&line-height: 25&&);&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&pun& style=&line-height: 25&&[&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&pool &/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&release&/span&&span class=&pun& style=&line-height: 25&&];&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&kwd& style=&line-height: 25&&return&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& retVal&/span&&span class=&pun& style=&line-height: 25&&;&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&}&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&/p&下图显示了我的iOS设备当前加载的dylib的路径,最下面就可以看到xCon
此种方法存在一个问题,是否能通过app store审核呢?
二、越狱检测绕过——xCon
可以从Cydia中安装,是目前为止最强大的越狱检测工具。由n00neimp0rtant与Lunatik共同开发,它据说patch了目前所知的所有越狱检测方法(也有不能patch的应用)。估计是由于影响太大了,目前已不开放源码了。
安装xCon后,会有两个文件xCon.dylib与xCon.plist出现在设备/Library/MobileSubstrate/DynamicLibraries目录下
(1)xCon.plist
该文件为过滤文件,标识在调用com.apple.UIKit时加载xCon.dylib
(2) xCon.dylib
可以使用otool工具将该文件的text section反汇编出来从而了解程序的具体逻辑(在windows下可以使用IDA Pro查看)
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0);&&DANI&/span&&span class=&pun&&-&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&LEE&/span&&span class=&pun&&-&/span&&span class=&lit&&2&/span&&span class=&pun&&:&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&iostools danqingdani$ otool &/span&&span class=&pun&&-&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&tV xCon&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&dylib &/span&&span class=&pun&&&&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&xContextsection &/span&&/p&可以根据文件中的函数名,同时结合该工具的原理以及越狱检测的一些常用手段(文章第一部分有介绍)来猜其逻辑,例如越狱检测方法中的文件系统检查,会根据特定的文件路径名来匹配,我们可以使用strings查看文件中的内容,看看会有哪些文件路径名。
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0);&&DANI&/span&&span class=&pun&&-&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&LEE&/span&&span class=&pun&&-&/span&&span class=&lit&&2&/span&&span class=&pun&&:&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&IAP tools danqingdani$ strings xCon&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&dylib &/span&&span class=&pun&&&&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&xConReadable&/span&&/p&以下是xCon中会匹配的文件名
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&str&&/usr/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&bin&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&sshd&/span&
&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&usr&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&libexec&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&sftp&/span&&span class=&pun&&-&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&server&/span&
&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&usr&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&sbin&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&sshd&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&bin&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&bash&/span&
&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&bin&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&sh&/span&
&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&bin&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&sw&/span&
&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&etc&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&apt&/span&
&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&etc&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&fstab&/span&
&span class=&pun&&/&/span&&span class=&typ&&Applications&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&blackra1n&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&app&/span&
&span class=&pun&&/&/span&&span class=&typ&&Applications&/span&&span class=&pun&&/&/span&&span class=&typ&&Cydia&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&app&/span&
&span class=&pun&&/&/span&&span class=&typ&&Applications&/span&&span class=&pun&&/&/span&&span class=&typ&&Cydia&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&app&/span&&span class=&pun&&/&/span&&span class=&typ&&Info&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&plist&/span&
&span class=&pun&&/&/span&&span class=&typ&&Applications&/span&&span class=&pun&&/&/span&&span class=&typ&&Cycorder&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&app&/span&
&span class=&pun&&/&/span&&span class=&typ&&Applications&/span&&span class=&pun&&/&/span&&span class=&typ&&Loader&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&app&/span&
&span class=&pun&&/&/span&&span class=&typ&&Applications&/span&&span class=&pun&&/&/span&&span class=&typ&&FakeCarrier&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&app&/span&
&span class=&pun&&/&/span&&span class=&typ&&Applications&/span&&span class=&pun&&/&/span&&span class=&typ&&Icy&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&app&/span&
&span class=&pun&&/&/span&&span class=&typ&&Applications&/span&&span class=&pun&&/&/span&&span class=&typ&&IntelliScreen&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&app&/span&
&span class=&pun&&/&/span&&span class=&typ&&Applications&/span&&span class=&pun&&/&/span&&span class=&typ&&MxTube&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&app&/span&
&span class=&pun&&/&/span&&span class=&typ&&Applications&/span&&span class=&pun&&/&/span&&span class=&typ&&RockApp&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&app&/span&
&span class=&pun&&/&/span&&span class=&typ&&Applications&/span&&span class=&pun&&/&/span&&span class=&typ&&SBSettings&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&app&/span&
&span class=&pun&&/&/span&&span class=&typ&&Applications&/span&&span class=&pun&&/&/span&&span class=&typ&&WinterBoard&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&app&/span&
&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&bin&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&bash&/span&&span class=&pun&&/&/span&&span class=&typ&&Applications&/span&&span class=&pun&&/&/span&&span class=&typ&&Cydia&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&app&/span&
&span class=&pun&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&LaunchDaemons&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&com&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&openssh&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&sshd&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&plist&/span&
&span class=&pun&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&Frameworks&/span&&span class=&pun&&/&/span&&span class=&typ&&CydiaSubstrate&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&framework&/span&
&span class=&pun&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&MobileSubstrate&/span&
&span class=&pun&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&MobileSubstrate&/span&&span class=&str&&/&/span&
&span class=&str&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&MobileSubstrate&/span&&span class=&pun&&/&/span&&span class=&typ&&DynamicLibraries&/span&
&span class=&pun&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&MobileSubstrate&/span&&span class=&pun&&/&/span&&span class=&typ&&DynamicLibraries&/span&&span class=&str&&/&/span&
&span class=&str&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&MobileSubstrate&/span&&span class=&pun&&/&/span&&span class=&typ&&DynamicLibraries&/span&&span class=&pun&&/&/span&&span class=&typ&&LiveClock&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&plist&/span&
&span class=&pun&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&MobileSubstrate&/span&&span class=&pun&&/&/span&&span class=&typ&&DynamicLibraries&/span&&span class=&pun&&/&/span&&span class=&typ&&Veency&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&plist&/span&
&span class=&pun&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&MobileSubstrate&/span&&span class=&pun&&/&/span&&span class=&typ&&DynamicLibraries&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&xCon&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&plist&/span&
&span class=&pun&&/&/span&&span class=&kwd&&private&/span&&span class=&pun&&/&/span&&span class=&kwd&&var&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&lib&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&apt&/span&
&span class=&pun&&/&/span&&span class=&kwd&&private&/span&&span class=&pun&&/&/span&&span class=&kwd&&var&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&lib&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&apt&/span&&span class=&str&&/&/span&
&span class=&str&&/&/span&&span class=&kwd&&private&/span&&span class=&pun&&/&/span&&span class=&kwd&&var&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&lib&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&cydia&/span&
&span class=&pun&&/&/span&&span class=&kwd&&private&/span&&span class=&pun&&/&/span&&span class=&kwd&&var&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&mobile&/span&&span class=&pun&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&SBSettings&/span&&span class=&pun&&/&/span&&span class=&typ&&Themes&/span&
&span class=&pun&&/&/span&&span class=&kwd&&private&/span&&span class=&pun&&/&/span&&span class=&kwd&&var&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&stash&/span&
&span class=&pun&&/&/span&&span class=&kwd&&private&/span&&span class=&pun&&/&/span&&span class=&kwd&&var&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&tmp&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&cydia&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&log&/span&
&span class=&pun&&/&/span&&span class=&typ&&System&/span&&span class=&pun&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&LaunchDaemons&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&com&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&ikey&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&bbot&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&plist&/span&
&span class=&pun&&/&/span&&span class=&typ&&System&/span&&span class=&pun&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&LaunchDaemons&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&com&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&saurik&/span&&span class=&pun&&.&/span&&span class=&typ&&Cydia&/span&&span class=&pun&&.&/span&&span class=&typ&&Startup&/span&&span class=&pun&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&plist&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span lang=&EN-US& style=&font-family: 宋体; font-size: 10.5&&&span class=&pln& style=&color: rgb(0, 0, 0);&&NzI0MS9MaWJyYXJ5L01vYmlsZVN1YnN0cmF0ZQ&/span&&span class=&pun&&==&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&  &/span&&span class=&pun&&(&/span&&/span&&span style=&font-family: 宋体; font-size: 10.5&&&span class=&pun&&对应&/span&&span lang=&EN-US&&&span class=&lit&&7241&/span&&span class=&pun&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&MobileSubstrate&/span&&/span&&span class=&pun&&)&/span&&/span&&/p&
通过分析,xCon会绕过以下越狱检测方法
& & & &(1)根据是否存在特定的越狱文件,及特定文件的权限是否发生变化来判断设备是否越狱
fileExistsAtPath:
fileExistsAtPath:isDirectory:
filePermission:
fileSystemIsValid:
checkFileSystemWithPath:forPermissions:
mobileSubstrateWorkaround
detectIllegalApplication:
(2)根据沙箱完整性检测设备是否越狱
canUseFork&
(3)根据文件系统的分区是否发生变化来检测设备是否越狱
partitionsModified&
(4)根据是否安装ssh来判断设备是否越狱
总之,要做好越狱检测,建议使用底层的c语言函数进行,用于越狱检测的特征字符也需要做混淆处理,检测函数名也做混淆处理。第一部分介绍的以下三种方法,可以尝试一下
(1)检查常见的越狱文件是否存在,使用stat(),检查以下文件是否存在
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&str& style=&line-height: 25&&/Library/&/span&&span class=&typ& style=&line-height: 25&&MobileSubstrate&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&typ& style=&line-height: 25&&MobileSubstrate&/span&&span class=&pun& style=&line-height: 25&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&dylib &/span&&span class=&pun& style=&line-height: 25&&最重要的越狱文件,几乎所有的越狱机都会安装&/span&&span class=&typ& style=&line-height: 25&&MobileSubstrate&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&typ& style=&line-height: 25&&Applications&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&typ& style=&line-height: 25&&Cydia&/span&&span class=&pun& style=&line-height: 25&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&app&/span&&span class=&str& style=&line-height: 25&&/ &/span&&span class=&str& style=&line-height: 25&&/&/span&&span class=&kwd& style=&line-height: 25&&var&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&lib&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&cydia&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pun& style=&line-height: 25&&绝大多数越狱机都会安装&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&kwd& style=&line-height: 25&&var&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&cache&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&apt &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&kwd& style=&line-height: 25&&var&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&lib&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&apt &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&etc&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&apt&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&bin&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&bash &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&bin&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&sh&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&usr&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&sbin&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&sshd &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&usr&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&libexec&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&ssh&/span&&span class=&pun& style=&line-height: 25&&-&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&keysign &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&etc&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&ssh&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&sshd_config &/span&&/p&
(2)检查特定的文件是否是符号链接文件,使用lstat(),检查以下文件是否为符号链接文件
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&str&&/Applications&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&str&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&Ringtones&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun&&/&/span&&span class=&typ&&Library&/span&&span class=&pun&&/&/span&&span class=&typ&&Wallpaper&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&usr&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&include&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&usr&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&libexec&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&usr&/span&&span class=&pun&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0);&&share&/span&&/p&
& &(3)检差dylib(动态链接库)的内容,使用_dyld_image_count与_dyld_get_image_name,检查是否包含越狱插件的dylib文件
http://theiphonewiki.com/wiki/index.php?title=XCon
http://theiphonewiki.com/wiki/index.php?title=Bypassing_Jailbreak_Detection
越狱检测/越狱检测绕过——xCon
一直忽略了越狱检测与越狱检测绕过的问题,因为我认为在app争抢装机率的环境下,是不会在乎对方的设备越狱与否的。但很显然,我忽略了一个问题,app在设计的时候或许会依照设备是否越狱而采取不同的流程,比如说对越狱的设备采取更多的安全措施,在这种场景下,越狱检测是否可靠就成为了关键问题。本篇文章主要介绍越狱检测的常见方法(并配有相应的测试代码),以及最流行的越狱检测绕过插件xCon(会分析该工具会绕过哪些检测方法),最后总结了个人认为的比较可靠的越狱检测方法。
一、越狱检测
(一)《Hacking and Securing iOS Applications》这本书的第13章介绍了以下方面做越狱检测
1. 沙盒完整性校验
根据fork()的返回值判断创建子进程是否成功
(1)返回-1,表示没有创建新的进程
(2)在子进程中,返回0
(3)在父进程中,返回子进程的PID
沙盒如何被破坏,则fork的返回值为大于等于0.
我在越狱设备上,尝试了一下,创建子进程是失败,说明不能根据这种方法来判断是否越狱。xCon对此种方法有检测。
代码如下:
2. 文件系统检查
(1)检查常见的越狱文件是否存在
以下是最常见的越狱文件。可以使用stat函数来判断以下文件是否存在
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&str& style=&line-height: 25&&/Library/&/span&&span class=&typ& style=&line-height: 25&&MobileSubstrate&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&typ& style=&line-height: 25&&MobileSubstrate&/span&&span class=&pun& style=&line-height: 25&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&dylib &/span&&span class=&pun& style=&line-height: 25&&最重要的越狱文件,几乎所有的越狱机都会安装&/span&&span class=&typ& style=&line-height: 25&&MobileSubstrate&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&typ& style=&line-height: 25&&Applications&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&typ& style=&line-height: 25&&Cydia&/span&&span class=&pun& style=&line-height: 25&&.&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&app&/span&&span class=&str& style=&line-height: 25&&/ &/span&&span class=&str& style=&line-height: 25&&/&/span&&span class=&kwd& style=&line-height: 25&&var&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&lib&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&cydia&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pun& style=&line-height: 25&&绝大多数越狱机都会安装&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&kwd& style=&line-height: 25&&var&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&cache&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&apt &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&kwd& style=&line-height: 25&&var&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&lib&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&apt &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&etc&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&apt&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&bin&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&bash &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&bin&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&sh&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&usr&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&sbin&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&sshd &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&usr&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&libexec&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&ssh&/span&&span class=&pun& style=&line-height: 25&&-&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&keysign &/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&etc&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&ssh&/span&&span class=&pun& style=&line-height: 25&&/&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&sshd_config &/span&&/p&
代码如下:
(1)返回0,表示指定的文件存在
(2)返回-1,表示执行失败,错误代码存于errno中
&&& ENOENT&&&&&&&& 参数file_name指定的文件不存在
&&& ENOTDIR&&&&&&& 路径中的目录存在但却非真正的目录
&&& ELOOP&&&&&&&&& 欲打开的文件有过多符号连接问题,上限为16符号连接
&&& EFAULT&&&&&&&& 参数buf为无效指针,指向无法存在的内存空间
&&& EACCESS&&&&&&& 存取文件时被拒绝
&&& ENOMEM&&&&&&&& 核心内存不足
&&& ENAMETOOLONG&& 参数file_name的路径名称太长
struct stat {
&&& dev_t&&&&&&&& st_&&&&&& //文件的设备编号
&&& ino_t&&&&&&&& st_&&&&&& //节点
&&& mode_t&&&&&&& st_&&&&& //文件的类型和存取的权限
&&& nlink_t&&&&&& st_&&&& //连到该文件的硬连接数目,刚建立的文件值为1
&&& uid_t&&&&&&&& st_&&&&&& //用户ID
&&& gid_t&&&&&&&& st_&&&&&& //组ID
&&& dev_t&&&&&&&& st_&&&&& //(设备类型)若此文件为设备文件,则为其设备编号
&&& off_t&&&&&&&& st_&&&&& //文件字节数(文件大小)
&&& unsigned long st_&& //块大小(文件系统的I/O 缓冲区大小)
&&& unsigned long st_&&& //块数
&&& time_t&&&&&&& st_&&&& //最后一次访问时间
&&& time_t&&&&&&& st_&&&& //最后一次修改时间
&&& time_t&&&&&&& st_&&&& //最后一次改变时间(指属性)
该方法最简单,也是流程最广的,但最容易被破解。在使用该方法的时候,注意使用底层的c函数&stat函数来判断以下路径名,路径名做编码处理(不要使用base64编码),千万不要使用NSFileManager类,会被hook掉
(2) /etc/fstab文件的大小
该文件描述系统在启动时挂载文件系统和存储设备的详细信息,为了使得/root文件系统有读写权限,一般会修改该文件。虽然app不允许查看该文件的内容,但可以使用stat函数获得该文件的大小。在iOS 5上,未越狱的该文件大小未80字节,越狱的一般只有65字节。
代码如下:
在安装了xCon的越狱设备上运行,result的大小为 ;卸载xCon后在越狱设备上运行,result的大小为66
个人觉得该方法不怎么可靠,并且麻烦,特别是在app在多个iOS版本上运行时。xCon对此种方法有检测,不能采用这种办法
(3)检查特定的文件是否是符号链接文件
iOS磁盘通常会划分为两个分区,一个只读,容量较小的系统分区,和一个较大的用户分区。所有的预装app(例如appstore)都安装在系统分区的/Application文件夹下。在越狱设备上,为了使得第三方软件可以安装在该文件夹下同时又避免占用系统分区的空间,会创建一个符号链接到/var/stash/下。因此可以使用lstat函数,检测/Applications的属性,看是目录,还是符号链接。如果是符号链接,则能确定是越狱设备。
以下列出了一般会创建符号链接的几个文件,可以检查以下文件
&代码如下:
没有检测过未越狱设备的情况,所以不好判断该方法是否有效
(二)http://theiphonewiki.com/wiki/index.php?title=Bypassing_Jailbreak_Detection 给出了以下6种越狱监测方法
1、检测特定目录或文件是否存在
检测文件系统是否存在越狱后才会有的文件,例如/Applications/Cydia.app, /privte/var/stash
一般采用NSFileManager类的- (BOOL)fileExistsAtPath:(&*)path方法(很容易被hook掉)
或者采用底层的C函数,例如fopen(),stat()&or access()
与《Hacking and Securing iOS Applications》的方法2文件系统检查相同
xCon对此种方法有检测
2、检测特定目录或文件的文件访问权限
检测文件系统中特定文件或目录的unix文件访问权限(还有大小),越狱设备较之未越狱设备有太多的目录或文件具备写权限
一般采用NSFileManager类的- (BOOL)isWritableFileAtPath:(&*)path(很容易被hook掉)
或者采用底层的C函数,例如statfs()
xCon对此种方法有检测
3、检测是否能创建子进程
检测能否创建子进程,在非越狱设备上,由于沙箱保护机制,是不允许进程的
可以调用一些会创建子进程的C函数,例如fork(),popen()
与《Hacking and Securing iOS Applications》的方法1沙盒完整性检查相同
xCon对此种方法有检测
4、检测能否执行ssh本地连接
检测能否执行ssh本地连接,在绝大多数的非越狱设备上,一般会安装OpenSSH(ssh服务端),如果能检测到ssh 127.0.0.1 -p 22连接成功,则说明为越狱机
xCon对此种方法有检测
5、检测system()函数的返回值
检测system()函数的返回值,调用sytem()函数,不要任何参数。在越狱设备上会返回1,在非越狱设备上会返回0
sytem()函数如果不要参数会报错
6、检测dylib(动态链接库)的内容
这种方法是目前最靠谱的方法,调用_dyld_image_count()和_dyld_get_image_name()来看当前有哪些dylib被加载
测试结果:&
使用下面代码就可以知道目标iOS设备加载了哪些dylib
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&com& style=&line-height: 25&&#include&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&str& style=&line-height: 25&&&string.h&&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&com& style=&line-height: 25&&#import &/span&&span class=&com& style=&line-height: 25&&&mach-o/loader.h&&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&com& style=&line-height: 25&&#import &/span&&span class=&com& style=&line-height: 25&&&mach-o/dyld.h&&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&com& style=&line-height: 25&&#import &/span&&span class=&com& style=&line-height: 25&&&mach-o/arch.h&&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&kwd& style=&line-height: 25&&void&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& printDYLD&/span&&span class=&pun& style=&line-height: 25&&()&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pun& style=&line-height: 25&&{&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&com& style=&line-height: 25&&//Get count of all currently loaded DYLD&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&typ& style=&line-height: 25&&uint32_t&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& count &/span&&span class=&pun& style=&line-height: 25&&=&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&_dyld_image_count&/span&&span class=&pun& style=&line-height: 25&&();&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&kwd& style=&line-height: 25&&for&/span&&span class=&pun& style=&line-height: 25&&(&/span&&span class=&typ& style=&line-height: 25&&uint32_t&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& i &/span&&span class=&pun& style=&line-height: 25&&=&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&lit& style=&line-height: 25&&0&/span&&span class=&pun& style=&line-height: 25&&;&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& i &/span&&span class=&pun& style=&line-height: 25&&&&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& count&/span&&span class=&pun& style=&line-height: 25&&;&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& i&/span&&span class=&pun& style=&line-height: 25&&++)&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&    &/span&&span class=&pun& style=&line-height: 25&&{&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&        &/span&&span class=&com& style=&line-height: 25&&//Name of image (includes full path)&/span&&/p&
&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&        &/span&&span class=&kwd& style=&line-height: 25&&const&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&kwd& style=&line-height: 25&&char&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&pun& style=&line-height: 25&&*&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&dyld &/span&&span class=&pun& style=&line-height: 25&&=&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&& &/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&_dyld_get_image_name&/span&&span class=&pun& style=&line-height: 25&&(&/span&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&i&/span&&span class=&pun& style=&line-height: 25&&);&/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&        &/span&&/p&&p style=&padding-top: 0 padding-bottom: 0 margin-top: 0 margin-bottom: 10&&&span class=&pln& style=&color: rgb(0, 0, 0); line-height: 25&&        &/span&&span class=&com& style=&line-he
