Skip to content

Instantly share code, notes, and snippets.

@ddrccw

ddrccw/hello.h

Created January 14, 2014 04:03
Show Gist options
  • Save ddrccw/8412847 to your computer and use it in GitHub Desktop.
Save ddrccw/8412847 to your computer and use it in GitHub Desktop.
Download ZIP
detect jailbreak
Raw
hello.h
//
// Created by ddrccw on 14-1-10.
// Copyright (c) 2014年 ddrccw. All rights reserved.
// refer to http://danqingdani.blog.163.com/blog/static/1860941952012102122847478/
#import <sys/stat.h>
#import <mach-o/dyld.h>
//#import <stdlib.h>
//#import <string.h>
//#import <unistd.h>
/*
* 沙盒完整性校验
*/
static inline bool sandbox_integrity_compromised(void) __attribute__((always_inline));
/*
* Filesystem检测
*/
static inline bool jailbreak_file_check(void) __attribute__((always_inline));
static inline bool symbolic_linking_check(void) __attribute__((always_inline));
static inline bool dyld_check(void) __attribute__((always_inline));
/*
* check all above
*/
static inline bool hello(void) __attribute__((always_inline));
bool hello() {
return (sandbox_integrity_compromised() || jailbreak_file_check() ||
symbolic_linking_check() || dyld_check());
}
#pragma clang diagnostic push
#pragma clang diagnostic ignored "-Wunused-function"
bool sandbox_integrity_compromised(){
int result = fork();
if (!result) /* The child should exit, if it spawned */
exit(0);
if (result >= 0) { /* If the fork succeeded, we're jailbroken */
return true;
}
else {
return false;
}
}
bool jailbreak_file_check(){
struct stat s;
if (!stat("/Applications/Cydia.app", &s)) {
return true;
}
else if (!stat("/Library/MobileSubstrate/MobileSubstrate.dylib", &s)) {
return true;
}
else if (!stat("/var/cache/apt", &s)) {
return true;
}
else if (!stat("/var/lib/cydia", &s)) {
return true;
}
else if (!stat("/var/log/syslog", &s)) {
return true;
}
else if (!stat("/var/tmp/cydia.log", &s)) {
return true;
}
else if (!stat("/bin/bash", &s)) {
return true;
}
else if (!stat("/bin/sh", &s)) {
return true;
}
else if (!stat("/usr/sbin/sshd", &s)) {
return true;
}
else if (!stat("/usr/libexec/ssh-keysign", &s)) {
return true;
}
else if (!stat("/etc/ssh/sshd_config", &s)) {
return true;
}
else if (!stat("/etc/apt", &s)) {
return true;
}
return false;
}
bool symbolic_linking_check(){
struct stat s;
if (!lstat("/Applications", &s)) {
if (s.st_mode & S_IFLNK) return true;
}
else if (!lstat("/Library/Ringtones", &s)) {
if (s.st_mode & S_IFLNK) return true;
}
else if (!lstat("/Library/Wallpaper", &s)) {
if (s.st_mode & S_IFLNK) return true;
}
else if (!lstat("/usr/arm-apple-darwin9", &s)) {
if (s.st_mode & S_IFLNK) return true;
}
else if (!lstat("/usr/include", &s)) {
if (s.st_mode & S_IFLNK) return true;
}
else if (!lstat("/usr/libexec", &s)) {
if (s.st_mode & S_IFLNK) return true;
}
else if (!lstat("/usr/share", &s)) {
if (s.st_mode & S_IFLNK) return true;
}
return false;
}
bool dyld_check()
{
//Get count of all currently loaded DYLD
uint32_t count = _dyld_image_count();
for(uint32_t i = 0; i < count; i++)
{
//Name of image (includes full path)
const char *dyld = _dyld_get_image_name(i);
if(!strstr(dyld, "MobileSubstrate")) {
continue;
}
else {
return true;
}
}
return false;
}
#pragma clang diagnostic pop
@argbat
Copy link

argbat commented Feb 1, 2022
edited
Loading

lstat for symlink shouldn't be
if (lstat("/Application", &file_info) == 0 && (file_info.st_mode & S_IFMT) == S_IFLNK)
?

@ddrccw
Copy link
Author

ddrccw commented Feb 16, 2022

@argbat they are the same.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment