如何准确检测 and/or 是否存在 iOS 越狱?
How do I accurately detect the presence and/or absence of a jailbreak in iOS?
在我参加了一个节目后class,我的一个朋友向我展示了一个应用程序,由于他越狱iPhone.
,他无法通过第一个屏幕。
从那时起,我就对这款应用程序如何能够在不被苹果阻止的情况下检测到越狱感到好奇,作为反越狱的倡导者,我一直在努力寻找一种可靠的检测方法,但没有结果一个越狱的 iOS 设备,如果我决定在 App Store 上发布游戏,可以防止人们作弊。
有没有人知道一种可靠的方法来检测设备的越狱状态,而这种越狱设备不能轻易绕过?
编辑:根据最近的评论,我想澄清一下 post 的目的是分享我从找到那篇文章中获得的知识, 和 提供一个其他用户可以贡献他们的越狱检测方法的地方。
有一天我偶然发现了一篇文章,其中包含我正在寻找的确切答案。
来自 https://www.theiphonewiki.com/wiki/Bypassing_Jailbreak_Detection
While there are countless ways apps can implement checks for jailbroken devices, they typically boil down to the following:
Existence of directories - Check your file system for paths like /Applications/Cydia.app/ and /private/var/stash, amongst a handful of others. Most often, these are checked using the -(BOOL)fileExistsAtPath:(NSString*)path method in NSFileManager, but more sneaky apps like to use lower-level C functions like fopen(), stat(), or access().
Directory permissions - Check the Unix file permissions of specific files and directories using NSFileManager methods as well as C functions like statfs(). Far more directories have write access on a jailbroken device than on one still in jail.
Process forking - sandboxd does not deny App Store applications the ability to use fork(), popen(), or any other C functions to create child processes on non-jailbroken devices. sandboxd explicitly denies process forking on devices in jail. if you check the returned pid on fork(), your app can tell if it has successfully forked or not, at which point it can determine a device's jailbreak status.
SSH loopback connections* - Due to the large portion of jailbroken devices that have OpenSSH installed, some apps will attempt to connect to 127.0.0.1 on port 22. If the connection succeeds, it means OpenSSH is installed and running on the device, therefore it is jailbroken.
system() - Calling the system() function with a NULL argument on a device in jail will return 0; doing the same on a jailbroken device will return 1. This is since the function will check whether /bin/sh exists, and this is only the case on jailbroken devices.[1]
dyld functions - By far the hardest to get around. Calling functions like _dyld_image_count() and _dyld_get_image_name() to see which dylibs are currently loaded. Very difficult to patch, as patches are themselves part of dylibs.
*Only a very small number of applications implement this (as it is not nearly as effective as the others)
以上段落为简洁起见进行了编辑
我想我会 post 将此作为知识共享,供那些应用程序开发人员想知道当所有其他检测越狱的尝试都被 Apple 拒绝时,一个应用程序如何能够成功实施越狱检测。
如果您在 App Store 上发布游戏,阻止所有越狱用户可能无助于您打击应用盗版,因为这会迫使他们获得游戏的盗版版本才能玩(而不是给他们付费玩游戏的可能性)。
您需要检查该游戏是否为 App Store 外的合法版本。但即便如此,破解游戏并发布游戏的人也可能会对其进行修补...
您可以检查当前 运行 可执行文件是否已加密,这是通过查看 this answer.
了解应用程序是否被盗版的好方法
否则,如果它是一款包含应用内购买的免费游戏,进行收据验证有助于阻止大多数绕过应用内购买支付的调整。
但绝对没有办法绝对杜绝盗版。
您总是可以在游戏中提及您是如何开发该游戏的...这可以说服一些人为游戏的正版付费。
在我参加了一个节目后class,我的一个朋友向我展示了一个应用程序,由于他越狱iPhone.
,他无法通过第一个屏幕。从那时起,我就对这款应用程序如何能够在不被苹果阻止的情况下检测到越狱感到好奇,作为反越狱的倡导者,我一直在努力寻找一种可靠的检测方法,但没有结果一个越狱的 iOS 设备,如果我决定在 App Store 上发布游戏,可以防止人们作弊。
有没有人知道一种可靠的方法来检测设备的越狱状态,而这种越狱设备不能轻易绕过?
编辑:根据最近的评论,我想澄清一下 post 的目的是分享我从找到那篇文章中获得的知识, 和 提供一个其他用户可以贡献他们的越狱检测方法的地方。
有一天我偶然发现了一篇文章,其中包含我正在寻找的确切答案。
来自 https://www.theiphonewiki.com/wiki/Bypassing_Jailbreak_Detection
While there are countless ways apps can implement checks for jailbroken devices, they typically boil down to the following:
Existence of directories - Check your file system for paths like/Applications/Cydia.app/and/private/var/stash, amongst a handful of others. Most often, these are checked using the-(BOOL)fileExistsAtPath:(NSString*)pathmethod inNSFileManager, but more sneaky apps like to use lower-level C functions likefopen(),stat(), oraccess().
Directory permissions - Check the Unix file permissions of specific files and directories usingNSFileManagermethods as well as C functions likestatfs(). Far more directories have write access on a jailbroken device than on one still in jail.
Process forking -sandboxddoes not deny App Store applications the ability to usefork(),popen(), or any other C functions to create child processes on non-jailbroken devices.sandboxdexplicitly denies process forking on devices in jail. if you check the returned pid onfork(), your app can tell if it has successfully forked or not, at which point it can determine a device's jailbreak status.
SSH loopback connections* - Due to the large portion of jailbroken devices that have OpenSSH installed, some apps will attempt to connect to 127.0.0.1 on port 22. If the connection succeeds, it means OpenSSH is installed and running on the device, therefore it is jailbroken.
system() - Calling thesystem()function with a NULL argument on a device in jail will return 0; doing the same on a jailbroken device will return 1. This is since the function will check whether/bin/shexists, and this is only the case on jailbroken devices.[1]
dyld functions - By far the hardest to get around. Calling functions like_dyld_image_count()and_dyld_get_image_name()to see which dylibs are currently loaded. Very difficult to patch, as patches are themselves part ofdylibs.
*Only a very small number of applications implement this (as it is not nearly as effective as the others)
以上段落为简洁起见进行了编辑
我想我会 post 将此作为知识共享,供那些应用程序开发人员想知道当所有其他检测越狱的尝试都被 Apple 拒绝时,一个应用程序如何能够成功实施越狱检测。
如果您在 App Store 上发布游戏,阻止所有越狱用户可能无助于您打击应用盗版,因为这会迫使他们获得游戏的盗版版本才能玩(而不是给他们付费玩游戏的可能性)。
您需要检查该游戏是否为 App Store 外的合法版本。但即便如此,破解游戏并发布游戏的人也可能会对其进行修补...
您可以检查当前 运行 可执行文件是否已加密,这是通过查看 this answer.
了解应用程序是否被盗版的好方法否则,如果它是一款包含应用内购买的免费游戏,进行收据验证有助于阻止大多数绕过应用内购买支付的调整。
但绝对没有办法绝对杜绝盗版。
您总是可以在游戏中提及您是如何开发该游戏的...这可以说服一些人为游戏的正版付费。