Record the judgment method of conventional jailbreak

Apple attaches great importance to the security of its products, so it has designed a complex security mechanism for users. This makes programmers who love freedom and advocate openness extremely unhappy, so jailbreaking has become a place where Apple and hackers fight each other repeatedly. In general, jailbreaking allows us to install and share applications at will, but it does reduce the security of the device and provides a convenient door for some malicious applications. Sometimes our application wants to know whether the installed device has been jailbroken. Obviously, Apple officials will not provide a solution, so what should we do? Because cydia will be automatically installed after jailbreaking, we can start from this aspect; we can also use the permission issue to read the list of applications; we can also read environment variables, and machines that are not jailbroken should not be able to read anything.

Let's talk about them one by one:

1. Determine common jailbreak files

/Applications/Cydia.app

/Library/MobileSubstrate/MobileSubstrate.dylib

/bin/bash

/usr/sbin/sshd

/etc/apt

This table can be listed as much as possible, and then it can be determined whether it exists. As long as it exists, it can be considered that the machine is jailbroken.

 #define ARRAY_SIZE(a) sizeof(a)/sizeof(a[ 0 ]) 
 
 const   char * jailbreak_tool_pathes[] = {
 "/Applications/Cydia.app" ,
 "/Library/MobileSubstrate/MobileSubstrate.dylib" ,
 "/bin/bash" ,
 "/usr/sbin/sshd" ,
 "/etc/apt"  
 }; 
 
 - (BOOL)isJailBreak
 {
 for ( int i= 0 ; i<ARRAY_SIZE(jailbreak_tool_pathes); i++) {
 if ([[NSFileManager defaultManager] fileExistsAtPath:[NSString stringWithUTF8String:jailbreak_tool_pathes[i]]]) {
  NSLog(@ "The device is jail broken!" );
 return YES;
 }
 }
  NSLog(@ "The device is NOT jail broken!" );
 return NO;
 }

2. Determine the URL scheme of Cydia

The URL scheme can be used to call out another application in an application. It is a path to a resource (see "How to Call Out Another Application in iOS" for details). This method is used to determine whether the Cydia application exists.

 01.- (BOOL)isJailBreak
 02.
 03. if ([[UIApplication sharedApplication] canOpenURL:[NSURL URLWithString:@ "cydia://" ]]) {
 04.NSLog(@ "The device is jail broken!" );
 05. return YES;
 06.}
 07.NSLog(@ "The device is NOT jail broken!" );
 08. return NO;
 09.}

3. Read the names of all applications in the system

This is determined by taking advantage of the fact that non-jailbroken machines do not have this permission.

 #define USER_APP_PATH @"/User/Applications/"  
 - ( BOOL )isJailBreak
 {
 if ([[NSFileManager defaultManager] fileExistsAtPath:USER_APP_PATH]) {
  NSLog(@ "The device is jail broken!" );
  NSArray *applist = [[NSFileManager defaultManager] contentsOfDirectoryAtPath:USER_APP_PATH error:nil];
  NSLog(@ "applist = %@" , applist);
 return YES;
 }
  NSLog(@ "The device is NOT jail broken!" );
 return NO;
 }

4. Use the stat method to determine whether cydia exists

The idea of ​​this method is to determine the cydia application, but the method uses the stat function and also determines whether there is a dynamic library injected.

 #define CYDIA_APP_PATH "/Applications/Cydia.app"
 int checkInject()
 {
 int ret;
 Dl_info dylib_info;
  int (*func_stat)(const char*, struct stat*) = stat; 
 
  if (( ret = dladdr (func_stat, &dylib_info)) && strncmp(dylib_info.dli_fname, dylib_name, strlen(dylib_name))) {
 return 0;
 }
 return 1;
 } 
 
 int checkCydia()
 {
  // first, check whether library is inject
 struct stat stat_info; 
 
 if (!checkInject()) {
  if ( 0 == stat(CYDIA_APP_PATH, &stat_info)) {
 return 1;
 }
 } else {
 return 1;
 }
 return 0;
 } 
 
 - (BOOL)isJailBreak
 {
 if (checkCydia()) {
  NSLog(@"The device is jail broken!");
 return YES;
 }
  NSLog(@"The device is NOT jail broken!");
 return NO;
 }

5. Read environment variables

 The DYLD_INSERT_LIBRARIES environment variable should be empty on a non-jailbroken machine. A jailbroken machine will basically have Library/MobileSubstrate/MobileSubstrate.dylib
 char * printEnv( void )
 {
 char *env = getenv( "DYLD_INSERT_LIBRARIES" );
 NSLog(@ "%s" , env);
 return env;
 } 
 
 - (BOOL)isJailBreak
 {
 if (printEnv()) {
  NSLog(@ "The device is jail broken!" );
 return YES;
 }
  NSLog(@ "The device is NOT jail broken!" );
 return NO;
 }

Of course, when determining whether a device is jailbroken, you can use multiple methods to ensure accuracy. Here I would also like to say that there are official jailbreaks and non-official jailbreaks, which are not officially guaranteed, so the situation is also complicated and changeable. iOS7 has also improved and upgraded the sandbox mechanism. Some situations may not be suitable for the new version, which still needs to be handled according to the actual situation. In addition, there are some methods such as forking a child thread and looking at the return value, which are not listed here one by one.

***, jailbreaking will increase unsafe factors after all, especially when there are many financial instruments installed, jailbreaking is strongly not recommended.