1
//判断⼯具安装路径本期先做成BOOL开关⽅法
//下面路径也可替换为以下常见越狱⼯具路径:
// /Library/MobileSubstrate/MobileSubstrate.dylib
///Applications/Cydia.app /var/lib/cydia/
///var/cache/apt /var/lib/apt /etc/apt
///bin/bash /bin/sh
///usr/sbin/sshd /usr/libexec/ssh-keysign /etc/ssh/sshd_config
+ (BOOL)checkPath
{
BOOL jailBroken = NO;
NSString * cydiaPath = @"/Applications/Cydia.app";
NSString * aptPath = @"/private/var/lib/apt";
if ([[NSFileManager defaultManager] fileExistsAtPath:cydiaPath]) {
jailBroken = YES;
}
if ([[NSFileManager defaultManager] fileExistsAtPath:aptPath]) {
jailBroken = YES;
}
return jailBroken;
}
2
#include <sys/stat.h>
//防hook NSFileManager的⽅法使⽤stat系列函数检测Cydia等⼯具,路径同上
+ (BOOL)checkCydia
{
struct stat stat_info;
if (0 == stat("/Applications/Cydia.app", &stat_info)) {
NSLog(@"Device is jailbroken");
return YES;
}
return NO;
}
3
//检测当前程序运⾏的环境变量,防⽌通过DYLD_INSERT_LIBRARIES注⼊链接异常动态库,来更改相关⼯具名称
+ (BOOL)checkEnv
{
char *env = getenv("DYLD_INSERT_LIBRARIES");
NSLog(@"%s", env);
if (env) {
return YES;
}
return NO;
}
4
#include <sys/stat.h>
#include <dlfcn.h>
+ (BOOL)isStatNotSystemLib {
if(TARGET_IPHONE_SIMULATOR)return NO;
int ret ;
Dl_info dylib_info;
int (*func_stat)(const char *, struct stat *) = stat;
if ((ret = dladdr(&func_stat, &dylib_info))) {
NSString *fName = [NSString stringWithUTF8String: dylib_info.dli_fname];
if(![fName isEqualToString:@"/usr/lib/system/libsystem_kernel.dylib"]){
return YES;
}
}
return NO;
}
5. 检测链接动态库,检测是否被链接了异常动态库,但动态库相关Api属于私有Api,调⽤的话appStore审核会不通过,所以不列举。
坑:
千万不要通过判断是否可以打开 cydia://为⾸的URL Schema 来判断是否越狱,因为你会发现很多App居然注册了这个URL Type !!
最后将以上几种方法结合起来,但凡有一条成立,那么手机就有可能越狱了!
网友评论