发表新帖
发表新帖

What changes in a jailbroken kernel?

后端 未结
关注
2 901
眼角桃花
眼角桃花 2021-01-30 21:24

Having seen this question on protecting your app from being cracked, I saw that the top answerer mentioned something about being able to see if a device was jailbroken by some i

相关标签:
2条回答
  • 日久生厌
    2021-01-30 21:57

    All the "modern" kernel patches are based on comex's patches.

    the main things which are being patched are:

    • security.mac.proc_enforce
    • cs_enforcement_disable (kernel and AMFI)
    • PE_i_can_has_debugger
    • vm_map_enter
    • vm_map_protect

    Oh, and there are sandbox patches too. If you wanna read more about all these patches I suggest you take a look at iOS Hacker's Handbook.

    Edit: I just came up with a simple idea to check if the device is jailbroken, but I'm not sure if Apple allows the use of these functions:

    1. allocate some memory using mach_vm_allocate()

    2. change the protection of that page via mach_vm_protect() to VM_PROT_READ | VM_PROT_EXECUTE | VM_PROT_COPY

    3. Since the stock iOS doesn't allow VM_PROT_EXECUTE from inside your app this will fail, check the return value of mach_vm_protect(), when not jailbroken, but succeed if the device is jailbroken.

    0 讨论(0)
  • 梦如初夏
    2021-01-30 22:09

    About a year ago, saurik wrote a comment on Hacker News with a list of the "'best practice' patches that jailbreaks install by default". I'd suggest reading that comment for all the details, but here is a preview of what he says (with lots of explanation that I snipped out):

    1. AFC2: allows you to access, over USB, all of / as root instead of just /var/mobile/Media as mobile.

    2. fstab / rw: makes / be mounted read-write.

    3. fstab /var suid dev: allows setuid executables and device nodes on the user data partition.

    4. codesign: allow code that has not been signed by anyone to execute.

    5. codehash: allow processes with "corrupt" pages of code to execute.

    6. rw->rx: supports changing a page of memory from writable to executable.

    7. rwx: allows memory to be marked for write and execute at the same time.

    8. sandbox: allow processes to access files that are outside of their sandbox based on Unix permissions rather than the normal sandbox rules.

    9. crazeles: a ludicrously complicated hack by planetbeing that neuters the FairPlay DRM checks that cause iBooks to refuse to operate correctly on jailbroken devices.

    0 讨论(0)
 看不清?
提交回复
热议问题