9

My friend got a jailbroken iPad. When he installed Business Model Generation App from Installous and tried to use it, the application showed a UIAlertView with the following message: Hacked Version

Does anybody know how to do that?

I have 2 ideas:

  1. If there is some set flag when you download app from the App Store, then you can use this flag: if flag = NO, you show the UIAlertView.
  2. Something with a server (but in this case, you should know all device IDs and who installed your application from the App Store).

Am I right? How can I implement this feature?

AstroCB
  • 12,337
  • 20
  • 57
  • 73
Eugene Trapeznikov
  • 3,220
  • 6
  • 47
  • 74

5 Answers5

12

You can detect two files: SC_Info and iTunesMetadata.​plist.

If you can't find them, then your app was pirated: these files are installed after downloading from the App Store.

This is the code to check:

NSString * bundlePath = [ [NSBundle mainBundle] bundlePath ];
if ( ! [ [NSFileManager defaultManager] fileExistsAtPath: ( @"%@/SC_Info", bundlePath ) ] )
{
    // jailbroken
}
if ( ! [ [NSFileManager defaultManager] fileExistsAtPath: ( @"%@/iTunesMetadata.​plist", bundlePath ) ] )
{
    // jailbroken
}
AstroCB
  • 12,337
  • 20
  • 57
  • 73
Eugene Trapeznikov
  • 3,220
  • 6
  • 47
  • 74
  • Strange thing, @Eugene, I can't find SC_Info and iTunesMetadata.plist in my own ipa. – Tertium Oct 25 '12 at 21:54
  • 2
    @Tertium, this files wil be added in AppStore. So you should download your app from AppStore and then you will find them – Eugene Trapeznikov Oct 26 '12 at 04:09
  • 1
    How can you test it before submitting? for example I think you have an error on the code itself, Should be: [NSFileManager defaultManager] fileExistsAtPath: ( [NSString stringWithFormat:@"%@/SC_Info", bundlePath ] – Idan May 07 '13 at 20:41
  • I too wonder how you test for `SC_Info` on local devices before submitting to App Store if no such file is created by Xcode build? – Basil Bourque Sep 04 '14 at 23:56
2

There are some libraries around which can detect if an app is cracked (and jailbroken as well), this question gives a good overview but basically its done by checking the signer identity

one library is AntiCrack. I havent used this library so I dont know how well it works

Community
  • 1
  • 1
wattson12
  • 11,176
  • 2
  • 32
  • 34
2

I'm using this code on swift:

if Bundle.main.infoDictionary?["SignerIdentity"] != nil
     || !FileManager.default.fileExists(atPath: ("\(Bundle.main.bundlePath)/SC_Info"))
     || !FileManager.default.fileExists(atPath: ("\(Bundle.main.bundlePath)/iTunesMetadata.​plist")){
        // Jailbroken
}
Ricardo
  • 2,086
  • 25
  • 35
1

This is an old question, but being a jailbreak developer myself, I think it can help folks who stumble upon it while searching for jailbreak detection bypass or such things, which are more and more relevant these days. The problem OP has is now very often present, more than it used to be.

These kinds of applications, even nowadays in 2020 detect various jailbreak utilities. I am a jailbreak developer myself. When we build a jailbreak for whatever iOS version, we add quite some base binaries to aid further.

Nowadays we place them in various hidden folders like /jb/bin or /jailbreak/binbag/ or /jb/jbstuff/ etc, while in the past they used to be placed literally on the default iOS directories such as /bin /sbin etc.

Applications that have jailbreak detection do a [NSFileManager defaultManager] fileExistsAtPath:... to check for the presence of Cydia, these base binaries (most of the times they check for /bin/bash, but nowadays for even more), and today, they even check if the ROOT FS has been remounted as R/W (it's normally RO, with only /var being writeable).

Tweaks downloaded from Cydia usually don't check for jailbreak detection (well, most of the times - there is drama between various jailbreak devs so there are artificial limitations even today), but they check the repo you downloaded from.

Most of the time it's as simple as what AppSync Unified tweak ended up doing.

There's a variable or a #define somewhere in the code of the tweak with the proper Cydia repo URL or identifier, and the tweak checks the Cydia lists to see if the tweak has been downloaded from there. If it hasn't, it would present an alert.

Some tweaks implement strange DRMs with license being downloaded from server-side every time you reboot the phone (this is odd and very little used int he jailbreak community).

Here's an example of what the AppSync Unified Tweak does:

#define DPKG_PATH "/var/lib/dpkg/info/net.angelxwind.appsyncunified.list"

....

if (access(DPKG_PATH, F_OK) == -1) {
        NSLog(@"You seem to have installed AppSync Unified from a Cydia/APT repository that is not cydia.akemi.ai (package ID net.angelxwind.appsyncunified).");
        NSLog(@"If someone other than Linus Yang (laokongzi) or Karen/あけみ is taking credit for the development of this tweak, they are likely lying.");
        NSLog(@"Please only download AppSync Unified from the official repository to ensure file integrity and reliability.");

}

....

So in the case of this jailbreak tweak, it just checks the repo it's been downloaded from. A simple patch in here would be to just load the AppSyncUnified.dylib into an arm64/arm disassembler like Hopper or IDA or even Radare2 and patch the branch. Make it a B instead of a conditional branch, so that the result of the comparison is never accounted for. As simple as that. If you wanna analyze the full source-code of AppSync Unified, there's the GitHub repo.

Of course, as I said, many tweaks use more sophisticated schemes like server-side DRM, but none of them are failproof.

*Please do understand that I do not condone tweak piracy. This reply is made to aid newcomers to this page and it aims to provide some insight into the current status of jailbreak detection and jailbreak tweaks DRM. Please buy the paid tweaks from the appropriate repos, they only cost a dollar or so.

iBreakiOS
  • 31
  • 7
-3

It's rather simple, but you could check if the cydia app is installed (By checking if it's folder exists). If it's installed, then you do not trust the device. This leaves the risk of uncorrectly letting out jailbroken iPhones/iPads that downloaded your app from app store.

Jorge Aguirre
  • 2,787
  • 3
  • 20
  • 27
  • 1
    but some peoples can buy application when they have jailbroke.. that's why this is not an option – Eugene Trapeznikov Jul 23 '12 at 09:55
  • 1
    This wouldn't work either because App Store apps are sandboxed, so checking for directories outside of that sandbox is not an option – WrightsCS Jul 24 '12 at 04:46
  • 1
    @WrightsCS thats the whole point. when jailbroken the sandbox restrictions are removed, so checking for cydia is one part of a valid jailbreak test. it just doesnt indicate wether an app is cracked or not – wattson12 Jul 24 '12 at 06:41
  • 2
    Actually @wattson12 you are wrong. The only way an App Store on jailbroken device can access files outside of it's sandbox is if "sandcastle" is installed. Other than that, even on a jailbroken device App Store apps are still in a sandbox. Cydia apps are installed in ~/Applications (where there is no sandbox) and only those apps can access files system-wide. Your perceptions of how jail breaking works seems to be skewed. Jailbreaking in itself **does not** remove the sandbox restrictions. Why do you think Cydia apps are installed in a different location — **because of sandboxing restrictions** – WrightsCS Jul 24 '12 at 06:56
  • @WrightsCS I admit I dont know what a standard jailbreak install is like but every jailbreak test i've seen includes a check to see if the app can access certain directories, and for the presence of apps like cydia. is this pointless? – wattson12 Jul 24 '12 at 09:18
  • Yes, it's pointless as I explained above. The standard Jailbreak does not remove sandbox restrictions. That "sandcastle" package allows App Store apps to access certain directories so it's not a full access to the file system from you App Store app anyway. – WrightsCS Jul 24 '12 at 17:02