13

I am working on a project (mobile app) where I need to monitor adversary actions. So, my question is how can I make iOS app tamper-evident?

e.g.

  • Whenever any adversary try to tamper code then system should alert admin for these actions
  • and block that adversary
  • If user tries to install app on rooted device then system can detect that.
  • System should able to monitor adversary actions.

I found solution for android like ProGuard, SafetyNet but did not found anything for iOS.

Cœur
  • 37,241
  • 25
  • 195
  • 267
pradeep1991singh
  • 8,185
  • 4
  • 21
  • 31
  • 1
    Normally i would think along the lines of creating MD5 checksums over the files. Which you then check periodically, to see if they have changed. Since IOS all apps are sandboxed, I doubt you can access any files (outside your app). – Roger Dec 01 '16 at 07:51
  • 1
    http://stackoverflow.com/questions/413242/how-do-i-detect-that-an-ios-app-is-running-on-a-jailbroken-phone – Pekka Dec 01 '16 at 07:53
  • *Pekka 웃* gives you a link to a popular similar question on Dec 1 '16. Next day, on Dec 2 '16, *itechnician* copy-pastes a one-year-old answer from that similar question WITHOUT CREDITING THE AUTHOR, and yet you grant it a +100 bounty? – Cœur Nov 03 '17 at 05:08

3 Answers3

9

I've used this JailBreak detection in one of my project.

With this, you can prevent the possibility.

    if ([DTTJailbreakDetection isJailbroken]) {

// your custom activity and business logic here
    }

Also, In precise you can use the below snippet:

BOOL isJailbroken()
{
#if !(TARGET_IPHONE_SIMULATOR)

   if ([[NSFileManager defaultManager] fileExistsAtPath:@"/Applications/Cydia.app"] ||
       [[NSFileManager defaultManager] fileExistsAtPath:@"/Library/MobileSubstrate/MobileSubstrate.dylib"] ||
       [[NSFileManager defaultManager] fileExistsAtPath:@"/bin/bash"] ||
       [[NSFileManager defaultManager] fileExistsAtPath:@"/usr/sbin/sshd"] ||
       [[NSFileManager defaultManager] fileExistsAtPath:@"/etc/apt"] ||
       [[NSFileManager defaultManager] fileExistsAtPath:@"/private/var/lib/apt/"] ||
       [[UIApplication sharedApplication] canOpenURL:[NSURL URLWithString:@"cydia://package/com.example.package"]])  {
         return YES;
   }

   FILE *f = NULL ;
   if ((f = fopen("/bin/bash", "r")) ||
      (f = fopen("/Applications/Cydia.app", "r")) ||
      (f = fopen("/Library/MobileSubstrate/MobileSubstrate.dylib", "r")) ||
      (f = fopen("/usr/sbin/sshd", "r")) ||
      (f = fopen("/etc/apt", "r")))  {
         fclose(f);
         return YES;
   }
   fclose(f);

   NSError *error;
   NSString *stringToBeWritten = @"This is a test.";
   [stringToBeWritten writeToFile:@"/private/jailbreak.txt" atomically:YES encoding:NSUTF8StringEncoding error:&error];
   [[NSFileManager defaultManager] removeItemAtPath:@"/private/jailbreak.txt" error:nil];
   if(error == nil)
   {
      return YES;
   }

#endif

   return NO;
}

Also , Obfuscation in iOS - objective C you can use this open source-library and for Methods & Classes.

Cœur
  • 37,241
  • 25
  • 195
  • 267
itechnician
  • 1,645
  • 1
  • 14
  • 24
4

Apart from detecting jailbroken device, and obfuscating code (as @itechnician mentioned), you can:

Anyway, all of these can be easily bypassed when on jailbroken device (even the check if it's jailbroken). The best way is to use multiple techniques including obfuscation, to make tampering as hard as possible (so it's not worth it). But I'm not sure if you could make fully tamper-proof app.

You might find these links useful:

https://www.coredump.gr/articles/ios-anti-debugging-protections-part-1/ https://www.raywenderlich.com/45645/ios-app-security-analysis-part-1 http://resources.infosecinstitute.com/ios-application-security-part-31-problem-using-third-party-libraries-securing-apps/

This book is a bit old, but still useful: http://shop.oreilly.com/product/0636920023234.do

Here are opensource ObjC obfuscators/string encryptors:

Łukasz Przytuła
  • 565
  • 4
  • 10
3

I think you're looking something like ixguard

mkeremkeskin
  • 644
  • 10
  • 27