5

Currently, I'm trying to create a reusable objC security library for developers in my company to use. In this library I would like to have a API that detects if their iOS device is jailbroken. I noticed a clever response by GregH which is similar to what iBooks is doing; you run an unsigned version of an executable (iOS does upon startup of the app via the execve sys call), if it returns you know the device is jailbroken.

Question: Is it possible to package a executable in iOS library and invoke it thru some function? If so, what might be the best way to go about it?

Thanks for your help, kc

Community
  • 1
  • 1
kc.
  • 51
  • 1
  • 3

2 Answers2

2

Last I checked, sandboxed apps can't even fork(). I'm not sure if they can call execve(). If they can't do either, then simply calling execve() ought to work.

I'm not sure how much jailbreaking interferes with this. It's possible to have a jailbreak that lets you run un-signed apps from un-signed apps but behaves normally if the caller is signed.

It's obviosuly possible to "package" an executable in a library: Just have static unsigned char const data [] = { ... };, write it to a file, chmod(), and try to exec it.

At the end of the day, though, this may be a disservice to your users. A Jailbroken phone doesn't mean your app has been pirated. Unless you know someone with a jailbroken phone who's willing to do some testing (and testing with different jailbreaks), you might be setting yourself up for "It just crashes!" reviews.

(And if it does crash, then someone will come along and crack your app. It's better to be discreet and monitor the "problem" before deciding whether it needs fixing.)

Jailbreaks happen more often than you think. I've added checks for MobileSubstrate to our automated crash-report-symbolicating script because we've seen it in a significant proportion of crashes. OTOH, the proportion of crashes where the app is installed into /Applications (which used to be traditional for cracked apps; perhaps it isn't anymore) is negligible.

tc.
  • 33,468
  • 5
  • 78
  • 96
  • As far as `execve()` goes, having a call to the function, whether it's functioning or not, will probably trip Apple's "unsupported/undocumented API" detector and get your app rejected. –  Oct 05 '11 at 00:52
  • @duskwuff: If it's in a header, then it's "documented" enough for it not to trip the detector. As far as I know, the headers are exactly what their automated system uses to decide whether something is "public" or not. – tc. Oct 06 '11 at 17:30
0

I have attempted to package an executable in an IOS app by adding the executable file from a project whose main() function simply returns an integer to my project. This file is copied onto the phone when deploying, but is copied without execute permissions. Attempting to chmod the file to give it execute results in an "Operation not permitted" error, despite the file owner being the same as the current user (mobile).

richie
  • 71
  • 1
  • 4