It can be installed alongside other jailbreak hiding tools (although I would recommend only enabling one at a time). It bypasses several common detection techniques in applications we needed it for, such as Microsoft Intune and some others, where the available tools we tested did not work at the time. I started working on building out a tweak and integrating some of the bypasses from my Frida scripts…and this is how iHide was born!įor the initial release, iHide likely will not work on everything. If you haven’t heard of Theos yet, it is a cross-platform build environment that includes several templates that can be used for iOS tweak development. I figured this would be the perfect opportunity to learn some tweak development using Theos. Finally, the goal was to have something open source where new bypasses could be added as needed. I also wanted the tool to be usable without being tethered to a MacBook running a Frida script or debugger. With a jailbreak detection technique identified, the goal was to implement the bypass into a tool that could be easily installed/updated on a device and easily enabled/disabled when needed on a per-app basis. While this works, it isn’t as convenient or as portable as using an iOS tweak. Once we identify the technique, we would create a custom Frida script or use a debugger to hide a specific file or modify the jailbreak detection logic to always return successfully. Often it may be a known technique like checking for jailbreak related files, but the specific file identified by the jailbreak detection logic isn’t hidden by the existing tools. Sometimes it may be a technique that isn’t covered by the existing tools. In this situation, we would typically use some combination of call tracing via Frida, live debugging, and static analysis to determine the detection technique. Occasionally, we do run across an application using a jailbreak detection technique that existing tools do not successfully bypass. Liberty Lite is a popular option and one that we use often. Most of them work by hooking or ‘method swizzling’ to alter the logic or results from common jailbreak detections. There are several tools available to avoid jailbreak detection. Jailbreak Detection Code How to Combat Jailbreak Detection Alerts the user and limits access to features or refuses to run altogether.Alerts the user but still functions normally. Once an application with jailbreak detection determines that it is running on a jailbroken device, it usually takes one of the following actions: Preventing cheating in games, especially ones that are multiplayer or have in-game purchases.Securing sensitive data in Mobile Device Management (MDM) solutions.Protecting account information in banking apps.App developers may implement jailbreak detection for a variety of reasons, such as: Jailbreak detection is any mechanism that a developer implements to identify whether the application is running on a jailbroken device. For the most part, this works great! Occasionally, though, we run into applications that implement some form of jailbreak detection. For details about the creation of iHide, read on! Backgroundĭuring mobile engagements, we often test on rooted or jailbroken devices because this gives us the ability to do things like inspect Keychain, hook interesting code using Frida, or bypass certificate pinning with tools like SSL Kill Switch 2.
0 Comments
Leave a Reply. |