我们在 React Native 中为 Android 和 iOS 开发了企业级移动应用程序。在 VAPT(漏洞评估和渗透测试)期间,我们的客户发现他们可以使用 Hestia 调整应用程序绕过我们的 iOS 越狱检测。
如果没有 Hestia 调整,我们的应用程序可以成功检测设备何时越狱并阻止使用。然而,当应用 Hestia 时,它会绕过我们的越狱状态检查,从而允许该应用程序在未检测到的越狱设备上运行。
有人在使用 Hestia 或其他类似的越狱绕过工具时遇到过这个问题吗?我们可以实施哪些最佳实践或高级方法来加强 React Native 中的越狱检测,特别是针对 Hestia 等绕过应用程序?
这些是我迄今为止使用过的方法:
private func checkCydia() -> Bool {
return UIApplication.shared.canOpenURL(URL(string: "cydia://package/com.example.package")!)
}
private func isFridaDetected() -> Bool {
let fridaLibs = ["frida-gadget", "libfrida.dylib"]
for lib in fridaLibs {
if dlopen(lib, RTLD_NOW | RTLD_NOLOAD) != nil {
// Frida library detected
return true
}
}
// Check all loaded libraries
let count = _dyld_image_count()
for i in 0..<count {
if let dyld = _dyld_get_image_name(i) {
let dyldStr = String(cString: dyld)
if dyldStr.contains("frida") || dyldStr.contains("libfrida") {
// Frida-related library detected
return true
}
}
}
// Frida not detected
return false
}
private func checkSuspiciousPaths() -> Bool {
let paths = [
"/Applications/Cydia.app",
"/Library/MobileSubstrate/MobileSubstrate.dylib",
"/bin/bash",
"/usr/sbin/sshd",
"/etc/apt",
"/usr/bin/ssh",
"/private/var/lib/apt/",
"/private/var/stash"
]
for path in paths {
if FileManager.default.fileExists(atPath: path) {
return true
}
}
return false
}
private func canOpenSuspiciousApps() -> Bool {
let paths = [
"/Applications/Cydia.app",
"/Applications/blackra1n.app",
"/Applications/FakeCarrier.app",
"/Applications/Icy.app",
"/Applications/IntelliScreen.app",
"/Applications/MxTube.app",
"/Applications/RockApp.app",
"/Applications/SBSettings.app",
"/Applications/WinterBoard.app",
"/Applications/LibertyLite.app", // Liberty Lite
"/Applications/PicaHide.app", // PicaHide
"/Applications/KernBypass.app", // KernBypass
"/Applications/JailProtect.app", // Jailprotect
"/Applications/Shadow.app", // Shadow
"/Applications/TweaksManager.app", // Tweaks Manager
"/Applications/TsProtector.app", // TsProtector
"/Applications/FlyJB.app", // FlyJB X
"/Applications/VnodeBypass.app", // VnodeBypass
"/Applications/AJB.app", // AJB
"/Applications/xCon.app", // xCon
"/Applications/DeBypass.app", // De-Bypass
"/Applications/Hestia.app" // Hestia
]
for path in paths {
if FileManager.default.fileExists(atPath: path) {
return true
}
}
return false
}
private func checkEnvironment() -> Bool {
return getenv("DYLD_INSERT_LIBRARIES") != nil
}
// New function to check paths using stat64/stat
private func checkStatPaths() -> Bool {
let suspiciousPaths = [
"/Applications/blackra1n.app",
"/Applications/Cydia.app",
"/Applications/FakeCarrier.app",
"/Applications/Icy.app",
"/Applications/IntelliScreen.app",
"/Applications/MxTube.app",
"/Applications/RockApp.app",
"/Applications/SBSettings.app",
"/Applications/WinterBoard.app",
"/bin/bash",
"/bin/sh",
"/bin/su",
"/etc/apt",
"/etc/ssh/sshd_config",
"/Library/MobileSubstrate/DynamicLibraries/LiveClock.plist",
"/Library/MobileSubstrate/DynamicLibraries/Veency.plist",
"/Library/MobileSubstrate/MobileSubstrate.dylib",
"/pguntether",
"/private/var/lib/cydia",
"/private/var/mobile/Library/SBSettings/Themes",
"/private/var/stash",
"/private/var/tmp/cydia.log",
"/System/Library/LaunchDaemons/com.ikey.bbot.plist",
"/System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist",
"/usr/bin/cycript",
"/usr/bin/ssh",
"/usr/bin/sshd",
"/usr/libexec/sftp-server",
"/usr/libexec/ssh-keysign",
"/usr/sbin/frida-server",
"/usr/sbin/sshd",
"/var/cache/apt",
"/var/lib/cydia",
"/var/log/syslog",
"/var/mobile/Media/.evasi0n7_installed",
"/var/tmp/cydia.log"
]
for path in suspiciousPaths {
if checkStat(path) {
return true
}
}
return false
}
也在下面添加(从您的
canOpenSuspiciousApps// Check for Cydia & other app presence
let appsToCheckJB = [
"cydia",
"dopamine",
"trollstore",
"trollinstallerx",
"sileo",
"Zebra",
"AptBackup"
]
for appPath in appsToCheckJB {
let urlString = "\(appPath)://"
if let url = URL(string: urlString), UIApplication.shared.canOpenURL(url) {
isJailbroken = true
break
}
}
确保将它们添加到 info.plist 下的
Queried URL Schemes