Why Blocking An App Execution On Jailbroken iPhone And Rooted Android Device Is Pointless

Jailbreak | rooted phone detection programmatically is popular. They think that it is a strong anti reverse-engineering method. Yes it is if the hacker cannot bypass the checking in any way. There's no 100% guaranteed way to block an app's execution on a jailbroken or rooted device. Remember the device is already been jailbroken or rooted, meaning the hacker can execute arbitrary code and they would modify whatever method you have to detect if the phone is rooted or jailbroken.


Popular Detection Method

Here's a list of well known method to detect tampered device programmatically:

iPhone

  1. File system based detection.
  2. System API based detection.
  3. Cydia scheme detection.

Android


Popular Way To Bypass Jailbreak | Rooted Phone Detection

Hackers can counter-attack and here's some popular ways they can bypass your checking:
  1. Using Frida.
  2. Using Cycript, Liberty-Lite, A-Bypass, KernByPass.

Summary

We can put detection to add extra security but in the end hackers can found a way to bypass it anyway. In my opinion, this detection don't contribute too much to the security side because they can targeted and disabled.

Let's give some example, ex. the app is using system-based api detection:
let pid = fork() // not allowed in non-jailbreak deviceif(!pid) { return true }else if(pid >= 0) { return false }


If the hackers found out that method they can simply made the fork() method to return a process id >= 0 to bypass the detection.

Here's another example, the android app is using Root Beer library. The hacker can insert JavaScript code then using Frida to bypass the detection. Here's the Frida Root Detection bypass script -> https://gist.github.com/pich4ya/0b2a8592d3c8d5df9c34b8d185d2ea35

Comments

Post a Comment

Popular posts from this blog

CTF Practice - Reverse Engineering Android Apps 101

Image
Introduction On this blog we will crack some real world unsecured Android applications. For educational purpose only! Disclaimer:  This guide is provided "as is" with no warranties with regard to the accuracy and completeness of the information provided herein. I am not responsible for any bad outcomes you or anyone may have because you followed this guide. I expect you to have knowledge of some programming language (Java, Kotlin, C/C++, C#), an inquisitive mind to try things out, and the patience to first google and try to find answers to simple questions. Environment : OpenJDK 8 Android Studio SDK Visual Studio Code IDE with APKLab Reverse Engineering Android Apps - DEX Bytecode The goal of this exercise is to crack a real world Android apps to bypass the verification code to become a premium user. Step 0x1 Download the Apk . Step 0x2 Decompile the APK with Visual Studio Code. Step 0x3 Examine the manifest. We see that it only have one activity. Step 0x4 Look for if-else co...
Read more

Real-world Applications of Computer Programming

Image
Computer programming is the process of creating instructions for a computer to follow. It is a skill that is in high demand, and it can be used to create a wide variety of applications, from simple websites to complex artificial intelligence systems. Here are some specific examples of the real-world applications of computer programming: Healthcare: Computer programming is used to develop medical devices, electronic health records systems, and other healthcare-related software. For example, programmers have developed pacemakers that can regulate a person's heartbeat, insulin pumps that can automatically deliver insulin to diabetics, and imaging systems that can help doctors diagnose diseases. Finance: Computer programming is used to develop trading software, risk management systems, and other financial software. For example, programmers develop software that can help banks and other financial institutions assess risk and make investment decisions. Manufacturing: Computer programming...
Read more

Strengths and Weaknesses of iOS & Android

In the ever-evolving landscape of mobile technology, two giants stand at the forefront: iOS and Android. Each operating system boasts its own set of strengths and weaknesses, catering to different preferences and priorities of users worldwide. Let’s delve into the intricacies of both platforms to understand their distinct qualities. iOS: Unmatched Integration and Security iOS, the proprietary operating system developed by Apple, is renowned for its seamless integration of hardware and software. This cohesion ensures a consistently smooth user experience across various Apple devices such as the iPhone, iPad, and iPod Touch. The meticulous optimization of iOS for Apple’s hardware enhances performance and reliability, setting a high standard for user satisfaction. One of iOS’s standout features is the unparalleled quality of its applications. The rigorous review process enforced by Apple before apps are accepted into the App Store ensures a level of quality and security that users can tru...
Read more