应用与苹果拒绝越狱检测 [英] App with jailbreak detection rejected by Apple

问题描述

我们都在被拒绝，因为在审查过程中的设备被检测为越狱^^工作的应用

the App we are working on was rejected because the Device in the Review Process was detected as jailbroken ^^

要检测越狱设备，进行了几项测试：

To detect a jailbroken Device, several Tests were performed:

NSString* bundlePath = [[NSBundle mainBundle] bundlePath];

// scan for itunes metadata
BOOL isDirectory = NO;
NSString* directoryPath = [bundlePath stringByAppendingPathComponent:@"SC_Info/"];
BOOL directoryIsAvailable = [[NSFileManager defaultManager] fileExistsAtPath:directoryPath isDirectory:&isDirectory];
BOOL contentSeemsValid = ([[[NSFileManager defaultManager] contentsOfDirectoryAtPath:directoryPath error:NULL] count] == 2);
if (directoryIsAvailable && contentSeemsValid) {
    return YES;
}
contentSeemsValid = [[NSFileManager defaultManager] fileExistsAtPath:[NSString stringWithFormat:@"%@/iTunesMetadata.​plist", bundlePath]];
if (contentSeemsValid) {
    return YES;
}

// scan for cydia app
NSURL* testURL = [NSURL URLWithString:@"cydia://"];
if ([[UIApplication sharedApplication] canOpenURL:testURL]) {
    return YES;
}

// scan for paths available
NSArray* paths = @[@"/Applications/Cydia.app", @"/Applications/RockApp.app", @"/Applications/Icy.app", @"/usr/sbin/sshd", @"/usr/bin/sshd", @"/private/var/lib/apt", @"/private/var/lib/cydia", @"/private/var/stash", @"/usr/libexec/sftp-server"];
for (NSString* string in paths) {
    if ([[NSFileManager defaultManager] fileExistsAtPath:string]) {
        return YES;
    }
}

// scan for forking
int forkValue = fork();
if (forkValue >= 0) {
    return YES;
}

// try to write in private space
NSString* testString = @"test";
NSError* error = nil;
[testString writeToFile:@"/private/test.txt" atomically:YES encoding:NSUTF8StringEncoding error:&error];
if (error == nil) {
    return YES;
}

// seems not jailbroken
return NO;

这些测试的一个（或多个）对苹果的设备用于审查返回YES，但没有我们的DevDevices的。哪一个会是什么？有谁知道有关苹果设备使用的审查更多的细节？任何提示或其他的猜测？ （从应用程序上下文是保健医院，所以我们需要确保患者数据进行保存）

One (or more) of these Tests return YES on the Devices Apple use for Review, but none of our DevDevices. Which one could it be? Does anybody know more Details about the Devices Apple use for the Review? Any Hints or other Guesses? (The Context from the App is HealthCare in Hospitals, so we need to be sure that the Patient Data were save)

最好的问候，结果
Zeek

Best Regards,
Zeek

推荐答案

的https：//www.theiphonewiki .COM /维基/ Bypassing_Jailbreak_Detection

虽然有无数种方式的应用程序可以实现对越狱的设备检查，它们通常归结为以下几点：搜索结果
  目录中的存在 - 检查路径文件系统如 /Applications/Cydia.app / 和 /私营/无功/藏匿，除其他外屈指可数。大多数情况下，这些都是使用检查 - （BOOL）fileExistsAtPath：（的NSString *）路径方法的NSFileManager ，但更狡猾的应用程序，如使用较低级别的C函数如 fopen（）函数， STAT（）或接入（）。
  搜索结果
  目录权限 - 检查的具体文件和目录使用的NSFileManager 方法以及C函数的UNIX文件权​​限，比如体statfs（ ）。远远目录比在一个仍然在监狱越狱设备上的写权限。
  搜索结果
  进程分叉 - sandboxd 不否认App Store的应用程序能够使用叉（） ，的popen（），或任何其他C函数来创建非越狱的设备子进程。 sandboxd 明确否认分叉过程在监狱里的设备。如果你检查叉返回的PID（），您的应用程序可以告诉它是否已成功分叉或没有，此时它可以确定设备的越狱状态。
  搜索结果
   SSH环回连接* - 由于已安装OpenSSH的，有些应用程序会尝试连接到127.0.0.1端口22.如果连接成功越狱设备的很大一部分，这意味着安装OpenSSH和在设备上运行，因此它是越狱。
  搜索结果
  系统（） - 调用系统（）在监狱里的设备将返回0 NULL参数功能;做同样的越狱设备上会返回1.这是因为该函数将检查 / bin / sh的是否存在，而这仅仅是在越狱设备的情况。[1 ]
  搜索结果
   dyld的功能 - 到目前为止最难得到解决。像调用功能_dyld_image_count（）和 _dyld_get_image_name（）来看看这是目前装载dylibs。非常难打补丁，补丁程序本身 dylibs 的一部分。
  搜索结果
  *仅一个应用极少数实现此（因为它不象其它几乎一样有效）

While there are countless ways apps can implement checks for jailbroken devices, they typically boil down to the following:

Existence of directories - Check your file system for paths like /Applications/Cydia.app/ and /private/var/stash, amongst a handful of others. Most often, these are checked using the -(BOOL)fileExistsAtPath:(NSString*)path method in NSFileManager, but more sneaky apps like to use lower-level C functions like fopen(), stat(), or access().

Directory permissions - Check the Unix file permissions of specific files and directories using NSFileManager methods as well as C functions like statfs(). Far more directories have write access on a jailbroken device than on one still in jail.

Process forking - sandboxd does not deny App Store applications the ability to use fork(), popen(), or any other C functions to create child processes on non-jailbroken devices. sandboxd explicitly denies process forking on devices in jail. if you check the returned pid on fork(), your app can tell if it has successfully forked or not, at which point it can determine a device's jailbreak status.

SSH loopback connections* - Due to the large portion of jailbroken devices that have OpenSSH installed, some apps will attempt to connect to 127.0.0.1 on port 22. If the connection succeeds, it means OpenSSH is installed and running on the device, therefore it is jailbroken.

system() - Calling the system() function with a NULL argument on a device in jail will return 0; doing the same on a jailbroken device will return 1. This is since the function will check whether /bin/sh exists, and this is only the case on jailbroken devices.[1]

dyld functions - By far the hardest to get around. Calling functions like _dyld_image_count() and _dyld_get_image_name() to see which dylibs are currently loaded. Very difficult to patch, as patches are themselves part of dylibs.

*Only a very small number of applications implement this (as it is not nearly as effective as the others)

这些方法看起来他们将不太可能被苹果拒绝，而且使用起来非常简单。

These methods seem like they would be less likely to be rejected by apple and are very simple to use.

上面这段已被编辑为简洁起见

The above passage has been edited for brevity

这篇关于应用与苹果拒绝越狱检测的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！