Databases
StackOverflow2013
Postsdbo
PORunning unsigned code in an iOS app to test jailbreak
 

Note that there are some explanatory texts on larger screens.

plurals
  1. PORunning unsigned code in an iOS app to test jailbreak
    primarykey
    data
    text
    <p>I need a stable way to attempt to run an unsigned executable on an iOS device in order to test if the device has been jailbroken (i.e. allows the running of unsigned code).</p> <p>I have written a small executable which essentially does nothing.</p> <pre><code>int main(int argc, char *argv[]) { return 23; } </code></pre> <p>Which I have compiled and run successfully on an iOS device (both Jailbroken and not).</p> <p>I have then added this executable to an App bundle and deployed the app to an iOS device.</p> <p>This results in a read only version of the executable on the device. I attempted to chmod this file to give it execute permissions, but this failed, so I copied it into the tmp directory for the app, where I was able to chmod with executable permissions.</p> <p>Other questions have suggested using execve to call the executable, but this will replace the running process with the new one, which will kill the app. Fork() always fails, so that is not an option. System() requires a shell, and it would be possible to have a jailbreak without a shell which still allows unsigned code to run, so that's out. Popen() forks, so that won't work.</p> <p>Interestingly, from what I have discovered, calling execv on my executable in a normal device causes an "Operation not permitted" error, whereas calling it on a jailbroken device causes a "Permission denied" error. This alone would work for jailbreak detection, except for the case that if a jailbreak ever occurs in which the execv is allowed to proceed, the App will then crash immediately as it's process will be replaced.</p> <p>According to <a href="http://pwnmyi.com/apple-blocks-drmd-ibooks-on-jailbroken-devices/" rel="noreferrer">this</a>, iBooks performs jailbreak detection doing this, but it appears to use the fairplayd binary to perform it's execve calls.</p> <p>Does anyone have any suggestions for either running an executable or using fairplayd?</p>
    singulars
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PTQuestion
    1. This table or related slice is empty.
    1. USrichie
    plurals
    1. PL
      singulars
      1. LTLinked
    2. PL
      singulars
      1. LTLinked
    1. This table or related slice is empty.
    1. This table or related slice is empty.
    1. PO
      singulars
      1. PTAnswer
    1. VO
      singulars
      1. PORunning unsigned code in an iOS app to test jailbreak
      1. This table or related slice is empty.
      1. VTUpMod
    2. VO
      singulars
      1. PORunning unsigned code in an iOS app to test jailbreak
      1. USCarl Veazey
      1. VTFavorite
    3. VO
      singulars
      1. PORunning unsigned code in an iOS app to test jailbreak
      1. This table or related slice is empty.
      1. VTUpMod
    1. This table or related slice is empty.
 

Querying!

 
Guidance
A row detail

Detail views are divided into sections. All the information in the data section comes from columns in the selected row. The other sections display data from other, related rows.

Related data can be related in a to-one or a to-many fashion. Captions of data related in a to-many fashion link to a list view showing a filtered view of the table.

Try moving around until you find a non-empty to-many entry and click on the label to get to one. You can move back to the root by clicking on the database name in the header.

SQuiL has stopped working due to an internal error.

If you are curious you may find further information in the browser console, which is accessible through the devtools (F12).

Reload