We have now developed a corporate-level cellular app in React Native for each Android and iOS. Throughout a VAPT (Vulnerability Evaluation and Penetration Testing), our shopper found that they might bypass our iOS jailbreak detection utilizing the Hestia tweak app.
With out the Hestia tweak, our app efficiently detects when a tool is jailbroken and prevents utilization. Nonetheless, when Hestia is utilized, it bypasses our jailbreak standing examine, permitting the app to perform on a jailbroken gadget undetected.
Has anybody encountered this problem with Hestia or different related jailbreak bypass instruments? What are some greatest practices or superior strategies we are able to implement to strengthen our jailbreak detection in React Native, particularly towards bypass apps like Hestia?
These are the strategies I’ve used to this point:
personal func checkCydia() -> Bool {
return UIApplication.shared.canOpenURL(URL(string: "cydia://package deal/com.instance.package deal")!)
}
personal func isFridaDetected() -> Bool {
let fridaLibs = ["frida-gadget", "libfrida.dylib"]
for lib in fridaLibs {
if dlopen(lib, RTLD_NOW | RTLD_NOLOAD) != nil {
// Frida library detected
return true
}
}
// Examine all loaded libraries
let rely = _dyld_image_count()
for i in 0.. Bool {
let paths = [
"/Applications/Cydia.app",
"/Library/MobileSubstrate/MobileSubstrate.dylib",
"/bin/bash",
"/usr/sbin/sshd",
"/etc/apt",
"/usr/bin/ssh",
"/private/var/lib/apt/",
"/private/var/stash"
]
for path in paths {
if FileManager.default.fileExists(atPath: path) {
return true
}
}
return false
}
personal func canOpenSuspiciousApps() -> Bool {
let paths = [
"/Applications/Cydia.app",
"/Applications/blackra1n.app",
"/Applications/FakeCarrier.app",
"/Applications/Icy.app",
"/Applications/IntelliScreen.app",
"/Applications/MxTube.app",
"/Applications/RockApp.app",
"/Applications/SBSettings.app",
"/Applications/WinterBoard.app",
"/Applications/LibertyLite.app", // Liberty Lite
"/Applications/PicaHide.app", // PicaHide
"/Applications/KernBypass.app", // KernBypass
"/Applications/JailProtect.app", // Jailprotect
"/Applications/Shadow.app", // Shadow
"/Applications/TweaksManager.app", // Tweaks Manager
"/Applications/TsProtector.app", // TsProtector
"/Applications/FlyJB.app", // FlyJB X
"/Applications/VnodeBypass.app", // VnodeBypass
"/Applications/AJB.app", // AJB
"/Applications/xCon.app", // xCon
"/Applications/DeBypass.app", // De-Bypass
"/Applications/Hestia.app" // Hestia
]
for path in paths {
if FileManager.default.fileExists(atPath: path) {
return true
}
}
return false
}
personal func checkEnvironment() -> Bool {
return getenv("DYLD_INSERT_LIBRARIES") != nil
}
// New perform to examine paths utilizing stat64/stat
personal func checkStatPaths() -> Bool {
let suspiciousPaths = [
"/Applications/blackra1n.app",
"/Applications/Cydia.app",
"/Applications/FakeCarrier.app",
"/Applications/Icy.app",
"/Applications/IntelliScreen.app",
"/Applications/MxTube.app",
"/Applications/RockApp.app",
"/Applications/SBSettings.app",
"/Applications/WinterBoard.app",
"/bin/bash",
"/bin/sh",
"/bin/su",
"/etc/apt",
"/etc/ssh/sshd_config",
"/Library/MobileSubstrate/DynamicLibraries/LiveClock.plist",
"/Library/MobileSubstrate/DynamicLibraries/Veency.plist",
"/Library/MobileSubstrate/MobileSubstrate.dylib",
"/pguntether",
"/private/var/lib/cydia",
"/private/var/mobile/Library/SBSettings/Themes",
"/private/var/stash",
"/private/var/tmp/cydia.log",
"/System/Library/LaunchDaemons/com.ikey.bbot.plist",
"/System/Library/LaunchDaemons/com.saurik.Cydia.Startup.plist",
"/usr/bin/cycript",
"/usr/bin/ssh",
"/usr/bin/sshd",
"/usr/libexec/sftp-server",
"/usr/libexec/ssh-keysign",
"/usr/sbin/frida-server",
"/usr/sbin/sshd",
"/var/cache/apt",
"/var/lib/cydia",
"/var/log/syslog",
"/var/mobile/Media/.evasi0n7_installed",
"/var/tmp/cydia.log"
]
for path in suspiciousPaths {
if checkStat(path) {
return true
}
}
return false
}