 |
| AppMinder`s Jailbreak detection |
AppMinder provides three levels of jailbreak detection and anti-debugging measures. The different levels are related to self-integrity checking and code obfuscation rates. When you generate a new protection, it will give you some plug’n'pray code to plug in into your existent code base. It is very easy to integrate. There is some polymorphism on each generation – code is different but the high-level operations will be the same. For this analysis the variant C was being used – self-integrity checking level and code obfuscation rate both high.
The core of jailbreak detection is located in a big inline assembler function with random name on each generation, and in a single line to make it a bit more annoying to read. In OS X you can easily convert it to line by line with sed “s/;/\\`echo -e ‘\n\r’`/g”. IDA has some trouble disassembling it but you can help it by manually defining code. It was late and I did not bothered to verify these IDA troubles.
AppMinder`s Jailbreak detection | Reverse Engineering Mac OS X
No comments:
Post a Comment