Identify root and jailbreak detection in mobile applications
Project description
#+TITLE: jailrootDetector
Attempted automation to detect root and jailbreak detection in mobile applications.
* Example Usage
Detect common detection strings like "jailbroken" and "rooted" as well as a few others. The script leverages [[https://www.radare.org/r/][radare2]] and [[https://sourceware.org/binutils/docs/binutils/strings.html][GNU strings]] to attempt to quickly identify if that application is going to give you a hard time.
** Demo
#+begin_src shell :results output :dir ./jailrootdetector/ :exports both
jrd --help
#+end_src
The script *does not* extract the IPA or APK, It assums you know how to do that ;) .
#+RESULTS:
: usage: jrd [-h] (--dex DEX | --ios IOS)
:
: [+] root & jailbreak detection
:
: optional arguments:
: -h, --help show this help message and exit
: --dex DEX path to android dex file
: --ios IOS path to extracted payload binary
Once you have an extracted app, then run the script with the relevant option, for example;
#+begin_src shell :results output :dir ./jailrootdetector/ :exports both
jrd --ios ./Documents/IPAs/Discord/Payload/Discord.app/Discord
#+end_src
Then the script will atempt to find hard-coded well known detection strings, frist with [[https://www.radare.org/r/][radare2]] and then falls back to [[https://sourceware.org/binutils/docs/binutils/strings.html][GNU strings]].
#+RESULTS:
#+begin_example
[+] searching
[+] detection strings found:
/Applications/Cydia.app
/bin/sh
/bin/bash
jailbroken
0x100d1be97 11 10 jailbroken
0x100d1c0dc 13 12 isJailbroken
0x100d1c0e9 22 21 TB,R,N,V_isJailbroken
0x100ddcc6b 20 19 computeIsJailbroken
0x100ddcd0a 13 12 isJailbroken
0x100ddcd57 14 13 _isJailbroken
#+end_example
* Installation
You can install with =pip3=.
#+begin_src shell :results output
pip3 install jailrootdetector
#+end_src
Or you can install with [[https://python-poetry.org/][poetry]]
#+begin_src shell :results output
git clone https://gitlab.com/JxTx/jailrootdetector && \
cd jailrootdetector && \
poetry install && \
poetry shell
jrd --help
#+end_src
if all else fails, here is a checklist of dependencies.
- [[https://www.radare.org/r/][radare2]]
- Use the [[https://www.radare.org/r/down.html][installation documentation]] for this.
- [[https://www.radare.org/n/r2pipe.html][r2pipe]]
- This can be installed with =pip3 install r2pipe=
- [[https://pypi.org/project/sh/][sh]]
- This can be installed with =pip3 install sh=
- [[https://sourceware.org/binutils/docs/binutils/strings.html][GNU Strings]]
- This should already be installed on your system, if not you should be able to install it with your package manager.
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
jailrootDetector-0.1.2.tar.gz
(3.6 kB
view hashes)
Built Distribution
Close
Hashes for jailrootDetector-0.1.2-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | b217b5f42c70c30f249254eb5b18a3533accd598a2565eaea3ee4ed146acbd07 |
|
| MD5 | 68f46dc6a79cd6e6c0568b7060b37727 |
|
| BLAKE2b-256 | cdd336832ba39bff3d72458aa11797ea59ea8d1ce1284500a43cc31286d1db38 |
