Identify root and jailbreak detection in mobile applications
Project description
#+TITLE: jailrootDetector
Attempted automation to detect root and jailbreak detection in mobile applications.
* Example Usage
Detect common detection strings like "jailbroken" and "rooted" as well as a few others. The script leverages [[https://www.radare.org/r/][radare2]] and [[https://sourceware.org/binutils/docs/binutils/strings.html][GNU strings]] to attempt to quickly identify if that application is going to give you a hard time.
** Demo
#+begin_src shell :results output :dir ./jailrootdetector/ :exports both
jrd --help
#+end_src
The script *does not* extract the IPA or APK, It assums you know how to do that ;) .
#+RESULTS:
: usage: jrd [-h] (--dex DEX | --ios IOS)
:
: [+] root & jailbreak detection
:
: optional arguments:
: -h, --help show this help message and exit
: --dex DEX path to android dex file
: --ios IOS path to extracted payload binary
Once you have an extracted app, then run the script with the relevant option, for example;
#+begin_src shell :results output :dir ./jailrootdetector/ :exports both
jrd --ios ./Documents/IPAs/Discord/Payload/Discord.app/Discord
#+end_src
Then the script will atempt to find hard-coded well known detection strings, frist with [[https://www.radare.org/r/][radare2]] and then falls back to [[https://sourceware.org/binutils/docs/binutils/strings.html][GNU strings]].
#+RESULTS:
#+begin_example
[+] "jailbroken" detected in ./Documents/IPAs/Discord/Payload/Discord.app/Discord
0x100d1be97 11 10 jailbroken
0x100d1c0dc 13 12 isJailbroken
0x100d1c0e9 22 21 TB,R,N,V_isJailbroken
0x100ddcc6b 20 19 computeIsJailbroken
0x100ddcd0a 13 12 isJailbroken
0x100ddcd57 14 13 _isJailbroken
[+] "/Applications/Cydia.app" detected in ./Documents/IPAs/Discord/Payload/Discord.app/Discord
/Applications/Cydia.app
[+] "/bin/bash" detected in ./Documents/IPAs/Discord/Payload/Discord.app/Discord
/bin/bash
[+] "/bin/sh" detected in ./Documents/IPAs/Discord/Payload/Discord.app/Discord
/bin/sh
#+end_example
* Installation
You can install with =pip3=.
#+begin_src shell :results output
pip3 install jailrootdetector
#+end_src
Or you can install with [[https://python-poetry.org/][poetry]]
#+begin_src shell :results output
git clone https://gitlab.com/JxTx/jailrootdetector && \
cd jailrootdetector && \
poetry install && \
poetry shell
jrd --help
#+end_src
if all else fails, here is a checklist of dependencies.
- [[https://www.radare.org/r/][radare2]]
- Use the [[https://www.radare.org/r/down.html][installation documentation]] for this.
- [[https://www.radare.org/n/r2pipe.html][r2pipe]]
- This can be installed with =pip3 install r2pipe=
- [[https://pypi.org/project/sh/][sh]]
- This can be installed with =pip3 install sh=
- [[https://sourceware.org/binutils/docs/binutils/strings.html][GNU Strings]]
- This should already be installed on your system, if not you should be able to install it with your package manager.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
jailrootDetector-0.1.1.tar.gz
(3.6 kB
view hashes)
Built Distribution
Close
Hashes for jailrootDetector-0.1.1-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | a75a243db89365c81cb195794b7391eb0cca57e416db68bf5195b742198093db |
|
MD5 | 6e0ad7777dcf2e47bcd1c231619f7499 |
|
BLAKE2b-256 | 29f1614564b7abc5d153fc33f44ab6e2a490f953b0faacc1808052d052feea6a |