Last active
August 23, 2021 11:32
-
-
Save joncardasis/49641368ffa3872f088c6444d274b768 to your computer and use it in GitHub Desktop.
jb_protect for all device architectures
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // | |
| // jailbreak.h | |
| // jailbreak-protect | |
| // | |
| // Created by Jonathan Cardasis (C) on 10/11/19. | |
| // Copyright © 2019 Jonathan Cardasis (C). All rights reserved. | |
| // | |
| #ifndef jailbreak_h | |
| #define jailbreak_h | |
| //#define IS_APP_STORE_BUILD !TARGET_IPHONE_SIMULATOR && !DEBUG | |
| //#if IS_APP_STORE_BUILD | |
| /** | |
| Most anti-debug code relies on libraries which are easy enough to hook | |
| the symbols and bypass these checks. This is an ARM assembly solution | |
| which requires much more effort to bypass. | |
| */ | |
| __attribute__((constructor)) static void prevent_ptrace() { | |
| #ifdef __arm__ // 32 bit physical device | |
| asm volatile ( | |
| "mov r0 #31\n" | |
| "mov r1, #0\n" | |
| "mov r2, #0\n" | |
| "mov r12, #26\n" | |
| "svc #80\n" | |
| ); | |
| #elif __arm64__ // 64 bit physical device | |
| asm volatile ( | |
| "mov x0, #26\n" // ptrace syscall (26 in XNU) | |
| "mov x1, #31\n" // PT_DENY_ATTACH (0x1f) - first arg | |
| "mov x2, #0\n" | |
| "mov x3, #0\n" | |
| "mov x16, #0\n" | |
| "svc #128\n" // make syscall | |
| ); | |
| #else // x86_64 (simulator) | |
| asm volatile ( | |
| "pushq %rax\n" | |
| "pushq %rdi\n" | |
| "movq $0x1f, %rdi\n" | |
| "movq $0x200001A, %rax\n" | |
| "syscall\n" | |
| "popq %rdi\n" | |
| "popq %rax\n" | |
| ); | |
| #endif | |
| } | |
| //#endif | |
| #endif /* jailbreak_h */ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment