🌏 iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift! If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time. 🚀
What ISS detects:
There are 4 ways you can start using IOSSecuritySuite
Add IOSSecuritySuite/*.swift
files to your project
pod 'IOSSecuritySuite'
github "securing/IOSSecuritySuite"
.package(url: "https://github.com/securing/IOSSecuritySuite.git", from: "1.5.0")
After adding ISS to your project, you will also need to update your main Info.plist. There is a check in jailbreak detection module that uses canOpenURL(_:)
method and requires specyfing URLs that will be queried.
<key>LSApplicationQueriesSchemes</key>
<array>
<string>cydia</string>
<string>undecimus</string>
<string>sileo</string>
</array>
if IOSSecuritySuite.amIJailbroken() {
print("This device is jailbroken")
} else {
print("This device is not jailbroken")
}
let jailbreakStatus = IOSSecuritySuite.amIJailbrokenWithFailMessage()
if jailbreakStatus.jailbroken {
print("This device is jailbroken")
print("Because: \(jailbreakStatus.failMessage)")
} else {
print("This device is not jailbroken")
}
The failMessage is a String containing comma separated indicators as shown on the example below:
Cydia URL scheme detected, Suspicious file exists: /Library/MobileSubstrate/MobileSubstrate.dylib, Fork was able to create a new process
let jailbreakStatus = IOSSecuritySuite.amIJailbrokenWithFailedChecks()
if jailbreakStatus.jailbroken {
if (jailbreakStatus.failedChecks.contains { $0.check == .existenceOfSuspiciousFiles }) && (jailbreakStatus.failedChecks.contains { $0.check == .suspiciousFilesCanBeOpened }) {
print("This is real jailbroken device")
}
}
let amIDebugged = IOSSecuritySuite.amIDebugged() ? true : false
IOSSecuritySuite.denyDebugger()
let runInEmulator = IOSSecuritySuite.amIRunInEmulator() ? true : false
let amIReverseEngineered = IOSSecuritySuite.amIReverseEngineered() ? true : false
Before using this and other platform security checkers you have to understand that:
Yes, please! If you have a better idea or you just want to improve this project, please text me on Twitter or Linkedin. Pull requests are more than welcome!
canOpenURL(_:)
methodamIJailbrokenWithFailedChecks()
methodFile integrity checks
Deny debugger
See the LICENSE file.
While creating this tool I used:
link |
Stars: 0 |
Last commit: 4 years ago |
Swiftpack is being maintained by Petr Pavlik | @ptrpavlik | @swiftpackco | API | Analytics