Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
iOS - Prevent debugger attachment in a jailbroken environment. Obfuscated by assembly and symbol mangling.
//
// jailbreak_protect.c
//
// Created by Jonathan Cardasis (C) on 10/11/19.
// Copyright © 2019 Jonathan Cardasis (C). All rights reserved.
//
// Source: https://medium.com/@joncardasis/mobile-security-jailbreak-protection-84aa0fbc7b23
// Simply include this file in your project and ensure the file's Target Membership
// is set to your app.
#if !defined (jailbreak_protect) && defined (__arm64__)
#define jailbreak_protect
#define IS_APP_STORE_BUILD !TARGET_IPHONE_SIMULATOR && !DEBUG
#if IS_APP_STORE_BUILD
#define prevent_debugger PfdVSCqqteGFWxmSPFAw // Obfuscate function name
/**
Prevent debugger attachment by invoking underlying syscalls ptrace uses.
Most anti-debug code relies on libraries which are easy enough to hook
the symbols and bypass these checks. This is an ARM64 assembly solution
which requires much more effort to bypass.
This code is executed by dyld (the dynamic linker) during the initialization phase,
before the instruction pointer enters the program code.
*/
__attribute__((constructor)) static void prevent_debugger() {
asm volatile (
"mov x0, #26\n" // ptrace syscall (26 in XNU)
"mov x1, #31\n" // PT_DENY_ATTACH (0x1f) - first arg
"mov x2, #0\n"
"mov x3, #0\n"
"mov x16, #0\n"
"svc #128\n" // make syscall
);
}
#endif
#endif /* jailbreak_protect */
@SalCat
Copy link

SalCat commented Oct 28, 2020

Very nice! Highly impressed. This will definitely increase the workload of a would-be attacker. Is there any issue with App Store rejection? All they’d have to do is try to debug it...

@SalCat
Copy link

SalCat commented Oct 28, 2020

Unfortunately this does not work on an Apple Watch. When compiling it it gives an error: “GNU-style inline assembly is disabled” it’s unfortunate because an Apple Watch is definitely where you’d like this debug-disable functionality. Not to mention the fact that bitcode has to be turned in if delivering an iPhone app with a companion WatchOS app. Bummer. :( great solution though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment