Skip to content

Instantly share code, notes, and snippets.

What would you like to do?
iOS - Prevent debugger attachment in a jailbroken environment. Obfuscated by assembly and symbol mangling.
// jailbreak_protect.c
// Created by Jonathan Cardasis (C) on 10/11/19.
// Copyright © 2019 Jonathan Cardasis (C). All rights reserved.
// Source:
// Simply include this file in your project and ensure the file's Target Membership
// is set to your app.
#if !defined (jailbreak_protect) && defined (__arm64__)
#define jailbreak_protect
#define prevent_debugger PfdVSCqqteGFWxmSPFAw // Obfuscate function name
Prevent debugger attachment by invoking underlying syscalls ptrace uses.
Most anti-debug code relies on libraries which are easy enough to hook
the symbols and bypass these checks. This is an ARM64 assembly solution
which requires much more effort to bypass.
This code is executed by dyld (the dynamic linker) during the initialization phase,
before the instruction pointer enters the program code.
__attribute__((constructor)) static void prevent_debugger() {
asm volatile (
"mov x0, #26\n" // ptrace syscall (26 in XNU)
"mov x1, #31\n" // PT_DENY_ATTACH (0x1f) - first arg
"mov x2, #0\n"
"mov x3, #0\n"
"mov x16, #0\n"
"svc #128\n" // make syscall
#endif /* jailbreak_protect */
Copy link

SalCat commented Oct 28, 2020

Unfortunately this does not work on an Apple Watch. When compiling it it gives an error: “GNU-style inline assembly is disabled” it’s unfortunate because an Apple Watch is definitely where you’d like this debug-disable functionality. Not to mention the fact that bitcode has to be turned in if delivering an iPhone app with a companion WatchOS app. Bummer. :( great solution though.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment