Latest 1.0
Homepage https://github.com/securing/IOSSecuritySuite
License MIT
Platforms ios 10.0, requires ARC

ISS logo

by @_r3ggi

ISS Description

🌏 iOS Security Suite is an advanced and easy-to-use platform security & anti-tampering library written in pure Swift! If you are developing for iOS and you want to protect your app according to the OWASP MASVS standard, chapter v8, then this library could save you a lot of time. 🚀

What ISS detects:

  • Jailbreak (even the iOS 11+ with brand new indicators! 🔥)
  • Attached debugger 👨🏻‍🚀
  • If an app was run in emulator 👽
  • Common reverse engineering tools running on the device 🔭

Setup

There are 3 ways you can start using IOSSecuritySuite

Add source

Add IOSSecuritySuite/*.swift files to your project

Setup with CocoaPods

pod 'IOSSecuritySuite'

Setup with Carthage

github "securing/IOSSecuritySuite"

How to use

Jailbreak detector module

  • This method returns a binary value of True/False if you just want to know if the device is jailbroken or jailed
if IOSSecuritySuite.amIJailbroken() {
    print("This device is jailbroken")
} else {
    print("This device is not jailbroken")
}
  • Verbose if you also want to know what indicators were identified
let jailbreakStatus = IOSSecuritySuite.amIJailbrokenWithFailMessage()
if jailbreakStatus.jailbroken {
    print("This device is jailbroken")
    print("Because: (jailbreakStatus.failMessage)")
} else {
    print("This device is not jailbroken")
}

The failMessage is a String containing comma separated indicators as shown on the example below:
Cydia URL scheme detected, Suspicious file exists: /Library/MobileSubstrate/MobileSubstrate.dylib, Fork was able to create a new process

Debbuger detector module

let amIDebugged = IOSSecuritySuite.amIDebugged() ? true : false

Emulator detector module

let runInEmulator = IOSSecuritySuite.amIRunInEmulator() ? true : false

Reverse engineering tools detector module

let amIReverseEngineered = IOSSecuritySuite.amIReverseEngineered() ? true : false

Security considerations

Before using this and other platform security checkers you have to understand that:

  • Including this tool in your project is not the only thing you should do in order to improve your app security! You can read a general mobile security whitepaper here.
  • Detecting if a device is jailbroken is done locally on the device. It means that every jailbreak detector may be bypassed (even this)!
  • Swift code is considered to be harder to manipulate dynamically than Objective-C. Since this library was written in pure Swift, the IOSSecuritySuite methods shouldn’t be exposed to Objective-C runtime (which makes it more difficult to bypass ✅). You have to know that attacker is still able to MSHookFunction/MSFindSymbol Swift symbols and dynamically change Swift code execution flow.
  • It’s also a good idea to obfuscate the whole project code including this library. See Swiftshield

Contribution ❤️

Yes, please! If you have a better idea or you just want to improve this project, please text me on Twitter or Linkedin. Pull requests are more than welcome!

TODO

  • [ ] File integrity checks

  • [ ] Deny debugger

License

See the LICENSE file.

References

While creating this tool I used:

Latest podspec

{
    "name": "IOSSecuritySuite",
    "version": "1.0",
    "summary": "iOS platform security & anti-tampering Swift library",
    "homepage": "https://github.com/securing/IOSSecuritySuite",
    "license": "MIT",
    "authors": "Wojciech Reguu0142a",
    "social_media_url": "https://twitter.com/_r3ggi",
    "platforms": {
        "ios": "10.0"
    },
    "ios": {
        "frameworks": [
            "UIKit",
            "Foundation"
        ]
    },
    "source": {
        "git": "https://github.com/securing/IOSSecuritySuite.git",
        "tag": "1.0"
    },
    "source_files": "IOSSecuritySuite/*.swift",
    "swift_versions": "4.2",
    "requires_arc": true
}

Pin It on Pinterest

Share This