0
点赞
收藏
分享

微信扫一扫

iOS 防止tweak注入Hook API,防止dylib注入 笔记


在 Build Settings 里找到 Other Linker Flags,然后在 release 项添加:
​​​-Wl,-sectcreate,__RESTRICT,__restrict,/dev/null​

​​https://opensource.apple.com/source/dyld/dyld-210.2.3/src/dyld.cpp​​

switch (sRestrictedReason) {
case restrictedNot:
break;
case restrictedBySetGUid:
dyld::log("main executable (%s) is setuid or setgid\n", sExecPath);
break;
case restrictedBySegment:
dyld::log("main executable (%s) has __RESTRICT/__restrict section\n", sExecPath);
break;
case restrictedByEntitlements:
dyld::log("main executable (%s) is code signed with entitlements\n", sExecPath);
break;
}

上面的三种情况,可以让环境变量:DYLD_INSERT_LIBRARIES 被无视

1.setuid and setgid / 可执行文件被 setuid 或 setgid 了

Any application that makes these two calls are going to be marked as restricted by the linker as a security measure.

2.Restricted Segment of Header / 可执行文件含有__RESTRICT/__restrict 这个 section

The final way to mark a binary as restricted is by telling the linker to add new section to the binary header that is named “__RESTRICT” and has a section named “__restrict” when you compile it.

3.Set restricted status by entitlements / 可执行文件被签了某个 entitlements

This option is only available to applications on OS X with special entitlements.

其中,因为Apple的审核机制,1和3不能由用户指定

所以编译生成的含有 __RESTRICT/__restrict section 的 app 会忽略 DYLD_INSERT_LIBRARIES

参考:

iOS安全—阻止tweak注入hook api


举报

相关推荐

0 条评论