Project: iOS AppDelegate JailBreak Detection Bypass

Try this code out now by running

$ frida --codeshare darklotuskdb/ios-appdelegate-jailbreak-detection-bypass -f YOUR_BINARY
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
console.warn(`[+] JailBreak Bypass Via AppDelegate Class`);
console.warn(`[*] Twitter: @DarkLotusKDB (Kamaldeep Bhati)`);
/**
* SIG <3
*/
console.warn(`################################################`);
if (ObjC.available) {
try {
var className = "AppDelegate";
var funcName = "- isNewJailBreak";
var hook = eval('ObjC.classes.' + className + '["' + funcName + '"]');
Interceptor.attach(hook.implementation, {
onLeave: function(retval) {
console.log("[*] Class Name: " + className);
console.log("[*] Method Name: " + funcName);
console.log("\t[-] Type of return value: " + typeof retval);
console.log("\t[-] Original Return Value: " + retval);
var newretval = ptr("0x0")
retval.replace(newretval)
console.log("\t[-] New Return Value: " + newretval)
}
});
} catch (err) {
console.log("[!] Exception2: " + err.message);
}
} else {
console.log("Objective-C Runtime is not available!");
}
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

Fingerprint: 3c74824ba3ad7332e4641847d8ba2fe49aa1c99eb09879dfaf43d36543f86d51