iOS 防止tweak注入Hook API,防止dylib注入 笔记

在 Build Settings 里找到 Other Linker Flags,然后在 release 项添加:
-Wl,-sectcreate,__RESTRICT,__restrict,/dev/null


https://opensource.apple.com/source/dyld/dyld-210.2.3/src/dyld.cpp

switch (sRestrictedReason) {
    case restrictedNot:
         break;
    case restrictedBySetGUid:
         dyld::log("main executable (%s) is setuid or setgid\n", sExecPath);
         break;
    case restrictedBySegment:
         dyld::log("main executable (%s) has __RESTRICT/__restrict section\n", sExecPath);
         break;
    case restrictedByEntitlements:
         dyld::log("main executable (%s) is code signed with entitlements\n", sExecPath);
         break;
        }

上面的三种情况,可以让环境变量:DYLD_INSERT_LIBRARIES 被无视

1.setuid and setgid / 可执行文件被 setuid 或 setgid 了

Any application that makes these two calls are going to be marked as restricted by the linker as a security measure.

2.Restricted Segment of Header / 可执行文件含有__RESTRICT/__restrict 这个 section

The final way to mark a binary as restricted is by telling the linker to add new section to the binary header that is named “__RESTRICT” and has a section named “__restrict” when you compile it.

3.Set restricted status by entitlements / 可执行文件被签了某个 entitlements

This option is only available to applications on OS X with special entitlements.

其中,因为Apple的审核机制,1和3不能由用户指定

所以编译生成的含有 __RESTRICT/__restrict section 的 app 会忽略 DYLD_INSERT_LIBRARIES


参考:

iOS安全—阻止tweak注入hook api

你可能感兴趣的:(iOS)