Saturday, July 23, 2016

iOS Application Security - xCON Switch - Enable/Disable Detection without removing xCON Application from Cydia

I was searching for the xCon switch in order to enable/disable injecting xCon file to each application that is launched under iOS device. However, I was unable to find any such resource. So I decided to digg little into that.
Before moving forward, let me show you that my application gives me a messege while it detects the jailbroken device.




The trick is very simple. Initially I opened device logs in order to find which xCon file it is injecting into each application in order to bypass jailbreak detection log. I was able to find the exact path as follows:




As you can see the exact directory from whre it is injecting xCon.dylib file is as follows:

/Library/MobileSubstrate/DynamicLibraries/xCon.dylib

Now as mentioned in below image, log in into your jail-broken device using SSH and move xCon.dylib file to another location temporary.



Now close your existing application and run it again, you will notice that as xCon.dylib was unable to inject the application. As a result of that, my application did not ran normally and according to application logic, it gave me a messege saying "Jail broken".






This how by just moving its file, you can enable/disable the detection engine of xCon. Also from cydia you can find what all files it will install in which directory so that you can copy and make the bundle for future use if it wont be available in cydia.



Thank you.

No comments: