Ios-malicious-bithunter - iOS Malicious Bit Hunter is a malicious plug-in detection engine for iOS applications. It can analyze the head of the macho file of the injected dylib dynamic library based on runtime. If you are interested in other programs of the author, please visit https://github.com/SecurityLife

Related tags

Miscellaneous ios-malicious-bithunter
Overview

iOS Malicious Bit Hunter

Abstract

iOS Malicious Bit Hunter is a malicious plug-in detection engine for iOS applications. It can analyze the head of the macho file of the injected dylib dynamic library based on runtime, and can perform behavior analysis through interface input characteristics to determine the behavior of the dynamic library feature. The program does not rely on the jailbreak environment and can be used on the AppStore.

What’s new feature

This is a new way to accurately identify the behavior of iOS malicious code. Based on the method of analyzing malicious code running in the memory based on the Mach-O format in the App, it can perform flexible behavior recognition for analysis and continuous tracking. This is a very accurate anti-plug-in defense method, including behaviors, variables, and highly obfuscated code (including ollvm), which has achieved very good results in our defense process.

How to use

  1. Use XCode open .xcodeproj file or create new static library project .
  2. Build Phases -> Compile Sources , add all *.c / *.mm file .
  3. command + B build .

The ios-malicious-bithunter had only one api: secinfo * Security_CoreFoundation(void);

Invoke example :

info = (secinfo *)malloc(sizeof(secinfo));

info->scan_result = (unsigned char * ) malloc(1024*1024);

memset(info->scan_result,0,1024*1024);

if(info == NULL)

{

    goto RETURN;

}
    
info->is_plugScan = security_scanEngine((unsigned char *)info->scan_result);

Logic Priciple

The tool provides an API interface for obtaining externally match rules. It will analyze the behavior of jailbroken and repackaged dynamic libraries at runtime, mainly through static analysis of the MachO file format, through the Load Command and different segments Obtain the import table, export table, class name, function name, string and other information, and judge whether the dynamic library has been loaded into the memory through the memory map at runtime.

Logic Priciple

Detect demo result

We used our SDK to analyze tens of thousands of jailbreak dynamic libraries. These resources come from some public jailbreak plugins. Below are our current test results:

filename,rule

ALS.dylib,FAKEDEV_H

AWZ.dylib,FAKEDEV_H

CallAssist.dylib,FAKEDEV_H

EGrimaceTweak.dylib,FAKEDEV_H

Lynx.dylib,FAKEDEV_H

NZT.dylib,FAKEDEV_H

SystemInfo.dylib,FAKEDEV_H

YOY.dylib,FAKEDEV_H

fakephonelib.dylib,FAKEDEV_H

fakid.dylib,FAKEDEV_H

nt.dylib,FAKEDEV_H

AWZ.dylib,FAKEDEV_M

1feaks.dylib,FAKETOUCH

ATTweak.dylib,FAKETOUCH

BTC-Springboard.dylib,FAKETOUCH

Callofdutygarena.dylib,FAKETOUCH

Cercube.dylib,FAKETOUCH

EASimulateTower.dylib,FAKETOUCH

EPEventTweak.dylib,FAKETOUCH

EvilHunterTycoon.dylib,FAKETOUCH

FlyBirdRemoteControl.dylib,FAKETOUCH

GamePlayerUI.dylib,FAKETOUCH

HAWK.dylib,FAKETOUCH

HonkaiImpactTW.dylib,FAKETOUCH

HookedInc.dylib,FAKETOUCH

IdleFitnessGymTycoon.dylib,FAKETOUCH

JudeTaxi_jb.dylib,FAKETOUCH

LienQuanMobile.dylib,FAKETOUCH

P4UTweak.dylib,FAKETOUCH

PUBGMOBILEFREEiOSGodsCom.dylib,FAKETOUCH

ScarFalliOSGodsCom.dylib,FAKETOUCH

SimulateTouch.dylib,FAKETOUCH

TSEventTweak.dylib,FAKETOUCH

TSTweak.dylib,FAKETOUCH

WildRift.dylib,FAKETOUCH

bitcoinminer.dylib,FAKETOUCH

coin.dylib,FAKETOUCH

dls2019.dylib,FAKETOUCH

dq2.dylib,FAKETOUCH

dungeoncorp.dylib,FAKETOUCH

easimulatetower.thirdparty.2.dylib,FAKETOUCH

freefire.dylib,FAKETOUCH

gameisbugged.dylib,FAKETOUCH

hidspringboard.dylib,FAKETOUCH

mycafe.dylib,FAKETOUCH

raidthedungeon.dylib,FAKETOUCH

royaldice.dylib,FAKETOUCH

rushroyale.dylib,FAKETOUCH

tetweak.dylib,FAKETOUCH

tkasmtouch.dylib,FAKETOUCH

1.dylib,FAKE_LBS

AliDt.dylib,FAKE_LBS

CyDown.dylib,FAKE_LBS

DouTu.dylib,FAKE_LBS

GpsHookLibrary.dylib,FAKE_LBS

Lamo.dylib,FAKE_LBS

LamoClient.dylib,FAKE_LBS

OTRLocation.dylib,FAKE_LBS

WeChatHookPro.dylib,FAKE_LBS

abcd.dylib,FAKE_LBS

appstoreplusUI.dylib,FAKE_LBS

easimulatetower.client.dylib,FAKE_LBS

kfc.dylib,FAKE_LBS

lk.dylib,FAKE_LBS

m.dylib,FAKE_LBS

mmm.dylib,FAKE_LBS

pbyy.dylib,FAKE_LBS

phonetweak.dylib,FAKE_LBS

tou111.dylib,FAKE_LBS

txytweak.dylib,FAKE_LBS

xiaoqi.dylib,FAKE_LBS

xin.dylib,FAKE_LBS

zorro.dylib,FAKE_LBS

zzzzzLiberty.dylib,FAKE_LBS

You might also like...
FiveM Cheat with KEKHACK. Injected with simple injector in c++.
FiveM Cheat with KEKHACK. Injected with simple injector in c++.

FiveM Cheat with TriggersEvent [KEKHACK] This is the ultimate great source code for building the best cheat FiveM. I'm not going to tell you how to cr

MasterDev 9 Dec 26, 2022
This is the laplight software for enabling flashlight support on a laptop/netbook. For the specification, see: https://github.com/LapLight/

By: Seanpm2001, Et; Al. Top README.md Read this article in a different language Sorted by: A-Z Sorting options unavailable ( af Afrikaans Afrikaans |

Sean P. Myrick V19.1.7.2 3 Oct 25, 2022
Linux System Optimizer and Monitoring - https://oguzhaninan.github.io/Stacer-Web
Linux System Optimizer and Monitoring - https://oguzhaninan.github.io/Stacer-Web

Linux System Optimizer and Monitoring Reviews Required Packages curl, systemd PPA Repository (for ubuntu) sudo add-apt-repository ppa:oguzhaninan/stac

Oguzhan Inan 8.2k Dec 31, 2022
(C++) Integrity dynamic link library made in C++ that you can export to C#

C-Integrity-Library ✔ (C++) Integrity dynamic link library made in C++ that can export to C# C# Exports [DllImport("Exports.dll")] public static exter

null 1 Jan 20, 2022
Blade - A simple, fast, clean, and dynamic language that allows you to develop complex applications quickly.

The Blade Programming Language Quick links: BUILDING | CONTRIBUTING | DOCS | LICENSE | tl;dr Blade is a simple, fast, clean and dynamic language that

Blade Programming Language 121 Dec 31, 2022
ESP32 + GitHub Actions + Husarnet. A boilerplate project for ESP32 allowing in-field firmware update using GitHub Actions workflow.

esp32-internet-ota ESP32 + GitHub Actions + Husarnet. A boilerplate project for ESP32 allowing in-field firmware update using GitHub Actions workflow.

Husarnet 31 Sep 22, 2022
Nissan Pathfinder R51 Head Unit Adapter
Nissan Pathfinder R51 Head Unit Adapter

Nissan Pathfinder R51 Head Unit Adapter This repo contains documentation and code to turn an Arduino into a CAN Bus climate control adapter for the Ni

Ryan Bourgeois 1 Dec 12, 2022
Documentation and code for rooting and extending a Bosch car head unit (lcn2kai)
Documentation and code for rooting and extending a Bosch car head unit (lcn2kai)

Rooting Bosch lcn2kai Headunit My Nissan Xterra came with a (for the time) modern head unit that has a touch screen, built-in navigation, backup camer

null 339 Dec 12, 2022
The pico can be used to program other devices. Raspberry pi made such an effort. However there is no board yet, that is open-source and can be used with OpenOCD as a general-purpose programmer
The pico can be used to program other devices. Raspberry pi made such an effort. However there is no board yet, that is open-source and can be used with OpenOCD as a general-purpose programmer

pico-probe-programmer The pico can be used to program other devices. Raspberry pi made such an effort. However there is no board yet, that is open-sou

martijn 22 Oct 15, 2022
Owner
Alipay
Ant Group Open Source
Alipay
GitHub
Offline fluid simulation solver adopted from https://github.com/doyubkim/fluid-engine-dev.

FluidEngine This is a fluid simulation engine for computer graphics applications. I adopt it from Doyub Kim's fluid-engine-dev. It's built on C++11 an

YangWC 55 Oct 26, 2022
Had a tough time playing Microsoft Wordament ? Well WORDament_Solver has your back. It suggests you meaningful words you can use while playing the game and help you top the leaderboard.

WORDament_Solver Had a tough time playing Microsoft Wordament ? Well WORDament_Solver has your back. It suggests you meaningful words you can use whil

Tushar Agarwal 3 Aug 19, 2021
Development of a system which can capture and analyze transmitted data on a USB wire.

FPGA based USB protocol analyser Development of a system which can capture and analyze transmitted data on a

Harsha Sandirigama 0 Apr 3, 2022
Please feel free to use this code if you need to keep track of accelerometer and gyro data :)

IMUArduinoDataCollection Please feel free to use this code if you need to keep track of accelerometer and gyro data :) This code takes in xyz motion b

null 1 Nov 9, 2021
(FIXED) Since the one on github didn't work. (ALSO INCLUDES .DLL SO YOU CAN JUST INJECT INTO FORTNITE)

Marathon-Fortnite-Cheat-Fix-Leak Fortnite Marathon Cheat v18.20 FIXED [Leak] Getting started Open .sln with Visual Studio 2019 Compile batch build to

LUCIFER ® 2 Dec 13, 2021
a undetectable tool by modify odyssey, support sign disable & dylib injection, test on iphoneX(13.5.1 expolit by FreeTheSandbox), our qqgroup is 703156427

a undetectable ios root access tool by modify odyssey, support sign disable & dylib injection, test on iphoneX(13.5.1 expolit by FreeTheSandbox), our

null 58 Nov 22, 2021
Thread Stack Spoofing - PoC for an advanced In-Memory evasion technique allowing to better hide injected shellcode's memory allocation from scanners and analysts.

Thread Stack Spoofing PoC A PoC implementation for an advanced in-memory evasion technique that spoofs Thread Call Stack. This technique allows to byp

Mariusz B. 761 Jan 9, 2023
Original hVNC has been recoded to work with all version of windows above XP. Thanks to the original author for this wonderful tool.

hVNC - Recoded This is the recoded version of the hVNC found in TinyNuke trojan. Compiling Compile tested with Visual Studio 2017. No compile errors.

Snow Leopard 8 Jan 22, 2022
Example of downloading/installing dependencies using Hunter package manager.

Linux/OSX Windows Example of downloading/installing dependencies using Hunter package manager. Requirements CMake version 3.0 Usage Set HUNTER_ROOT en

null 46 Dec 30, 2022
A Charm/Item editor for Monster Hunter Rise

mhr-charm-item-editor A Charm/Item editor for Monster Hunter Rise. The project is written in C++/CLR (yes, I know, it's shit). I was too lazy to use s

Fexty 49 Dec 9, 2022