1

When detecting jailbroken device, why do most examples terminate app if fork process fails? Doesn't that mean device is not jailbroken, so everything is ok, without any child process? 

int pid = fork();
if (!pid){
    exit(0);
}
if (pid >= 0) {
    return YES;
}
Improve this question
3
  • I'm guessing those code comments are yours? The first one makes no sense. Commented Dec 19, 2018 at 17:05
  • @BradAllred what comments? Commented Dec 20, 2018 at 0:54
  • The ones you edited out :) Commented Dec 20, 2018 at 1:00

1 Answer 1

Reset to default
5

A PID of 0 doesn't mean the fork failed. It means the fork succeeded and that the current process is the child. PID > 0 means the fork succeeded and the current process is the parent (the returned value is the child's PID). PID -1 means that it failed.

Since app processes are usually forbidden from forking, a -1 is the expected result. If fork is allowed, then there are two processes. The parent returns YES, and the child is terminated since it isn't actually needed for anything but testing whether the fork was allowed.

Improve this answer
Sign up to request clarification or add additional context in comments.

6 Comments

I just tested on jailbroken device and pid returns -1. Do you know if this mean forks aren't allowed even on jailbroken device, or that sandbox isnt compromised although jailbroken?
I would say that the generation of jailbreak OS you have doesn't fall for this detection technique. I was a bit surprised that such a basic test would work; it's a lot harder than that to detect jailbreaks. But the above is what that code is trying to do.
this test is is commonly used, and also exemplified in an Oreily book Hacking and Securing iOS Applications. Ive added my jailbreak code. Are there any resources or examples of better jailbreak detection without risking app review rejection? Thanks for the help
If a simple app-level test could reliably detect jailbreaks for an extended period of time, Apple would just apply that test to prevent jailbreaking in the first place. Jailbreaking and jailbreak detection is an arms race where you need to keep your techniques secret or they won't work any more. It's not security; it's just obfuscation, and that means anything you pick up on StackOverflow or in a popular book is going to have bypasses.
The reason that fork is not working on your device is specific to the jailbreak software you used. Jailbreak usually does several kernel patches to disable security features that prevent unsigned code execution and enable certain features to allow developers easier access to iOS internals. Forking is one of them. You get -1 because this exact jailbreak does not enable it. Pretty much all older jailbreak did, it was a standard feature. Same with CydiaSubstrate support, you need specific patches to enable it. Some recent jailbreaks also lack these patches.
|

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.