iOS安全—阻止tweak注入hook api

http://blog.csdn.net/zcrong/article/details/51617348

 

在Other Linker Flags中添加：

-Wl,-sectcreate,__RESTRICT,__restrict,/dev/null

 

再来看看生成的macho文件多了一个__RESTRICT/__restrict  section

类似美团某个版本采取的section办法

为什么加了这样的一个section就能阻止dylib注入了呢？

 

 

在这里找到了答案：http://www.opensource.apple.com/source/dyld/dyld-210.2.3/src/dyld.cpp

也就是说下面三种情况，可以让环境变量：DYLD_INSERT_LIBRARIES被无视

if ( removedCount != 0 ) {
        dyld::log("dyld: DYLD_ environment variables being ignored because ");
        switch (sRestrictedReason) {
            case restrictedNot:
                break;
            case restrictedBySetGUid:
                dyld::log("main executable (%s) is setuid or setgid\n", sExecPath);
                break;
            case restrictedBySegment:
                dyld::log("main executable (%s) has __RESTRICT/__restrict section\n", sExecPath);
                break;
            case restrictedByEntitlements:
                dyld::log("main executable (%s) is code signed with entitlements\n", sExecPath);
                break;
        }
    }

1. 1.Set restricted status by entitlements

   This option is only available to applications on OS X with special entitlements.

2. 2.setuid and setgid

   Any application that makes these two calls are going to be marked as restricted by the linker as a security measure.

3. 3.Restricted Segment of Header

   The final way to mark a binary as restricted is by telling the linker to add new section to the binary header that is named “__RESTRICT” and has a section named “__restrict” when you compile it.

所以编译生成的含有__RESTRICT/__restrict  section的app会忽略DYLD_INSERT_LIBRARIES。

当然解决办法也是有的，用010 editor打开可执行文件，把section的名字修改一下即可。

 

转载于:https://www.cnblogs.com/Keys/p/6170209.html