### Install with Swift Package Manager
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Add the library dependency to your Swift Package Manager configuration.
```swift
.package(url: "https://github.com/securing/IOSSecuritySuite.git", from: "1.5.0")
```
--------------------------------
### Find Loaded Dylibs (arm64)
Source: https://context7.com/securing/iossecuritysuite/llms.txt
Use IOSSecuritySuite.findLoadedDylibs to get a list of all dynamically loaded libraries for the main executable or a specified framework. This is useful for detecting injected libraries. Ensure the arm64 architecture is targeted.
```swift
#if arch(arm64)
import IOSSecuritySuite
// Get all dylibs loaded by the main executable
if let loadedDylibs = IOSSecuritySuite.findLoadedDylibs(.default) {
print("Loaded dylibs (\(loadedDylibs.count)):")
for dylib in loadedDylibs {
print(" - \(dylib)")
}
// Check for suspicious injected libraries
let suspiciousLibs = ["FridaGadget", "cycript", "SSLKillSwitch"]
for suspicious in suspiciousLibs {
if loadedDylibs.contains(where: { $0.contains(suspicious) }) {
print("WARNING: Suspicious library detected: \(suspicious)")
}
}
}
// Get dylibs loaded by a specific framework
if let frameworkDylibs = IOSSecuritySuite.findLoadedDylibs(.custom("MyFramework")) {
print("MyFramework dependencies: \(frameworkDylibs)")
}
#endif
```
--------------------------------
### Reverse Engineering Tools Detection with Swift
Source: https://context7.com/securing/iossecuritysuite/llms.txt
Detects common reverse engineering tools like Frida and Cycript. Use the detailed check to get specific reasons for detection.
```swift
import IOSSecuritySuite
// Simple check for reverse engineering tools
let isReverseEngineered = IOSSecuritySuite.amIReverseEngineered()
if isReverseEngineered {
print("Reverse engineering tools detected!")
}
```
```swift
// Detailed check with specific failures
let reStatus = IOSSecuritySuite.amIReverseEngineeredWithFailedChecks()
if reStatus.reverseEngineered {
print("Reverse engineering evidence found:")
for check in reStatus.failedChecks {
print(" \(check.check): \(check.failMessage)")
// Example outputs:
// existenceOfSuspiciousFiles: Suspicious file found: /usr/sbin/frida-server
// dyld: Suspicious library loaded: FridaGadget
// openedPorts: Port 27042 is open (default Frida port)
}
}
```
--------------------------------
### Configure Info.plist for Jailbreak Detection
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Update the Info.plist file to include URL schemes required for jailbreak detection.
```xml
LSApplicationQueriesSchemes
undecimus
sileo
zbra
filza
```
--------------------------------
### Detect Reverse Engineering Tools
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Identify if common reverse engineering tools are present on the device.
```swift
if IOSSecuritySuite.amIReverseEngineered() {
print("This device has evidence of reverse engineering")
} else {
print("This device hasn't evidence of reverse engineering")
}
```
```swift
let reverseStatus = IOSSecuritySuite.amIReverseEngineeredWithFailedChecks()
if reverseStatus.reverseEngineered {
// check for reverseStatus.failedChecks for more details
}
```
--------------------------------
### Emulator Detection with Swift
Source: https://context7.com/securing/iossecuritysuite/llms.txt
Determine if the application is running in an iOS Simulator or emulator environment. This check can be combined with other security checks.
```swift
import IOSSecuritySuite
// Check if running in emulator/simulator
let isEmulator = IOSSecuritySuite.amIRunInEmulator()
if isEmulator {
print("Running in simulator - some features may be disabled")
// Disable sensitive operations or show warning
}
```
```swift
// Combine with other checks for comprehensive security
func performSecurityCheck() -> Bool {
if IOSSecuritySuite.amIRunInEmulator() {
print("Emulator detected")
return false
}
if IOSSecuritySuite.amIJailbroken() {
print("Jailbreak detected")
return false
}
if IOSSecuritySuite.amIDebugged() {
print("Debugger detected")
return false
}
return true
}
```
--------------------------------
### Verify file integrity
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Check for application tampering by verifying bundle IDs, mobile provisions, or Mach-O file hashes.
```Swift
// Determine if application has been tampered with
if IOSSecuritySuite.amITampered([.bundleID("biz.securing.FrameworkClientApp"),
.mobileProvision("2976c70b56e9ae1e2c8e8b231bf6b0cff12bbbd0a593f21846d9a004dd181be3"),
.machO("IOSSecuritySuite", "6d8d460b9a4ee6c0f378e30f137cebaf2ce12bf31a2eef3729c36889158aa7fc")]).result {
print("I have been Tampered.")
}
else {
print("I have not been Tampered.")
}
// Manually verify SHA256 hash value of a loaded dylib
if let hashValue = IOSSecuritySuite.getMachOFileHashValue(.custom("IOSSecuritySuite")), hashValue == "6d8d460b9a4ee6c0f378e30f137cebaf2ce12bf31a2eef3729c36889158aa7fc" {
print("I have not been Tampered.")
}
else {
print("I have been Tampered.")
}
// Check SHA256 hash value of the main executable
// Tip: Your application may retrieve this value from the server
if let hashValue = IOSSecuritySuite.getMachOFileHashValue(.default), hashValue == "your-application-executable-hash-value" {
print("I have not been Tampered.")
}
else {
print("I have been Tampered.")
}
```
--------------------------------
### Jailbreak Detection with Swift
Source: https://context7.com/securing/iossecuritysuite/llms.txt
Use these methods to detect if a device is jailbroken. The simple boolean check is quick, while detailed checks provide specific failure reasons.
```swift
import IOSSecuritySuite
// Simple boolean check
let isJailbroken = IOSSecuritySuite.amIJailbroken()
if isJailbroken {
print("Device is jailbroken - taking security measures")
}
```
```swift
// Check with failure message
let jailbreakStatus = IOSSecuritySuite.amIJailbrokenWithFailMessage()
if jailbreakStatus.jailbroken {
print("Jailbreak detected: \(jailbreakStatus.failMessage)")
// Example output: "Jailbreak detected: Suspicious library loaded: /Library/MobileSubstrate/MobileSubstrate.dylib"
}
```
```swift
// Detailed check with list of failed checks
let detailedStatus = IOSSecuritySuite.amIJailbrokenWithFailedChecks()
if detailedStatus.jailbroken {
print("Jailbreak detected!")
for failedCheck in detailedStatus.failedChecks {
print("Failed check: \(failedCheck.check) - \(failedCheck.failMessage)")
// Example output:
// Failed check: existenceOfSuspiciousFiles - Suspicious file exists: /Applications/Cydia.app
// Failed check: dyld - Suspicious library loaded: TweakInject.dylib
}
}
```
--------------------------------
### Detect System Proxy and VPN
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Check if the application traffic is routed through a proxy or VPN.
```swift
let amIProxied: Bool = IOSSecuritySuite.amIProxied(considerVPNConnectionAsProxy: true)
```
--------------------------------
### Check Application Integrity with IOSSecuritySuite
Source: https://context7.com/securing/iossecuritysuite/llms.txt
Verifies application integrity by checking bundle ID, mobile provisioning profile hash, and Mach-O executable hash. Use this to detect tampering or repackaging.
```swift
import IOSSecuritySuite
// Check for application tampering with multiple integrity checks
let integrityResult = IOSSecuritySuite.amITampered([
.bundleID("com.example.myapp"),
.mobileProvision("a]31b3y86c7d31e2f3a4b5c6d7e8f9a0b1c2d3e4f5a6b7c8d9e0f1a2b3c4d5e6f7")
])
if integrityResult.result {
print("Application has been tampered!")
for check in integrityResult.hitChecks {
print("Integrity check failed: \(check.description)")
// Example: "The expected bundle identify was com.example.myapp"
}
} else {
print("Application integrity verified")
}
// For dylibs (arm64 only): verify Mach-O __TEXT.__text section hash
#if arch(arm64)
let machoResult = IOSSecuritySuite.amITampered([
.machO("MyFramework", "6d8d460b9a4ee6c0f378e30f137cebaf2ce12bf31a2eef3729c36889158aa7fc")
])
if machoResult.result {
print("Framework binary has been modified!")
}
#endif
```
--------------------------------
### Verify Mach-O Hash (arm64)
Source: https://context7.com/securing/iossecuritysuite/llms.txt
Retrieves the SHA256 hash of a Mach-O file's __TEXT.__text section for integrity verification. Use this to ensure loaded dylibs or the main executable have not been modified.
```swift
#if arch(arm64)
import IOSSecuritySuite
// Get hash of the main executable's text section
if let mainHash = IOSSecuritySuite.getMachOFileHashValue(.default) {
print("Main executable hash: \(mainHash)")
// Compare against known good hash
let expectedHash = "abc123..."
if mainHash != expectedHash {
print("Executable has been modified!")
}
}
// Get hash of a specific loaded dylib
if let frameworkHash = IOSSecuritySuite.getMachOFileHashValue(.custom("IOSSecuritySuite")) {
print("IOSSecuritySuite hash: \(frameworkHash)")
// Verify against expected hash (pre-computed during build)
let expectedFrameworkHash = "6d8d460b9a4ee6c0f378e30f137cebaf2ce12bf31a2eef3729c36889158aa7fc"
if frameworkHash == expectedFrameworkHash {
print("Framework integrity verified")
} else {
print("Framework has been tampered!")
}
}
#endif
```
--------------------------------
### Detect Hardware Watchpoints (arm64)
Source: https://context7.com/securing/iossecuritysuite/llms.txt
Detects hardware watchpoints that monitor memory access, commonly used during debugging. This function checks for watchpoints before processing sensitive data and can be used in a broader analysis detection routine.
```swift
#if arch(arm64)
import IOSSecuritySuite
func protectedOperation() -> Bool {
// Sensitive data that might be watched
var secretKey = "sensitive-api-key"
var transactionAmount = 99.99
// Check for watchpoints before processing sensitive data
if IOSSecuritySuite.hasWatchpoint() {
print("Watchpoint detected - memory is being monitored!")
// Clear sensitive data and abort operation
secretKey = ""
transactionAmount = 0
return false
}
// Proceed with secure operation
print("No watchpoints detected - proceeding safely")
return true
}
// Usage in debugging detection routine
func isUnderAnalysis() -> Bool {
return IOSSecuritySuite.amIDebugged() ||
IOSSecuritySuite.hasWatchpoint() ||
IOSSecuritySuite.isParentPidUnexpected()
}
#endif
```
--------------------------------
### Detect Emulator Usage
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Check if the application is running within an emulator.
```swift
let runInEmulator: Bool = IOSSecuritySuite.amIRunInEmulator()
```
--------------------------------
### Detect Runtime Method Hooking with IOSSecuritySuite
Source: https://context7.com/securing/iossecuritysuite/llms.txt
Detects if Objective-C methods have been hooked at runtime by checking if the method implementation resides in an unexpected dylib. Ensure to provide a list of allowed dylibs.
```swift
import IOSSecuritySuite
// Define a class with a method you want to protect
class SecureViewController: UIViewController {
@objc dynamic func validatePurchase() -> Bool {
// Critical purchase validation logic
return true
}
}
// List of allowed dylibs that may contain your method implementations
let allowedDylibs = [
"IOSSecuritySuite",
"MyApp"
]
// Check if the method has been hooked
let isHooked = IOSSecuritySuite.amIRuntimeHooked(
dyldAllowList: allowedDylibs,
detectionClass: SecureViewController.self,
selector: #selector(SecureViewController.validatePurchase),
isClassMethod: false
)
if isHooked {
print("Method has been hooked by an external framework!")
// Take appropriate action - the method may return manipulated results
}
// For class methods, set isClassMethod to true
class Analytics {
@objc dynamic class func trackEvent(_ name: String) {
// Analytics tracking
}
}
let isClassMethodHooked = IOSSecuritySuite.amIRuntimeHooked(
dyldAllowList: allowedDylibs,
detectionClass: Analytics.self,
selector: #selector(Analytics.trackEvent(_:)),
isClassMethod: true
)
```
--------------------------------
### Detect Runtime Hooks
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Identify if specific methods or classes have been hooked at runtime.
```swift
let amIRuntimeHooked: Bool = amIRuntimeHook(dyldWhiteList: dylds, detectionClass: SomeClass.self, selector: #selector(SomeClass.someFunction), isClassMethod: false)
```
--------------------------------
### Detect and Deny Debuggers
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Check for attached debuggers or actively deny them.
```swift
let amIDebugged: Bool = IOSSecuritySuite.amIDebugged()
```
```swift
IOSSecuritySuite.denyDebugger()
```
--------------------------------
### Detect Software Breakpoints (arm64)
Source: https://context7.com/securing/iossecuritysuite/llms.txt
Detects software breakpoints set at specific function addresses, indicating active debugging or analysis. Use this to identify if a critical function is being analyzed.
```swift
#if arch(arm64)
import IOSSecuritySuite
// Function to protect from breakpoint analysis
func criticalSecurityCheck() -> Bool {
// Sensitive security logic
return true
}
// Get function address
typealias CheckType = @convention(thin) () -> Bool
let checkFunc: CheckType = criticalSecurityCheck
let funcAddr = unsafeBitCast(checkFunc, to: UnsafeRawPointer.self)
// Check for breakpoints at function
let hasBreakpoint = IOSSecuritySuite.hasBreakpointAt(funcAddr, functionSize: nil)
if hasBreakpoint {
print("Breakpoint detected at critical function!")
// Function is being analyzed - take defensive action
}
// With known function size for more accurate detection
let hasBreakpointWithSize = IOSSecuritySuite.hasBreakpointAt(funcAddr, functionSize: 256)
#endif
```
--------------------------------
### Detect MSHook Function with IOSSecuritySuite (arm64)
Source: https://context7.com/securing/iossecuritysuite/llms.txt
Detects if a function has been hooked using MSHookFunction (Mobile Substrate/Substitute) by analyzing the function prologue for hook trampolines. This is applicable for arm64 architecture.
```swift
#if arch(arm64)
import IOSSecuritySuite
// Define a critical function to protect
func performSecureOperation(value: Int) -> Int {
return value * 2
}
// Get function address using type casting
typealias SecureOperationType = @convention(thin) (Int) -> Int
let secureFunc: SecureOperationType = performSecureOperation
let funcAddress = unsafeBitCast(secureFunc, to: UnsafeMutableRawPointer.self)
// Check if function has been hooked
let isMSHooked = IOSSecuritySuite.amIMSHooked(funcAddress)
if isMSHooked {
print("Function has been hooked via MSHookFunction!")
// Attempt to get original function and call it instead
if let originalFunc = IOSSecuritySuite.denyMSHook(funcAddress) {
let original = unsafeBitCast(originalFunc, to: SecureOperationType.self)
let result = original(42) // Call original, bypassing hook
print("Original function result: \(result)")
}
}
#endif
```
--------------------------------
### Detect MSHook usage
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Verify if a specific Swift function has been hooked using amIMSHooked.
```Swift
// Function declaration
func someFunction(takes: Int) -> Bool {
return false
}
// Defining FunctionType : @convention(thin) indicates a “thin” function reference, which uses the Swift calling convention with no special “self” or “context” parameters.
typealias FunctionType = @convention(thin) (Int) -> (Bool)
// Getting pointer address of function we want to verify
func getSwiftFunctionAddr(_ function: @escaping FunctionType) -> UnsafeMutableRawPointer {
return unsafeBitCast(function, to: UnsafeMutableRawPointer.self)
}
let funcAddr = getSwiftFunctionAddr(someFunction)
let amIMSHooked = IOSSecuritySuite.amIMSHooked(funcAddr)
```
--------------------------------
### Detect Jailbreak Status
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Methods to check if a device is jailbroken, including simple boolean checks and verbose reporting.
```swift
if IOSSecuritySuite.amIJailbroken() {
print("This device is jailbroken")
} else {
print("This device is not jailbroken")
}
```
```swift
let jailbreakStatus = IOSSecuritySuite.amIJailbrokenWithFailMessage()
if jailbreakStatus.jailbroken {
print("This device is jailbroken")
print("Because: \(jailbreakStatus.failMessage)")
} else {
print("This device is not jailbroken")
}
```
```swift
let jailbreakStatus = IOSSecuritySuite.amIJailbrokenWithFailedChecks()
if jailbreakStatus.jailbroken {
if (jailbreakStatus.failedChecks.contains { $0.check == .existenceOfSuspiciousFiles }) && (jailbreakStatus.failedChecks.contains { $0.check == .suspiciousFilesCanBeOpened }) {
print("This is real jailbroken device")
}
}
```
--------------------------------
### Detect watchpoints
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Use hasWatchpoint to detect if a watchpoint is active in the current process.
```Swift
// Set a breakpoint at the testWatchpoint function
func testWatchpoint() -> Bool{
// lldb: watchpoint set expression ptr
var ptr = malloc(9)
// lldb: watchpoint set variable count
var count = 3
return IOSSecuritySuite.hasWatchpoint()
}
```
--------------------------------
### Detect HTTP/HTTPS Proxy Configuration with IOSSecuritySuite
Source: https://context7.com/securing/iossecuritysuite/llms.txt
Detects if an HTTP/HTTPS proxy is configured in iOS Settings, which may indicate traffic interception attempts. This check is useful for network security.
```swift
import IOSSecuritySuite
// Check if device has proxy configured
let isProxied = IOSSecuritySuite.amIProxied()
if isProxied {
print("HTTP proxy detected - traffic may be intercepted")
// Consider:
// - Showing warning to user
// - Disabling sensitive network operations
// - Implementing certificate pinning
}
// Use in combination with other security checks
func isNetworkSecure() -> Bool {
if IOSSecuritySuite.amIProxied() {
return false
}
// Add additional network security checks
return true
}
```
--------------------------------
### Debugger Detection with Swift
Source: https://context7.com/securing/iossecuritysuite/llms.txt
Detect if a debugger is attached or proactively deny attachment. Call `denyDebugger()` early in your app's lifecycle.
```swift
import IOSSecuritySuite
// Check if currently being debugged
let isDebugged = IOSSecuritySuite.amIDebugged()
if isDebugged {
print("Debugger detected - app may be under analysis")
exit(1)
}
```
```swift
// Proactively deny debugger attachment (call early in app lifecycle)
// This uses ptrace with PT_DENY_ATTACH to prevent future debugger connections
IOSSecuritySuite.denyDebugger()
```
```swift
// Check if app was launched by something other than LaunchD
// LaunchD has pid 1; any other parent indicates potential debugger launch
let unexpectedParent = IOSSecuritySuite.isParentPidUnexpected()
if unexpectedParent {
print("App was not launched by LaunchD - possible debugger")
}
```
--------------------------------
### Deny Symbol Hooking (arm64)
Source: https://context7.com/securing/iossecuritysuite/llms.txt
Rebinds symbols hooked by fishhook to restore original function implementations. Call early in app startup to prevent interception of security-sensitive functions like NSLog, abort, and dlsym.
```swift
#if arch(arm64)
import IOSSecuritySuite
import MachO
// Deny fishhook on common security-sensitive symbols
// This should be called early in app startup
// Rebind NSLog to prevent logging interception
IOSSecuritySuite.denySymbolHook("$s10Foundation5NSLogyySS_s7CVarArg_pdtF")
// Rebind abort to prevent bypass
IOSSecuritySuite.denySymbolHook("abort")
// Rebind dlsym to prevent dynamic symbol resolution hooks
IOSSecuritySuite.denySymbolHook("dlsym")
// For more targeted protection, rebind symbol at specific image
for i in 0..<_dyld_image_count() {
if let imageName = _dyld_get_image_name(i) {
let name = String(cString: imageName)
if name.contains("IOSSecuritySuite"), let image = _dyld_get_image_header(i) {
IOSSecuritySuite.denySymbolHook(
"dlsym",
at: image,
imageSlide: _dyld_get_image_vmaddr_slide(i)
)
break
}
}
}
#endif
```
--------------------------------
### Detect Lockdown Mode
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Check if the device is currently in Lockdown Mode.
```swift
let amIInLockdownMode: Bool = IOSSecuritySuite.amIInLockdownMode()
```
--------------------------------
### Deny symbol hooks in Swift
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Use denySymbolHook to prevent hooking of specific functions by passing their mangled names.
```Swift
// If we want to deny symbol hook of Swift function, we have to pass mangled name of that function
denySymbolHook("$s10Foundation5NSLogyySS_s7CVarArg_pdtF") // denying hooking for the NSLog function
NSLog("Hello Symbol Hook")
denySymbolHook("abort")
abort()
```
--------------------------------
### Deny MSHook for functions
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Use denyMSHook to prevent MSHook from intercepting a function and optionally call the original implementation.
```Swift
// Function declaration
func denyDebugger(value: Int) {
}
// Defining FunctionType : @convention(thin) indicates a “thin” function reference, which uses the Swift calling convention with no special “self” or “context” parameters.
typealias FunctionType = @convention(thin) (Int)->()
// Getting original function address
let funcDenyDebugger: FunctionType = denyDebugger
let funcAddr = unsafeBitCast(funcDenyDebugger, to: UnsafeMutableRawPointer.self)
if let originalDenyDebugger = denyMSHook(funcAddr) {
// Call the original function with 1337 as Int argument
unsafeBitCast(originalDenyDebugger, to: FunctionType.self)(1337)
} else {
denyDebugger()
}
```
--------------------------------
### Detect breakpoints
Source: https://github.com/securing/iossecuritysuite/blob/master/README.md
Check if a breakpoint is set at a specific function address using hasBreakpointAt.
```Swift
func denyDebugger() {
// Set breakpoint here
}
typealias FunctionType = @convention(thin) ()->()
let func_denyDebugger: FunctionType = denyDebugger // `: FunctionType` is a must
let func_addr = unsafeBitCast(func_denyDebugger, to: UnsafeMutableRawPointer.self)
let hasBreakpoint = IOSSecuritySuite.hasBreakpointAt(func_addr, functionSize: nil)
if hasBreakpoint {
print("Breakpoint found in the specified function")
} else {
print("Breakpoint not found in the specified function")
}
```
--------------------------------
### Detect Lockdown Mode on iOS 16+
Source: https://context7.com/securing/iossecuritysuite/llms.txt
Detects if the device has Lockdown Mode enabled, which is Apple's extreme protection feature for high-risk users. This check is available on iOS 16 and later.
```swift
import IOSSecuritySuite
// Check if Lockdown Mode is enabled (iOS 16+)
if #available(iOS 16, *) {
let isLockdownMode = IOSSecuritySuite.amIInLockdownMode()
if isLockdownMode {
print("Device is in Lockdown Mode - enhanced security active")
// Adjust app behavior for restricted environment
// Some features may be limited in Lockdown Mode
}
}
```
=== COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.