Merge branch 'securing:master' into master

IOSSecuritySuite.podspec

@@ -1,15 +1,16 @@
 Pod::Spec.new do |s|
   s.name         = "IOSSecuritySuite"
-  s.version      = "1.9.11"
+  s.version      = "2.0.2"
   s.summary      = "iOS platform security & anti-tampering Swift library"
   s.homepage     = "https://github.com/securing/IOSSecuritySuite"
-  s.license      = "bsd-2-clause"
+  s.license      = "custom EULA"
   s.author       = "Wojciech Reguła"
-  s.social_media_url = "https://twitter.com/_r3ggi"
-  s.platform     = :ios, "11.0"
+  s.social_media_url = "https://x.com/_r3ggi"
+  s.platform     = :ios, "12.0"
   s.ios.frameworks = 'UIKit', 'Foundation'
   s.source       = { :git => "https://github.com/securing/IOSSecuritySuite.git", :tag => "#{s.version}" }
   s.source_files  = "IOSSecuritySuite/*.swift"
+  s.resource_bundles = {'IOSSecuritySuitePrivacy' => ['IOSSecuritySuite/Resources/PrivacyInfo.xcprivacy']}
   s.swift_version = '5.0'
   s.requires_arc = true
   s.pod_target_xcconfig = { 'SWIFT_VERSION' => '5.0' }

IOSSecuritySuite.xcodeproj/project.pbxproj

@@ -14,6 +14,7 @@
 		706B0E34226F445F0059AEA9 /* LaunchScreen.storyboard in Resources */ = {isa = PBXBuildFile; fileRef = 706B0E32226F445F0059AEA9 /* LaunchScreen.storyboard */; };
 		706B0E39226F44830059AEA9 /* IOSSecuritySuite.framework in Frameworks */ = {isa = PBXBuildFile; fileRef = 70B0BBBC226F3A4D000CFB39 /* IOSSecuritySuite.framework */; };
 		706B0E3B226F59AA0059AEA9 /* IOSSecuritySuite.framework in CopyFiles */ = {isa = PBXBuildFile; fileRef = 70B0BBBC226F3A4D000CFB39 /* IOSSecuritySuite.framework */; settings = {ATTRIBUTES = (CodeSignOnCopy, RemoveHeadersOnCopy, ); }; };
+		70AB2CBB2BB59BA900511093 /* ModesChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 70AB2CBA2BB59BA900511093 /* ModesChecker.swift */; };
 		70B0BBC1226F3A4D000CFB39 /* IOSSecuritySuite.h in Headers */ = {isa = PBXBuildFile; fileRef = 70B0BBBF226F3A4D000CFB39 /* IOSSecuritySuite.h */; settings = {ATTRIBUTES = (Public, ); }; };
 		70B0BBC9226F3A74000CFB39 /* DebuggerChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 70B0BBC8226F3A74000CFB39 /* DebuggerChecker.swift */; };
 		70B0BBCB226F3A86000CFB39 /* JailbreakChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 70B0BBCA226F3A86000CFB39 /* JailbreakChecker.swift */; };
@@ -23,6 +24,7 @@
 		7A12583D24EFA8D40071460D /* IntegrityChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = 7A12583C24EFA8D40071460D /* IntegrityChecker.swift */; };
 		890685F829912FCF00EEC5A6 /* FailedChecks.swift in Sources */ = {isa = PBXBuildFile; fileRef = 890685F729912FCF00EEC5A6 /* FailedChecks.swift */; };
 		89FDACDF2B5ACDAD00809636 /* ViewController.swift in Sources */ = {isa = PBXBuildFile; fileRef = 89FDACDE2B5ACDAD00809636 /* ViewController.swift */; };
+		A140C7EB2BC80E9C0054A4C9 /* PrivacyInfo.xcprivacy in Resources */ = {isa = PBXBuildFile; fileRef = A140C7EA2BC80E9C0054A4C9 /* PrivacyInfo.xcprivacy */; };
 		A90FD5FE24528925007212BF /* MSHookFunctionChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = A90FD5FD24528925007212BF /* MSHookFunctionChecker.swift */; };
 		A90FD60024528A94007212BF /* FishHookChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = A90FD5FF24528A94007212BF /* FishHookChecker.swift */; };
 		A90FD60224528FD1007212BF /* RuntimeHookChecker.swift in Sources */ = {isa = PBXBuildFile; fileRef = A90FD60124528FD1007212BF /* RuntimeHookChecker.swift */; };
@@ -51,6 +53,7 @@
 		706B0E30226F445F0059AEA9 /* Assets.xcassets */ = {isa = PBXFileReference; lastKnownFileType = folder.assetcatalog; path = Assets.xcassets; sourceTree = "<group>"; };
 		706B0E33226F445F0059AEA9 /* Base */ = {isa = PBXFileReference; lastKnownFileType = file.storyboard; name = Base; path = Base.lproj/LaunchScreen.storyboard; sourceTree = "<group>"; };
 		706B0E35226F445F0059AEA9 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
+		70AB2CBA2BB59BA900511093 /* ModesChecker.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = ModesChecker.swift; sourceTree = "<group>"; };
 		70B0BBBC226F3A4D000CFB39 /* IOSSecuritySuite.framework */ = {isa = PBXFileReference; explicitFileType = wrapper.framework; includeInIndex = 0; path = IOSSecuritySuite.framework; sourceTree = BUILT_PRODUCTS_DIR; };
 		70B0BBBF226F3A4D000CFB39 /* IOSSecuritySuite.h */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.c.h; path = IOSSecuritySuite.h; sourceTree = "<group>"; };
 		70B0BBC0226F3A4D000CFB39 /* Info.plist */ = {isa = PBXFileReference; lastKnownFileType = text.plist.xml; path = Info.plist; sourceTree = "<group>"; };
@@ -63,6 +66,7 @@
 		7A12583C24EFA8D40071460D /* IntegrityChecker.swift */ = {isa = PBXFileReference; indentWidth = 2; lastKnownFileType = sourcecode.swift; path = IntegrityChecker.swift; sourceTree = "<group>"; tabWidth = 2; };
 		890685F729912FCF00EEC5A6 /* FailedChecks.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = FailedChecks.swift; sourceTree = "<group>"; };
 		89FDACDE2B5ACDAD00809636 /* ViewController.swift */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.swift; path = ViewController.swift; sourceTree = "<group>"; };
+		A140C7EA2BC80E9C0054A4C9 /* PrivacyInfo.xcprivacy */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = text.xml; name = PrivacyInfo.xcprivacy; path = Resources/PrivacyInfo.xcprivacy; sourceTree = "<group>"; };
 		A90FD5FD24528925007212BF /* MSHookFunctionChecker.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = MSHookFunctionChecker.swift; sourceTree = "<group>"; };
 		A90FD5FF24528A94007212BF /* FishHookChecker.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = FishHookChecker.swift; sourceTree = "<group>"; };
 		A90FD60124528FD1007212BF /* RuntimeHookChecker.swift */ = {isa = PBXFileReference; lastKnownFileType = sourcecode.swift; path = RuntimeHookChecker.swift; sourceTree = "<group>"; };
@@ -131,6 +135,7 @@
 				70B0BBBF226F3A4D000CFB39 /* IOSSecuritySuite.h */,
 				70B0BBC0226F3A4D000CFB39 /* Info.plist */,
 				70B0BBC8226F3A74000CFB39 /* DebuggerChecker.swift */,
+				A140C7EA2BC80E9C0054A4C9 /* PrivacyInfo.xcprivacy */,
 				70B0BBCA226F3A86000CFB39 /* JailbreakChecker.swift */,
 				890685F729912FCF00EEC5A6 /* FailedChecks.swift */,
 				70B0BBCC226F3A90000CFB39 /* EmulatorChecker.swift */,
@@ -142,6 +147,7 @@
 				A90FD60124528FD1007212BF /* RuntimeHookChecker.swift */,
 				70B8E16B257E528D00917097 /* ProxyChecker.swift */,
 				E2814AD62A4E388100AC9E54 /* FileChecker.swift */,
+				70AB2CBA2BB59BA900511093 /* ModesChecker.swift */,
 			);
 			indentWidth = 2;
 			path = IOSSecuritySuite;
@@ -266,6 +272,7 @@
 			isa = PBXResourcesBuildPhase;
 			buildActionMask = 2147483647;
 			files = (
+				A140C7EB2BC80E9C0054A4C9 /* PrivacyInfo.xcprivacy in Resources */,
 			);
 			runOnlyForDeploymentPostprocessing = 0;
 		};
@@ -317,6 +324,7 @@
 				70B0BBCF226F3AB2000CFB39 /* IOSSecuritySuite.swift in Sources */,
 				703F74E222704E0F000635D8 /* ReverseEngineeringToolsChecker.swift in Sources */,
 				A90FD60024528A94007212BF /* FishHookChecker.swift in Sources */,
+				70AB2CBB2BB59BA900511093 /* ModesChecker.swift in Sources */,
 				7A12583D24EFA8D40071460D /* IntegrityChecker.swift in Sources */,
 				70B0BBCB226F3A86000CFB39 /* JailbreakChecker.swift in Sources */,
 			);

IOSSecuritySuite/FishHookChecker.swift

@@ -587,6 +587,7 @@ private class FishHook {
                                            oldMethod: inout UnsafeMutableRawPointer?) {
     var linkeditCmd: UnsafeMutablePointer<segment_command_64>!
     var dataCmd: UnsafeMutablePointer<segment_command_64>!
+    var dataConstCmd: UnsafeMutablePointer<segment_command_64>!
     var symtabCmd: UnsafeMutablePointer<symtab_command>!
     var dynamicSymtabCmd: UnsafeMutablePointer<dysymtab_command>!
 
@@ -599,10 +600,14 @@ private class FishHook {
         let curCmdNameOffset = MemoryLayout.size(ofValue: curCmd.pointee.cmd) + MemoryLayout.size(ofValue: curCmd.pointee.cmdsize)
         let curCmdNamePointer = curCmdPointer.advanced(by: curCmdNameOffset).assumingMemoryBound(to: Int8.self)
         let curCmdName = String(cString: curCmdNamePointer)
-        if (curCmdName == SEG_LINKEDIT) {
+        switch curCmdName {
+        case SEG_LINKEDIT:
           linkeditCmd = curCmd
-        } else if (curCmdName == SEG_DATA) {
+        case SEG_DATA:
           dataCmd = curCmd
+        case "__DATA_CONST":
+          dataConstCmd = curCmd
+        default: break
         }
       } else if curCmd.pointee.cmd == LC_SYMTAB {
         symtabCmd = UnsafeMutablePointer<symtab_command>(OpaquePointer(curCmd))
@@ -613,7 +618,7 @@ private class FishHook {
       curCmdPointer += Int(curCmd.pointee.cmdsize)
     }
 
-    if linkeditCmd == nil || symtabCmd == nil || dynamicSymtabCmd == nil || dataCmd == nil {
+    if linkeditCmd == nil || symtabCmd == nil || dynamicSymtabCmd == nil || (dataCmd == nil && dataConstCmd == nil) {
       return
     }
 
@@ -626,15 +631,18 @@ private class FishHook {
       return
     }
 
-    for tmp in 0..<dataCmd.pointee.nsects {
-      let curSection = UnsafeMutableRawPointer(dataCmd).advanced(by: MemoryLayout<segment_command_64>.size + MemoryLayout<section_64>.size*Int(tmp)).assumingMemoryBound(to: section_64.self)
-
-      // symbol_pointers sections
-      if curSection.pointee.flags == S_LAZY_SYMBOL_POINTERS {
-        replaceSymbolPointerAtSection(curSection, symtab: symtab!, strtab: strtab!, indirectsym: indirectsym!, slide: slide, symbolName: symbol, newMethod: newMethod, oldMethod: &oldMethod)
-      }
-      if curSection.pointee.flags == S_NON_LAZY_SYMBOL_POINTERS {
-        replaceSymbolPointerAtSection(curSection, symtab: symtab!, strtab: strtab!, indirectsym: indirectsym!, slide: slide, symbolName: symbol, newMethod: newMethod, oldMethod: &oldMethod)
+    for segment in [dataCmd, dataConstCmd] {
+      guard let segment else { continue }
+      for tmp in 0..<segment.pointee.nsects {
+        let curSection = UnsafeMutableRawPointer(dataCmd).advanced(by: MemoryLayout<segment_command_64>.size + MemoryLayout<section_64>.size*Int(tmp)).assumingMemoryBound(to: section_64.self)
+
+        // symbol_pointers sections
+        if curSection.pointee.flags == S_LAZY_SYMBOL_POINTERS {
+          replaceSymbolPointerAtSection(curSection, symtab: symtab!, strtab: strtab!, indirectsym: indirectsym!, slide: slide, symbolName: symbol, newMethod: newMethod, oldMethod: &oldMethod)
+        }
+        if curSection.pointee.flags == S_NON_LAZY_SYMBOL_POINTERS {
+          replaceSymbolPointerAtSection(curSection, symtab: symtab!, strtab: strtab!, indirectsym: indirectsym!, slide: slide, symbolName: symbol, newMethod: newMethod, oldMethod: &oldMethod)
+        }
       }
     }
   }
@@ -665,7 +673,16 @@ private class FishHook {
 
       if String(cString: curSymbolName) == symbolName {
         oldMethod = sectionVmAddr!.advanced(by: tmp).pointee
-        sectionVmAddr!.advanced(by: tmp).initialize(to: newMethod)
+        let err = vm_protect(
+          mach_task_self_,
+          .init(bitPattern: sectionVmAddr),
+          numericCast(section.pointee.size),
+          0,
+          VM_PROT_READ | VM_PROT_WRITE | VM_PROT_COPY
+        )
+        if err == KERN_SUCCESS {
+          sectionVmAddr!.advanced(by: tmp).initialize(to: newMethod)
+        }
         break
       }
     }

IOSSecuritySuite/IOSSecuritySuite.swift

@@ -232,6 +232,18 @@ public class IOSSecuritySuite {
   public static func amIProxied() -> Bool {
     return ProxyChecker.amIProxied()
   }
+
+  /// This type method is used to determine if the iDevice has lockdown mode turned on.
+  ///
+  /// Usage example
+  /// ```swift
+  /// let amIInLockdownMode: Bool = IOSSecuritySuite.amIInLockdownMode()
+  /// ```
+  /// - Returns: Bool indicating if the device has lockdown mode turned on (true) or not (false)
+  @available(iOS 16, *)
+  public static func amIInLockdownMode() -> Bool {
+    return ModesChecker.amIInLockdownMode()
+  }
 }
 
 #if arch(arm64)

IOSSecuritySuite/ModesChecker.swift

@@ -0,0 +1,17 @@
+//
+//  ModesChecker.swift
+//  IOSSecuritySuite
+//
+//  Created by Wojciech Reguła on 28/03/2024.
+//  Copyright © 2024 wregula. All rights reserved.
+//
+
+import Foundation
+
+internal class ModesChecker {
+
+  static func amIInLockdownMode() -> Bool {
+    return UserDefaults.standard.bool(forKey: "LDMGlobalEnabled")
+  }
+
+}

IOSSecuritySuite/Resources/PrivacyInfo.xcprivacy

@@ -0,0 +1,31 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
+<plist version="1.0">
+<dict>
+	<key>NSPrivacyTrackingDomains</key>
+	<array/>
+	<key>NSPrivacyAccessedAPITypes</key>
+	<array>
+		<dict>
+			<key>NSPrivacyAccessedAPIType</key>
+			<string>NSPrivacyAccessedAPICategoryFileTimestamp</string>
+			<key>NSPrivacyAccessedAPITypeReasons</key>
+			<array>
+				<string>3B52.1</string>
+			</array>
+		</dict>
+		<dict>
+			<key>NSPrivacyAccessedAPIType</key>
+			<string>NSPrivacyAccessedAPICategoryDiskSpace</string>
+			<key>NSPrivacyAccessedAPITypeReasons</key>
+			<array>
+				<string>E174.1</string>
+			</array>
+		</dict>
+	</array>
+	<key>NSPrivacyCollectedDataTypes</key>
+	<array/>
+	<key>NSPrivacyTracking</key>
+	<false/>
+</dict>
+</plist>