Managed to get the app decrypted. Got the class-dump done. The bit below is what I'm looking for
@interface AppDriverCommon : _AVAudioSessionCategorySoloAmbient { }
(BOOL)isJailBroken;
Any ideas on the proper breakpoint using gdb? I start off by running "gdb -quiet " because I'm never able to bring up a PID to hook into it that way. As soon as the app detects the jailbreak, it removes itself from memory.
b UIApplicationMain works as it should (that's how I was able to dump the encrypted bit from memory and patch the binary with it... after figuring out that I needed to disable PIE first )
but b isJailBroken doesn't work and b -[AppDriverCommon isJailBroken] doesn't work. The app just errors out within gdb.
|
Just broke my personal record for number of consecutive days without dying!
|
|