Ways an iOS app can exit?

PostPosted: Tue Jan 10, 2017 11:44 pm
by eltong
As a challenge, I'm trying to bypass Jailbreak detection on an app. In this particular case, it's not just a matter of hooking on an objective-C selector, but there are other tricks the app is using to detect the jailbreak.

As of right now, I'm having a hard time finding the point (and time) where the app exits (which will happen after the detection).

I've tried breaking on exit with lldb (also separately tried to hook on exit, which never gets called), but breakpoints are never reached.

Currently, I'm using debugserver and connecting with lldb to my iPhone. I'm not really aware of any way to find out where the execution stops, so I'd appreciate any help.

PostPosted: Fri Jan 13, 2017 6:34 pm
by eltong
So I thought I'd give a minor update.

It seems like SVC 0x80 does the trick :). The app likes to make use of the SVC 0x80 instruction to cheat a little bit, not just to exit, but also call other functions like access, etc.