Attempted automation to detect root and jailbreak detection in mobile applications.

Detect common detection strings like “jailbroken” and “rooted” as well as a few others. The script leverages radare2 and GNU strings to attempt to quickly identify if that application is going to give you a hard time.

jrd --help

The script does not extract the IPA or APK, It assums you know how to do that ;) .

usage: jrd [-h] (--dex DEX | --ios IOS)

[+] root & jailbreak detection

optional arguments:
  -h, --help  show this help message and exit
  --dex DEX   path to android dex file
  --ios IOS   path to extracted payload binary

Once you have an extracted app, then run the script with the relevant option, for example;

jrd --ios ./Documents/IPAs/Discord/Payload/Discord.app/Discord

Then the script will atempt to find hard-coded well known detection strings, frist with radare2 and then falls back to GNU strings.

[+] searching

[+] detection strings found: 

/Applications/Cydia.app
/bin/sh
/bin/bash
jailbroken
0x100d1be97 11 10 jailbroken
0x100d1c0dc 13 12 isJailbroken
0x100d1c0e9 22 21 TB,R,N,V_isJailbroken
0x100ddcc6b 20 19 computeIsJailbroken
0x100ddcd0a 13 12 isJailbroken
0x100ddcd57 14 13 _isJailbroken

You can install with pip3.

pip3 install jailrootdetector

Or you can install with poetry

git clone https://gitlab.com/JxTx/jailrootdetector && \
  cd jailrootdetector && \
  poetry install && \
  poetry shell
  jrd --help

if all else fails, here is a checklist of dependencies.

• radare2
  • Use the installation documentation for this.
• r2pipe
  • This can be installed with pip3 install r2pipe
• sh
  • This can be installed with pip3 install sh
• GNU Strings
  • This should already be installed on your system, if not you should be able to install it with your package manager.